Hello community,
here is the log from the commit of package libSM for openSUSE:Factory checked
in at 2018-10-22 11:02:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libSM (Old)
and /work/SRC/openSUSE:Factory/.libSM.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libSM"
Mon Oct 22 11:02:26 2018 rev:9 rq:641122 version:1.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libSM/libSM.changes 2013-09-13
14:46:56.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libSM.new/libSM.changes 2018-10-22
11:02:30.316318152 +0200
@@ -1,0 +2,14 @@
+Wed Oct 10 16:19:40 UTC 2018 - [email protected]
+
+- Update to version 1.2.3
+ * autogen: add default patch prefix
+ * autogen.sh: use quoted string variables
+ * autogen.sh: use exec instead of waiting for configure to finish
+ * Stop compiling empty sm_auth.c stub
+ * Fix callbacks signatures in libSM documentation
+ * Include unistd.h for getpid()
+ * Fix uuid_to_string(3) type
+ * Get rid of strcpy() in the HAVE_UUID_CREATE case
+ * Fixed out ouf boundary accesses.
+
+-------------------------------------------------------------------
Old:
----
libSM-1.2.2.tar.bz2
New:
----
libSM-1.2.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libSM.spec ++++++
--- /var/tmp/diff_new_pack.TjcPyB/_old 2018-10-22 11:02:31.188317398 +0200
+++ /var/tmp/diff_new_pack.TjcPyB/_new 2018-10-22 11:02:31.188317398 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libSM
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: libSM
%define lname libSM6
-Version: 1.2.2
+Version: 1.2.3
Release: 0
Summary: X Session Management library
License: MIT
@@ -28,6 +28,7 @@
#Git-Clone: git://anongit.freedesktop.org/xorg/lib/libSM
#Git-Web: http://cgit.freedesktop.org/xorg/lib/libSM/
Source:
http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2
+Source1: baselibs.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#git#BuildRequires: autoconf >= 2.60, automake, libtool
BuildRequires: pkgconfig
@@ -50,8 +51,8 @@
%package -n %lname
Summary: X Session Management library
-Group: System/Libraries
# O/P added for 12.2
+Group: System/Libraries
Provides: xorg-x11-libSM = 7.6_%version-%release
Obsoletes: xorg-x11-libSM < 7.6_%version-%release
++++++ libSM-1.2.2.tar.bz2 -> libSM-1.2.3.tar.bz2 ++++++
++++ 28954 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/ChangeLog new/libSM-1.2.3/ChangeLog
--- old/libSM-1.2.2/ChangeLog 2013-09-08 08:06:58.000000000 +0200
+++ new/libSM-1.2.3/ChangeLog 2018-10-10 17:05:13.000000000 +0200
@@ -1,3 +1,139 @@
+commit a52c79544fcd6b5e2242b9122dfaa34be07aebb2
+Author: Matthieu Herrb <[email protected]>
+Date: Sun Sep 30 11:03:41 2018 +0200
+
+ libSM 1.2.3
+
+ Signed-off-by: Matthieu Herrb <[email protected]>
+
+commit d86106f2369ecf81155decaa360f9162c0c3cd53
+Author: Tobias Stoeckmann <[email protected]>
+Date: Wed Aug 15 21:21:09 2018 +0200
+
+ Fixed out ouf boundary accesses.
+
+ Out of boundary accesses can occur while processing messages. This
+ affects clients and the session server.
+
+ Generally, the code tries to prevent out of boundary accesses. It
+ initially "skips" over the memory areas by parsing supplied lengths.
+ Then, it checks if it skipped over the memory boundary. If not, then
+ data is actually read and memory allocated, etc.
+
+ The problem is that while initially skipping over the memory,
+ subsequent lengths are already parsed, i.e. accessed. This results in
+ out of boundary reads on hostile messages.
+
+ Lengths could also overflow on 32 bit systems, leading to out of
+ boundary writes if not enough bytes have been allocated.
+
+ Authentication is handled by libICE, which is not affected, because the
+ macros for skipping already take care about memory boundaries.
+
+ Therefore, this flaw can only be used by authenticated clients or by
+ hostile servers (which could simply accept every MIT cookie). Most
+ session managers only use Unix sockets, so in many cases it takes a
+ local authenticated user.
+
+ In order to fix this, I decided to move the macros from SMlibint.h to
+ its only callers in sm_process.c, turning them into functions for much
+ easier error handling and readability.
+
+ Instead of skipping over the memory, validation happens during actual
+ read and memory allocation operations, as it's rather unlikely to
+ encounter hostile code anyway, i.e. my code has more error cleanup
+ handling in it.
+
+ Signed-off-by: Tobias Stoeckmann <[email protected]>
+ Reviewed-by: Matthieu Herrb <[email protected]>
+
+commit 75ffafb4e04661fb890a9e8088b743cb077050a6
+Author: Fab <[email protected]>
+Date: Sat Oct 7 14:23:52 2017 +0000
+
+ Fix callbacks signatures in libSM documentation
+
+ https://bugs.freedesktop.org/show_bug.cgi?id=103135
+
+ Reviewed-by: Alan Coopersmith <[email protected]>
+ Signed-off-by: Alan Coopersmith <[email protected]>
+
+commit b347e9f8ef3ae027c049741ab5c0c8dac45c9eb2
+Author: Mihail Konev <[email protected]>
+Date: Thu Jan 26 13:52:49 2017 +1000
+
+ autogen: add default patch prefix
+
+ Signed-off-by: Mihail Konev <[email protected]>
+
+commit d34f694e810d11f95cd61e4209cd6e38f70bce58
+Author: Emil Velikov <[email protected]>
+Date: Mon Mar 9 12:00:52 2015 +0000
+
+ autogen.sh: use quoted string variables
+
+ Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
+ fall-outs, when they contain space.
+
+ Signed-off-by: Emil Velikov <[email protected]>
+ Reviewed-by: Peter Hutterer <[email protected]>
+ Signed-off-by: Peter Hutterer <[email protected]>
+
+commit e27964e499f31f48782a6db7421660a230471b2c
+Author: Peter Hutterer <[email protected]>
+Date: Tue Jan 24 10:32:07 2017 +1000
+
+ autogen.sh: use exec instead of waiting for configure to finish
+
+ Syncs the invocation of configure with the one from the server.
+
+ Signed-off-by: Peter Hutterer <[email protected]>
+ Reviewed-by: Emil Velikov <[email protected]>
+
+commit b64aa0ef375f2df3ce166733fe92429ba43b6145
+Author: Matthieu Herrb <[email protected]>
+Date: Tue Oct 20 14:48:52 2015 -0400
+
+ Get rid of strcpy() in the HAVE_UUID_CREATE case
+
+ Even though this use was safe, some linkers produce a warning
+ when strcpy() is used, and this is the only use in libSM.
+
+ Reviewed-by: Alan Coopersmith <[email protected]>
+
+commit 0bf5d26d1d55029846514758f2ffd80e816bd9fb
+Author: Matthieu Herrb <[email protected]>
+Date: Tue Oct 20 14:47:50 2015 -0400
+
+ Fix uuid_to_string(3) type
+
+ It should be char *.
+
+ Reviewed-by: Adam Jackson <[email protected]>
+
+commit 29ea6247434a85934986e7d4fc60862231c5d77d
+Author: Jon TURNEY <[email protected]>
+Date: Sat Sep 13 19:38:12 2014 +0100
+
+ Include unistd.h for getpid()
+
+ Signed-off-by: Jon TURNEY <[email protected]>
+ Reviewed-by: David Macek <[email protected]>
+
+commit f2dd6934c38414bc448ee49b47604f135f5487ea
+Author: Alan Coopersmith <[email protected]>
+Date: Sat Nov 16 19:35:15 2013 -0800
+
+ Stop compiling empty sm_auth.c stub
+
+ File exists as a placeholder in case someone someday decides to add
+ additional auth methods on top of what libICE provides, but it's been
+ two decades and no one has, so stop spending time compiling & linking
+ for now.
+
+ Signed-off-by: Alan Coopersmith <[email protected]>
+ Reviewed-by: Adam Jackson <[email protected]>
+
commit 0fd7aa17da41779129a3acfdad28e07c0072a160
Author: Alan Coopersmith <[email protected]>
Date: Sat Sep 7 23:05:16 2013 -0700
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/INSTALL new/libSM-1.2.3/INSTALL
--- old/libSM-1.2.2/INSTALL 2013-09-08 08:06:58.000000000 +0200
+++ new/libSM-1.2.3/INSTALL 2018-10-10 17:05:13.000000000 +0200
@@ -1,11 +1,13 @@
Installation Instructions
*************************
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
-2006, 2007, 2008 Free Software Foundation, Inc.
+Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation,
+Inc.
- This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
Basic Installation
==================
@@ -13,7 +15,11 @@
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.
+instructions specific to this package. Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
@@ -42,7 +48,7 @@
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
-The simplest way to compile this package is:
+ The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
@@ -53,12 +59,22 @@
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
- the package.
+ the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
- documentation.
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the `make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior `make install' required
+ root privileges, verifies that the installation completed
+ correctly.
- 5. You can remove the program binaries and object files from the
+ 6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
@@ -67,8 +83,15 @@
all sorts of other programs in order to regenerate files that came
with the distribution.
- 6. Often, you can also type `make uninstall' to remove the installed
- files again.
+ 7. Often, you can also type `make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide `make
+ distcheck', which can by used by developers to test that all other
+ targets like `make install' and `make uninstall' work correctly.
+ This target is generally not run by end users.
Compilers and Options
=====================
@@ -93,7 +116,8 @@
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
+source code in the directory that `configure' is in and in `..'. This
+is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
@@ -120,7 +144,8 @@
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX'.
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
@@ -131,15 +156,46 @@
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
+you can set and what kinds of files go in them. In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'. Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated. The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the `DESTDIR' variable. For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names. The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-Optional Features
-=================
-
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
@@ -152,6 +208,13 @@
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
+ Some packages offer the ability to configure how verbose the
+execution of `make' will be. For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
Particular systems
==================
@@ -159,10 +222,15 @@
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
- ./configure CC="cc -Ae"
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+ HP-UX `make' updates targets which have the same time stamps as
+their prerequisites, which makes it generally unusable when shipped
+generated files such as `configure' are involved. Use GNU `make'
+instead.
+
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
@@ -174,6 +242,16 @@
./configure CC="cc -nodtk"
+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+ On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
Specifying the System Type
==========================
@@ -189,7 +267,8 @@
where SYSTEM can have one of these forms:
- OS KERNEL-OS
+ OS
+ KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
@@ -277,7 +356,7 @@
`configure' can determine that directory automatically.
`--prefix=DIR'
- Use DIR as the installation prefix. *Note Installation Names::
+ Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/compile new/libSM-1.2.3/compile
--- old/libSM-1.2.2/compile 2013-09-08 08:05:29.000000000 +0200
+++ new/libSM-1.2.3/compile 2018-10-10 17:05:08.000000000 +0200
@@ -3,7 +3,7 @@
scriptversion=2012-10-14.11; # UTC
-# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <[email protected]>.
#
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/config.h.in new/libSM-1.2.3/config.h.in
--- old/libSM-1.2.2/config.h.in 2013-09-08 08:05:29.000000000 +0200
+++ new/libSM-1.2.3/config.h.in 2018-10-10 17:05:07.000000000 +0200
@@ -48,8 +48,7 @@
/* Support os-specific local connections */
#undef LOCALCONN
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
- */
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Name of package */
@@ -82,9 +81,6 @@
/* Patch version of this package */
#undef PACKAGE_VERSION_PATCHLEVEL
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
@@ -96,3 +92,6 @@
/* Version number of package */
#undef VERSION
+
+/* Defined if needed to expose struct msghdr.msg_control */
+#undef _XOPEN_SOURCE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/configure.ac new/libSM-1.2.3/configure.ac
--- old/libSM-1.2.2/configure.ac 2013-09-08 08:05:20.000000000 +0200
+++ new/libSM-1.2.3/configure.ac 2018-10-10 17:05:03.000000000 +0200
@@ -1,7 +1,7 @@
# Initialize Autoconf
AC_PREREQ(2.60)
-AC_INIT([libSM], [1.2.2],
+AC_INIT([libSM], [1.2.3],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libSM])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/doc/SMlib.xml new/libSM-1.2.3/doc/SMlib.xml
--- old/libSM-1.2.2/doc/SMlib.xml 2013-09-08 08:05:20.000000000 +0200
+++ new/libSM-1.2.3/doc/SMlib.xml 2018-10-10 17:05:03.000000000 +0200
@@ -494,7 +494,7 @@
<funcprototype>
<funcdef>typedef void (*<function>SaveYourselfProc</function>)</funcdef>
<paramdef>SmcConn <parameter>smc_conn</parameter></paramdef>
- <paramdef>SmcConn <parameter>client_data</parameter></paramdef>
+ <paramdef>SmPointer <parameter>client_data</parameter></paramdef>
<paramdef>int <parameter>save_type</parameter></paramdef>
<paramdef>Bool <parameter>shutdown</parameter></paramdef>
<paramdef>int <parameter>interact_style</parameter></paramdef>
@@ -629,7 +629,7 @@
<funcprototype>
<funcdef>typedef void (*<function>SmcDieProc</function>)</funcdef>
<paramdef>SmcConn <parameter>smc_conn</parameter></paramdef>
- <paramdef>SmcConn <parameter>client_data</parameter></paramdef>
+ <paramdef>SmPointer <parameter>client_data</parameter></paramdef>
</funcprototype>
</funcsynopsis>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/missing new/libSM-1.2.3/missing
--- old/libSM-1.2.2/missing 2013-09-08 08:05:29.000000000 +0200
+++ new/libSM-1.2.3/missing 2018-10-10 17:05:08.000000000 +0200
@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2012-06-26.16; # UTC
+scriptversion=2013-10-28.13; # UTC
-# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <[email protected]>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -160,7 +160,7 @@
;;
autom4te*)
echo "You might have modified some maintainer files that require"
- echo "the 'automa4te' program to be rebuilt."
+ echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/src/Makefile.am new/libSM-1.2.3/src/Makefile.am
--- old/libSM-1.2.2/src/Makefile.am 2013-09-08 08:05:20.000000000 +0200
+++ new/libSM-1.2.3/src/Makefile.am 2018-10-10 17:05:03.000000000 +0200
@@ -17,7 +17,6 @@
libSM_la_SOURCES = \
SMlibint.h \
- sm_auth.c \
sm_client.c \
sm_error.c \
sm_genid.c \
@@ -25,6 +24,8 @@
sm_misc.c \
sm_process.c
+EXTRA_DIST = sm_auth.c
+
smincludedir=$(includedir)/X11/SM
sminclude_HEADERS=\
$(top_srcdir)/include/X11/SM/SM.h \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/src/SMlibint.h new/libSM-1.2.3/src/SMlibint.h
--- old/libSM-1.2.2/src/SMlibint.h 2013-09-08 08:05:20.000000000 +0200
+++ new/libSM-1.2.3/src/SMlibint.h 2018-10-10 17:05:03.000000000 +0200
@@ -184,80 +184,6 @@
/*
- * EXTRACT FOO
- */
-
-#define EXTRACT_ARRAY8(_pBuf, _swap, _len, _array8) \
-{ \
- EXTRACT_CARD32 (_pBuf, _swap, _len); \
- _array8 = malloc (_len + 1); \
- memcpy (_array8, _pBuf, _len); \
- _array8[_len] = '\0'; \
- _pBuf += _len + PAD64 (4 + _len); \
-}
-
-#define EXTRACT_ARRAY8_AS_STRING(_pBuf, _swap, _string) \
-{ \
- CARD32 _len; \
- EXTRACT_CARD32 (_pBuf, _swap, _len); \
- _string = malloc (_len + 1); \
- memcpy (_string, _pBuf, _len); \
- _string[_len] = '\0'; \
- _pBuf += _len + PAD64 (4 + _len); \
-}
-
-#define EXTRACT_LISTOF_PROPERTY(_pBuf, _swap, _count, _props) \
-{ \
- int _i, _j; \
- EXTRACT_CARD32 (_pBuf, _swap, _count); \
- _pBuf += 4; \
- _props = malloc (_count * sizeof (SmProp *)); \
- for (_i = 0; _i < _count; _i++) \
- { \
- _props[_i] = malloc (sizeof (SmProp)); \
- EXTRACT_ARRAY8_AS_STRING (_pBuf, _swap, _props[_i]->name); \
- EXTRACT_ARRAY8_AS_STRING (_pBuf, _swap, _props[_i]->type); \
- EXTRACT_CARD32 (_pBuf, _swap, _props[_i]->num_vals); \
- _pBuf += 4; \
- _props[_i]->vals = malloc ( \
- _props[_i]->num_vals * sizeof (SmPropValue)); \
- for (_j = 0; _j < _props[_i]->num_vals; _j++) \
- { \
- char *_temp; \
- EXTRACT_ARRAY8 (_pBuf, _swap, _props[_i]->vals[_j].length, _temp);\
- _props[_i]->vals[_j].value = (SmPointer) _temp; \
- } \
- } \
-}
-
-
-#define SKIP_ARRAY8(_pBuf, _swap) \
-{ \
- CARD32 _len; \
- EXTRACT_CARD32 (_pBuf, _swap, _len); \
- _pBuf += _len + PAD64 (4 + _len); \
-}
-
-#define SKIP_LISTOF_PROPERTY(_pBuf, _swap) \
-{ \
- CARD32 _i, _j; \
- CARD32 _count; \
- EXTRACT_CARD32 (_pBuf, _swap, _count); \
- _pBuf += 4; \
- for (_i = 0; _i < _count; _i++) \
- { \
- CARD32 _numvals; \
- SKIP_ARRAY8 (_pBuf, _swap); \
- SKIP_ARRAY8 (_pBuf, _swap); \
- EXTRACT_CARD32 (_pBuf, _swap, _numvals); \
- _pBuf += 4; \
- for (_j = 0; _j < _numvals; _j++) \
- SKIP_ARRAY8 (_pBuf, _swap);\
- } \
-}
-
-
-/*
* Client replies not processed by callbacks (we block for them).
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/src/sm_genid.c new/libSM-1.2.3/src/sm_genid.c
--- old/libSM-1.2.2/src/sm_genid.c 2013-09-08 08:05:20.000000000 +0200
+++ new/libSM-1.2.3/src/sm_genid.c 2018-10-10 17:05:03.000000000 +0200
@@ -64,6 +64,7 @@
# include <X11/Xthreads.h>
#endif
#include <stdio.h>
+#include <unistd.h>
#include <time.h>
#define Time_t time_t
@@ -107,19 +108,18 @@
{
#if defined(HAVE_UUID_CREATE)
char *id;
- char **temp;
+ char *temp;
uuid_t uuid;
uint32_t status;
+ size_t len;
uuid_create(&uuid, &status);
uuid_to_string(&uuid, &temp, &status);
- if ((id = malloc (strlen (temp) + 2)) != NULL)
- {
- id[0] = '2';
- strcpy (id+1, temp);
- }
+ len = strlen(temp) + 2;
+ if ((id = malloc(len)) != NULL)
+ snprintf(id, len, "2%s", temp);
free(temp);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/libSM-1.2.2/src/sm_process.c new/libSM-1.2.3/src/sm_process.c
--- old/libSM-1.2.2/src/sm_process.c 2013-09-08 08:05:20.000000000 +0200
+++ new/libSM-1.2.3/src/sm_process.c 2018-10-10 17:05:03.000000000 +0200
@@ -32,6 +32,7 @@
#include <config.h>
#endif
#include <X11/SM/SMlib.h>
+#include <limits.h>
#include "SMlibint.h"
@@ -53,15 +54,120 @@
return; \
}
-#define CHECK_COMPLETE_SIZE(_iceConn, _majorOp, _minorOp, _expected_len,
_actual_len, _pStart, _severity) \
- if (((unsigned long)(PADDED_BYTES64((_actual_len)) - SIZEOF (iceMsg)) >>
3) \
- != _expected_len) \
- { \
- _IceErrorBadLength (_iceConn, _majorOp, _minorOp, _severity); \
- IceDisposeCompleteMessage (iceConn, _pStart); \
- return; \
+�
+static char *
+extractArray8(char **pBuf, char *pEnd, Bool swap, int *len)
+{
+ char *p;
+ int n;
+
+ if (pEnd - *pBuf < 4)
+ return NULL;
+ EXTRACT_CARD32 (*pBuf, swap, n);
+ if (n < 0 || n > INT_MAX - 7)
+ return NULL;
+
+ if ((p = malloc (n + 1)) == NULL)
+ return NULL;
+ memcpy(p, *pBuf, n);
+ p[n] = '\0';
+
+ *pBuf += n + PAD64 (4 + n);
+ if (len != NULL)
+ *len = n;
+
+ return p;
+}
+
+�
+static SmProp **
+extractListofProperty(char *pBuf, char *pEnd, Bool swap, int *count)
+{
+ int i, j, n;
+ SmProp **props;
+
+ if (pEnd - pBuf < 4)
+ return NULL;
+ EXTRACT_CARD32 (pBuf, swap, n);
+ if (n < 0 || n > INT_MAX / sizeof (SmProp *))
+ return NULL;
+ pBuf += 4;
+
+ props = malloc (n * sizeof(SmProp *));
+ if (props == NULL)
+ return NULL;
+
+ for (i = 0; i < n; i++)
+ {
+ props[i] = calloc (1, sizeof (SmProp));
+ if (props[i] == NULL)
+ goto fail;
+ if ((props[i]->name = extractArray8 (&pBuf, pEnd, swap, NULL)) == NULL)
+ goto fail;
+ if ((props[i]->type = extractArray8 (&pBuf, pEnd, swap, NULL)) == NULL)
+ goto fail;
+
+ if (pEnd - pBuf < 4)
+ goto fail;
+ EXTRACT_CARD32 (pBuf, swap, props[i]->num_vals);
+ if (props[i]->num_vals < 0)
+ goto fail;
+ pBuf += 4;
+ props[i]->vals = calloc (props[i]->num_vals, sizeof (SmPropValue));
+ if (props[i]->vals == NULL)
+ goto fail;
+
+ for (j = 0; j < props[i]->num_vals; j++)
+ {
+ props[i]->vals[j].value = extractArray8 (&pBuf, pEnd, swap,
+ &props[i]->vals[j].length);
+ if (props[i]->vals[j].value == NULL)
+ goto fail;
+ }
+ }
+
+ *count = n;
+ return props;
+
+fail:
+ for (; i >= 0; i--)
+ {
+ if (props[i] != NULL)
+ {
+ free (props[i]->name);
+ free (props[i]->type);
+ if (props[i]->vals != NULL)
+ {
+ for (j = 0; j < props[i]->num_vals; j++)
+ free (props[i]->vals[j].value);
+ free (props[i]->vals);
+ }
+ free (props[i]);
+ }
+ }
+ free (props);
+ return NULL;
+}
+
+�
+static Bool
+validErrorMessage(char *pData, char *pEnd, int errorClass, Bool swap)
+{
+ if (errorClass == IceBadValue)
+ {
+ unsigned int length;
+
+ if (pEnd - pData < 8)
+ return False;
+
+ pData += 4;
+ EXTRACT_CARD32 (pData, swap, length);
+ if (length > pEnd - pData)
+ return False;
}
+ return True;
+}
�
void
@@ -88,7 +194,7 @@
case SM_Error:
{
iceErrorMsg *pMsg;
- char *pData;
+ char *pData, *pEnd;
CHECK_AT_LEAST_SIZE (iceConn, _SmcOpcode, opcode,
length, SIZEOF (iceErrorMsg), IceFatalToProtocol);
@@ -108,6 +214,8 @@
pMsg->offendingSequenceNum = lswapl (pMsg->offendingSequenceNum);
}
+ pEnd = pData + (length << 3) - (SIZEOF (iceErrorMsg) - SIZEOF(iceMsg));
+
if (replyWait &&
replyWait->minor_opcode_of_request == SM_RegisterClient &&
pMsg->errorClass == IceBadValue &&
@@ -125,6 +233,13 @@
*replyReadyRet = True;
}
+ else if (!validErrorMessage(pData, pEnd, pMsg->errorClass, swap))
+ {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pData);
+ return;
+ }
else
{
(*_SmcErrorHandler) (smcConn, swap,
@@ -151,14 +266,12 @@
else
{
smRegisterClientReplyMsg *pMsg;
- char *pData, *pStart;
+ char *pData, *pStart, *pEnd;
_SmcRegisterClientReply *reply =
(_SmcRegisterClientReply *) (replyWait->reply);
-#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, _SmcOpcode, opcode,
length, SIZEOF (smRegisterClientReplyMsg), IceFatalToProtocol);
-#endif
IceReadCompleteMessage (iceConn, SIZEOF (smRegisterClientReplyMsg),
smRegisterClientReplyMsg, pMsg, pStart);
@@ -170,16 +283,16 @@
}
pData = pStart;
+ pEnd = pStart + (length << 3) -
+ (SIZEOF (smRegisterClientReplyMsg) - SIZEOF (iceMsg));
- SKIP_ARRAY8 (pData, swap); /* client id */
-
- CHECK_COMPLETE_SIZE (iceConn, _SmcOpcode, opcode,
- length, pData - pStart + SIZEOF (smRegisterClientReplyMsg),
- pStart, IceFatalToProtocol);
-
- pData = pStart;
-
- EXTRACT_ARRAY8_AS_STRING (pData, swap, reply->client_id);
+ reply->client_id = extractArray8(&pData, pEnd, swap, NULL);
+ if (reply->client_id == NULL) {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
reply->status = 1;
*replyReadyRet = True;
@@ -357,15 +470,13 @@
else
{
smPropertiesReplyMsg *pMsg;
- char *pData, *pStart;
- int numProps;
+ char *pStart, *pEnd;
+ int numProps = 0;
SmProp **props = NULL;
_SmcPropReplyWait *next;
-#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, _SmcOpcode, opcode,
length, SIZEOF (smPropertiesReplyMsg), IceFatalToProtocol);
-#endif
IceReadCompleteMessage (iceConn, SIZEOF (smPropertiesReplyMsg),
smPropertiesReplyMsg, pMsg, pStart);
@@ -376,17 +487,17 @@
return;
}
- pData = pStart;
-
- SKIP_LISTOF_PROPERTY (pData, swap);
+ pEnd = pStart + (length << 3) -
+ (SIZEOF (smPropertiesReplyMsg) - SIZEOF (iceMsg));
- CHECK_COMPLETE_SIZE (iceConn, _SmcOpcode, opcode,
- length, pData - pStart + SIZEOF (smPropertiesReplyMsg),
- pStart, IceFatalToProtocol);
-
- pData = pStart;
-
- EXTRACT_LISTOF_PROPERTY (pData, swap, numProps, props);
+ props = extractListofProperty(pStart, pEnd, swap, &numProps);
+ if (props == NULL)
+ {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
next = smcConn->prop_reply_waits->next;
@@ -432,7 +543,7 @@
case SM_Error:
{
iceErrorMsg *pMsg;
- char *pData;
+ char *pData, *pEnd;
CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode,
length, SIZEOF (iceErrorMsg), IceFatalToProtocol);
@@ -452,6 +563,16 @@
pMsg->offendingSequenceNum = lswapl (pMsg->offendingSequenceNum);
}
+ pEnd = pData + (length << 3) - (SIZEOF (iceErrorMsg) - SIZEOF (iceMsg));
+
+ if (!validErrorMessage(pData, pEnd, pMsg->errorClass, swap))
+ {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pData);
+ return;
+ }
+
(*_SmsErrorHandler) (smsConn, swap,
pMsg->offendingMinorOpcode,
pMsg->offendingSequenceNum,
@@ -465,14 +586,12 @@
case SM_RegisterClient:
{
smRegisterClientMsg *pMsg;
- char *pData, *pStart;
+ char *pData, *pStart, *pEnd;
char *previousId;
int idLen;
-#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode,
length, SIZEOF (smRegisterClientMsg), IceFatalToProtocol);
-#endif
IceReadCompleteMessage (iceConn, SIZEOF (smRegisterClientMsg),
smRegisterClientMsg, pMsg, pStart);
@@ -484,16 +603,17 @@
}
pData = pStart;
+ pEnd = pStart + (length << 3) -
+ (SIZEOF (smRegisterClientMsg) - SIZEOF (iceMsg));
- SKIP_ARRAY8 (pData, swap); /* previous id */
-
- CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode,
- length, pData - pStart + SIZEOF (smRegisterClientMsg),
- pStart, IceFatalToProtocol);
-
- pData = pStart;
-
- EXTRACT_ARRAY8 (pData, swap, idLen, previousId);
+ previousId = extractArray8(&pData, pEnd, swap, &idLen);
+ if (previousId == NULL)
+ {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
if (*previousId == '\0')
{
@@ -720,14 +840,12 @@
case SM_CloseConnection:
{
smCloseConnectionMsg *pMsg;
- char *pData, *pStart;
+ char *pData, *pStart, *pEnd;
int count, i;
char **reasonMsgs = NULL;
-#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode,
- length, SIZEOF (smCloseConnectionMsg), IceFatalToProtocol);
-#endif
+ length, SIZEOF (smCloseConnectionMsg) + 8, IceFatalToProtocol);
IceReadCompleteMessage (iceConn, SIZEOF (smCloseConnectionMsg),
smCloseConnectionMsg, pMsg, pStart);
@@ -739,22 +857,35 @@
}
pData = pStart;
+ pEnd = pStart + (length << 3) -
+ (SIZEOF (smCloseConnectionMsg) - SIZEOF (iceMsg));
EXTRACT_CARD32 (pData, swap, count);
pData += 4;
- for (i = 0; i < count; i++)
- SKIP_ARRAY8 (pData, swap);
-
- CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode,
- length, pData - pStart + SIZEOF (smCloseConnectionMsg),
- pStart, IceFatalToProtocol);
-
- pData = pStart + 8;
+ if (count < 0 || count > INT_MAX / sizeof (char *) ||
+ (reasonMsgs = malloc (count * sizeof (char *))) == NULL)
+ {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
- reasonMsgs = malloc (count * sizeof (char *));
for (i = 0; i < count; i++)
- EXTRACT_ARRAY8_AS_STRING (pData, swap, reasonMsgs[i]);
+ {
+ reasonMsgs[i] = extractArray8(&pData, pEnd, swap, NULL);
+ if (reasonMsgs[i] == NULL)
+ break;
+ }
+ if (i != count) {
+ while (i-- > 0)
+ free (reasonMsgs[i]);
+ free (reasonMsgs);
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
IceDisposeCompleteMessage (iceConn, pStart);
@@ -767,14 +898,12 @@
case SM_SetProperties:
{
smSetPropertiesMsg *pMsg;
- char *pData, *pStart;
+ char *pStart, *pEnd;
SmProp **props = NULL;
- int numProps;
+ int numProps = 0;
-#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode,
length, SIZEOF (smSetPropertiesMsg), IceFatalToProtocol);
-#endif
IceReadCompleteMessage (iceConn, SIZEOF (smSetPropertiesMsg),
smSetPropertiesMsg, pMsg, pStart);
@@ -785,17 +914,17 @@
return;
}
- pData = pStart;
-
- SKIP_LISTOF_PROPERTY (pData, swap);
-
- CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode,
- length, pData - pStart + SIZEOF (smSetPropertiesMsg),
- pStart, IceFatalToProtocol);
+ pEnd = pStart + (length << 3) -
+ (SIZEOF (smSetPropertiesMsg) - SIZEOF (iceMsg));
- pData = pStart;
-
- EXTRACT_LISTOF_PROPERTY (pData, swap, numProps, props);
+ props = extractListofProperty(pStart, pEnd, swap, &numProps);
+ if (props == NULL)
+ {
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
(*smsConn->callbacks.set_properties.callback) (smsConn,
smsConn->callbacks.set_properties.manager_data, numProps, props);
@@ -807,14 +936,12 @@
case SM_DeleteProperties:
{
smDeletePropertiesMsg *pMsg;
- char *pData, *pStart;
+ char *pData, *pStart, *pEnd;
int count, i;
char **propNames = NULL;
-#if 0 /* No-op */
CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode,
- length, SIZEOF (smDeletePropertiesMsg), IceFatalToProtocol);
-#endif
+ length, SIZEOF (smDeletePropertiesMsg) + 8, IceFatalToProtocol);
IceReadCompleteMessage (iceConn, SIZEOF (smDeletePropertiesMsg),
smDeletePropertiesMsg, pMsg, pStart);
@@ -826,22 +953,35 @@
}
pData = pStart;
+ pEnd = pStart + (length << 3) -
+ (SIZEOF (smDeletePropertiesMsg) - SIZEOF (iceMsg));
EXTRACT_CARD32 (pData, swap, count);
pData += 4;
- for (i = 0; i < count; i++)
- SKIP_ARRAY8 (pData, swap); /* prop names */
-
- CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode,
- length, pData - pStart + SIZEOF (smDeletePropertiesMsg),
- pStart, IceFatalToProtocol);
-
- pData = pStart + 8;
+ if (count < 0 || count > INT_MAX / sizeof (char *) ||
+ (propNames = malloc (count * sizeof (char *))) == NULL)
+ {
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
- propNames = malloc (count * sizeof (char *));
for (i = 0; i < count; i++)
- EXTRACT_ARRAY8_AS_STRING (pData, swap, propNames[i]);
+ {
+ propNames[i] = extractArray8(&pData, pEnd, swap, NULL);
+ if (propNames[i] == NULL)
+ break;
+ }
+ if (i != count)
+ {
+ while (i-- > 0)
+ free (propNames[i]);
+ free (propNames);
+ _IceErrorBadLength (iceConn, _SmcOpcode, opcode,
+ IceFatalToProtocol);
+ IceDisposeCompleteMessage (iceConn, pStart);
+ return;
+ }
IceDisposeCompleteMessage (iceConn, pStart);
