Hello community, here is the log from the commit of package libXcursor for openSUSE:Factory checked in at 2017-12-11 18:54:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXcursor (Old) and /work/SRC/openSUSE:Factory/.libXcursor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXcursor" Mon Dec 11 18:54:50 2017 rev:11 rq:555663 version:1.1.15 Changes: -------- --- /work/SRC/openSUSE:Factory/libXcursor/libXcursor.changes 2017-12-03 10:08:57.328730912 +0100 +++ /work/SRC/openSUSE:Factory/.libXcursor.new/libXcursor.changes 2017-12-11 18:55:00.978810299 +0100 @@ -1,0 +2,15 @@ +Thu Dec 7 17:26:32 UTC 2017 - tobias.johannes.klausm...@mni.thm.de + +- Update to version 1.1.15: + * configure: Drop AM_MAINTAINER_MODE + * autogen.sh: Honor NOCONFIGURE=1 + * Use strdup() instead of malloc(strlen())+strcpy() + * Fix some clang integer sign/size mismatch warnings + * autogen.sh: use quoted string variables + * autogen: add default patch prefix + * autogen.sh: use exec instead of waiting for configure to finish + * Fix heap overflows when parsing malicious files. (CVE-2017-16612) + * Insufficient memory for terminating null of string in _XcursorThemeInherits +- Drop U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch + +------------------------------------------------------------------- Old: ---- U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch libXcursor-1.1.14.tar.bz2 New: ---- libXcursor-1.1.15.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXcursor.spec ++++++ --- /var/tmp/diff_new_pack.oICqLV/_old 2017-12-11 18:55:01.778772196 +0100 +++ /var/tmp/diff_new_pack.oICqLV/_new 2017-12-11 18:55:01.778772196 +0100 @@ -18,7 +18,7 @@ Name: libXcursor %define lname libXcursor1 -Version: 1.1.14 +Version: 1.1.15 Release: 0 Summary: X Window System Cursor management library License: MIT @@ -29,7 +29,6 @@ #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXcursor/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 Source1: baselibs.conf -Patch0: U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake, libtool BuildRequires: fdupes @@ -73,7 +72,6 @@ %prep %setup -q -%patch0 -p1 %build %configure --disable-static ++++++ libXcursor-1.1.14.tar.bz2 -> libXcursor-1.1.15.tar.bz2 ++++++ ++++ 40173 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/ChangeLog new/libXcursor-1.1.15/ChangeLog --- old/libXcursor-1.1.14/ChangeLog 2013-05-30 08:24:50.000000000 +0200 +++ new/libXcursor-1.1.15/ChangeLog 2017-11-28 15:25:19.000000000 +0100 @@ -1,3 +1,113 @@ +commit 4828abe494df8fb4aa00dcaa22a03446ba418d01 +Author: Matthieu Herrb <matth...@herrb.eu> +Date: Sat Nov 25 11:59:31 2017 +0100 + + libXcursor 1.1.15 + + Signed-off-by: Matthieu Herrb <matth...@herrb.eu> + +commit 4794b5dd34688158fb51a2943032569d3780c4b8 +Author: Tobias Stoeckmann <tob...@stoeckmann.org> +Date: Sat Oct 21 23:47:52 2017 +0200 + + Fix heap overflows when parsing malicious files. (CVE-2017-16612) + + It is possible to trigger heap overflows due to an integer overflow + while parsing images and a signedness issue while parsing comments. + + The integer overflow occurs because the chosen limit 0x10000 for + dimensions is too large for 32 bit systems, because each pixel takes + 4 bytes. Properly chosen values allow an overflow which in turn will + lead to less allocated memory than needed for subsequent reads. + + The signedness bug is triggered by reading the length of a comment + as unsigned int, but casting it to int when calling the function + XcursorCommentCreate. Turning length into a negative value allows the + check against XCURSOR_COMMENT_MAX_LEN to pass, and the following + addition of sizeof (XcursorComment) + 1 makes it possible to allocate + less memory than needed for subsequent reads. + + Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org> + Reviewed-by: Matthieu Herrb <matth...@herrb.eu> + +commit 75b10c972d15c036a692ef4590a81a6c54d384f6 +Author: Mihail Konev <k....@ya.ru> +Date: Thu Jan 26 13:52:49 2017 +1000 + + autogen: add default patch prefix + + Signed-off-by: Mihail Konev <k....@ya.ru> + +commit 721901fec3d829426d7c8df82a14beb11905c7a8 +Author: Emil Velikov <emil.l.veli...@gmail.com> +Date: Mon Mar 9 12:00:52 2015 +0000 + + autogen.sh: use quoted string variables + + Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent + fall-outs, when they contain space. + + Signed-off-by: Emil Velikov <emil.l.veli...@gmail.com> + Reviewed-by: Peter Hutterer <peter.hutte...@who-t.net> + Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net> + +commit 860bda4cb1f126f42cfc255c958aa3c7be17f3c6 +Author: Peter Hutterer <peter.hutte...@who-t.net> +Date: Tue Jan 24 10:32:07 2017 +1000 + + autogen.sh: use exec instead of waiting for configure to finish + + Syncs the invocation of configure with the one from the server. + + Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net> + Reviewed-by: Emil Velikov <emil.veli...@collabora.com> + +commit 897213f36baf6926daf6d192c709cf627aa5fd05 +Author: shubham shrivastav <shubham...@samsung.com> +Date: Fri Jun 5 13:36:22 2015 -0700 + + Insufficient memory for terminating null of string in _XcursorThemeInherits + + Fix does one byte of memory allocation for null termination of string. + https://bugs.freedesktop.org/show_bug.cgi?id=90857 + + Reviewed-by: Keith Packard <kei...@keithp.com> + Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> + +commit edf52212a09bd80b52dc9932b5ca19e20dfcaa2b +Author: Alan Coopersmith <alan.coopersm...@oracle.com> +Date: Sat Oct 18 10:52:49 2014 -0700 + + Fix some clang integer sign/size mismatch warnings + + Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> + +commit bbf3c582c97af3abfaf81e3ca63646d59fe6e28a +Author: Alan Coopersmith <alan.coopersm...@oracle.com> +Date: Sat Oct 18 10:24:13 2014 -0700 + + Use strdup() instead of malloc(strlen())+strcpy() + + Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> + +commit 2e6bda49d062d5064efe66a066558f7d1eec7e78 +Author: Alan Coopersmith <alan.coopersm...@oracle.com> +Date: Sat May 31 21:39:32 2014 -0700 + + autogen.sh: Honor NOCONFIGURE=1 + + See http://people.gnome.org/~walters/docs/build-api.txt + + Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> + +commit b1df53701f40959ac66c26ca2e5263bb521d0ebb +Author: Alan Coopersmith <alan.coopersm...@oracle.com> +Date: Sat May 31 21:38:41 2014 -0700 + + configure: Drop AM_MAINTAINER_MODE + + Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> + commit f92f118047ee8cea7dbbc734d476225f033ba0b7 Author: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Wed May 29 23:22:29 2013 -0700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/INSTALL new/libXcursor-1.1.15/INSTALL --- old/libXcursor-1.1.14/INSTALL 2013-05-30 08:24:50.000000000 +0200 +++ new/libXcursor-1.1.15/INSTALL 2017-11-28 15:25:19.000000000 +0100 @@ -1,11 +1,13 @@ Installation Instructions ************************* -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, -2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation, +Inc. - This file is free documentation; the Free Software Foundation gives -unlimited permission to copy, distribute and modify it. + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. Basic Installation ================== @@ -13,7 +15,11 @@ Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for -instructions specific to this package. +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses @@ -42,7 +48,7 @@ you want to change it or regenerate `configure' using a newer version of `autoconf'. -The simplest way to compile this package is: + The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. @@ -53,12 +59,22 @@ 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with - the package. + the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and - documentation. + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. - 5. You can remove the program binaries and object files from the + 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is @@ -67,8 +83,15 @@ all sorts of other programs in order to regenerate files that came with the distribution. - 6. Often, you can also type `make uninstall' to remove the installed - files again. + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. Compilers and Options ===================== @@ -93,7 +116,8 @@ own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have @@ -120,7 +144,8 @@ By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX'. +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you @@ -131,15 +156,46 @@ In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. -Optional Features -================= - Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE @@ -152,6 +208,13 @@ you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + Particular systems ================== @@ -159,10 +222,15 @@ CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: - ./configure CC="cc -Ae" + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. + HP-UX `make' updates targets which have the same time stamps as +their prerequisites, which makes it generally unusable when shipped +generated files such as `configure' are involved. Use GNU `make' +instead. + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `<wchar.h>' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended @@ -174,6 +242,16 @@ ./configure CC="cc -nodtk" + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + Specifying the System Type ========================== @@ -189,7 +267,8 @@ where SYSTEM can have one of these forms: - OS KERNEL-OS + OS + KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't @@ -277,7 +356,7 @@ `configure' can determine that directory automatically. `--prefix=DIR' - Use DIR as the installation prefix. *Note Installation Names:: + Use DIR as the installation prefix. *note Installation Names:: for more details, including other options available for fine-tuning the installation locations. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/compile new/libXcursor-1.1.15/compile --- old/libXcursor-1.1.14/compile 1970-01-01 01:00:00.000000000 +0100 +++ new/libXcursor-1.1.15/compile 2017-11-28 15:25:07.000000000 +0100 @@ -0,0 +1,347 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2012-10-14.11; # UTC + +# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Written by Tom Tromey <tro...@cygnus.com>. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to <bug-autom...@gnu.org> or send patches to +# <automake-patc...@gnu.org>. + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to <bug-autom...@gnu.org>. +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/config.h.in new/libXcursor-1.1.15/config.h.in --- old/libXcursor-1.1.14/config.h.in 2013-05-30 08:24:37.000000000 +0200 +++ new/libXcursor-1.1.15/config.h.in 2017-11-28 15:25:06.000000000 +0100 @@ -33,8 +33,7 @@ /* Define to 1 if you have Xfixes */ #undef HAVE_XFIXES -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Name of package */ @@ -70,6 +69,28 @@ /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# undef _GNU_SOURCE +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# undef _POSIX_PTHREAD_SEMANTICS +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# undef _TANDEM_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif + + /* Version number of package */ #undef VERSION @@ -81,3 +102,13 @@ /* Micro revision of libXcursor */ #undef XCURSOR_LIB_REVISION + +/* Define to 1 if on MINIX. */ +#undef _MINIX + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +#undef _POSIX_1_SOURCE + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +#undef _POSIX_SOURCE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/configure.ac new/libXcursor-1.1.15/configure.ac --- old/libXcursor-1.1.14/configure.ac 2013-05-30 08:24:28.000000000 +0200 +++ new/libXcursor-1.1.15/configure.ac 2017-11-28 15:25:01.000000000 +0100 @@ -26,14 +26,17 @@ # This is the package version number, not the shared library # version. This version number will be substituted into Xcursor.h # -AC_INIT([libXcursor], [1.1.14], +AC_INIT([libXcursor], [1.1.15], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg],[libXcursor]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h include/X11/Xcursor/Xcursor.h]) +# Set common system defines for POSIX extensions, such as _GNU_SOURCE +# Must be called before any macros that run the compiler (like AC_PROG_LIBTOOL) +# to avoid autoconf errors. +AC_USE_SYSTEM_EXTENSIONS # Initialize Automake AM_INIT_AUTOMAKE([foreign dist-bzip2]) -AM_MAINTAINER_MODE # Initialize libtool AC_PROG_LIBTOOL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/include/X11/Xcursor/Xcursor.h new/libXcursor-1.1.15/include/X11/Xcursor/Xcursor.h --- old/libXcursor-1.1.14/include/X11/Xcursor/Xcursor.h 2013-05-30 08:24:44.000000000 +0200 +++ new/libXcursor-1.1.15/include/X11/Xcursor/Xcursor.h 2017-11-28 15:25:18.000000000 +0100 @@ -76,7 +76,7 @@ #define XCURSOR_LIB_MAJOR 1 #define XCURSOR_LIB_MINOR 1 -#define XCURSOR_LIB_REVISION 14 +#define XCURSOR_LIB_REVISION 15 #define XCURSOR_LIB_VERSION ((XCURSOR_LIB_MAJOR * 10000) + \ (XCURSOR_LIB_MINOR * 100) + \ (XCURSOR_LIB_REVISION)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/missing new/libXcursor-1.1.15/missing --- old/libXcursor-1.1.14/missing 2013-05-30 08:24:38.000000000 +0200 +++ new/libXcursor-1.1.15/missing 2017-11-28 15:25:07.000000000 +0100 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2012-06-26.16; # UTC +scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify @@ -160,7 +160,7 @@ ;; autom4te*) echo "You might have modified some maintainer files that require" - echo "the 'automa4te' program to be rebuilt." + echo "the 'autom4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/src/cursor.c new/libXcursor-1.1.15/src/cursor.c --- old/libXcursor-1.1.14/src/cursor.c 2013-05-30 08:24:28.000000000 +0200 +++ new/libXcursor-1.1.15/src/cursor.c 2017-11-28 15:25:02.000000000 +0100 @@ -226,7 +226,7 @@ _XcursorHeckbertMedianCut (const XcursorImage *image, XcursorCoreCursor *core) { XImage *src_image = core->src_image, *msk_image = core->msk_image; - int npixels = image->width * image->height; + unsigned int npixels = image->width * image->height; int ncolors; int n; XcursorPixel *po, *pn, *pc; @@ -395,7 +395,7 @@ int *aPicture, *iPicture, *aP, *iP; XcursorPixel *pixel, p; int aR, iR, aA, iA; - int npixels = image->width * image->height; + unsigned int npixels = image->width * image->height; int n; int right = 1; int belowLeft = image->width - 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/src/display.c new/libXcursor-1.1.15/src/display.c --- old/libXcursor-1.1.14/src/display.c 2013-05-30 08:24:28.000000000 +0200 +++ new/libXcursor-1.1.15/src/display.c 2017-11-28 15:25:02.000000000 +0100 @@ -216,17 +216,8 @@ v = XGetDefault (dpy, "Xcursor", "theme"); if (v) { - int len; - - len = strlen (v) + 1; - - info->theme = malloc (len); - if (info->theme) - strcpy (info->theme, v); - - info->theme_from_config = malloc (len); - if (info->theme_from_config) - strcpy (info->theme_from_config, v); + info->theme = strdup (v); + info->theme_from_config = strdup (v); } /* @@ -342,10 +333,9 @@ if (theme) { - copy = malloc (strlen (theme) + 1); + copy = strdup (theme); if (!copy) return XcursorFalse; - strcpy (copy, theme); } else copy = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/src/file.c new/libXcursor-1.1.15/src/file.c --- old/libXcursor-1.1.14/src/file.c 2013-05-30 08:24:28.000000000 +0200 +++ new/libXcursor-1.1.15/src/file.c 2017-11-28 15:25:02.000000000 +0100 @@ -29,6 +29,11 @@ { XcursorImage *image; + if (width < 0 || height < 0) + return NULL; + if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE) + return NULL; + image = malloc (sizeof (XcursorImage) + width * height * sizeof (XcursorPixel)); if (!image) @@ -86,12 +91,11 @@ if (!images || !name) return; - new = malloc (strlen (name) + 1); + new = strdup (name); if (!new) return; - strcpy (new, name); if (images->name) free (images->name); images->name = new; @@ -102,7 +106,7 @@ { XcursorComment *comment; - if (length > XCURSOR_COMMENT_MAX_LEN) + if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN) return NULL; comment = malloc (sizeof (XcursorComment) + length + 1); @@ -449,7 +453,8 @@ if (!_XcursorReadUInt (file, &head.delay)) return NULL; /* sanity check data */ - if (head.width >= 0x10000 || head.height > 0x10000) + if (head.width > XCURSOR_IMAGE_MAX_SIZE || + head.height > XCURSOR_IMAGE_MAX_SIZE) return NULL; if (head.width == 0 || head.height == 0) return NULL; @@ -458,6 +463,8 @@ /* Create the image and initialize it */ image = XcursorImageCreate (head.width, head.height); + if (image == NULL) + return NULL; if (chunkHeader.version < image->version) image->version = chunkHeader.version; image->size = chunkHeader.subtype; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXcursor-1.1.14/src/library.c new/libXcursor-1.1.15/src/library.c --- old/libXcursor-1.1.14/src/library.c 2013-05-30 08:24:28.000000000 +0200 +++ new/libXcursor-1.1.15/src/library.c 2017-11-28 15:25:02.000000000 +0100 @@ -49,7 +49,7 @@ static void _XcursorAddPathElt (char *path, const char *elt, int len) { - int pathlen = strlen (path); + size_t pathlen = strlen (path); /* append / if the path doesn't currently have one */ if (path[0] == '\0' || path[pathlen - 1] != '/') @@ -180,7 +180,7 @@ if (*l != '=') continue; l++; while (*l == ' ') l++; - result = malloc (strlen (l)); + result = malloc (strlen (l) + 1); if (result) { r = result;
