Hello community, here is the log from the commit of package libXres.1745 for openSUSE:12.3:Update checked in at 2013-06-17 17:02:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/libXres.1745 (Old) and /work/SRC/openSUSE:12.3:Update/.libXres.1745.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXres.1745" Changes: -------- New Changes file: --- /dev/null 2013-06-16 12:27:10.588034505 +0200 +++ /work/SRC/openSUSE:12.3:Update/.libXres.1745.new/libXres.changes 2013-06-17 17:02:15.000000000 +0200 @@ -0,0 +1,20 @@ +------------------------------------------------------------------- +Mon Jun 3 15:13:23 UTC 2013 - sndir...@suse.com + +- U_0001-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch, + U_0002-integer-overflow-in-XResQueryClientResources-CVE-201.patch + * integer overflow in XResQueryClients(), + XResQueryClientResources() [CVE-2013-1988] + (bnc#821663, bnc#815451) + +------------------------------------------------------------------- +Wed Apr 11 15:12:22 UTC 2012 - vu...@opensuse.org + +- Update to version 1.0.6: + + Janitorial cleanups + + Build configuration improvements + +------------------------------------------------------------------- +Tue Feb 7 22:17:49 UTC 2012 - jeng...@medozas.de + +- Split xorg-x11-libs into separate packages New: ---- U_0001-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch U_0002-integer-overflow-in-XResQueryClientResources-CVE-201.patch baselibs.conf libXres-1.0.6.tar.bz2 libXres.changes libXres.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXres.spec ++++++ # # spec file for package libXres # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libXres %define lname libXRes1 Version: 1.0.6 Release: 0 Summary: X Resource extension client library License: MIT Group: Development/Libraries/C and C++ Url: http://xorg.freedesktop.org/ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXRes #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXRes/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 Patch0: U_0001-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch Patch1: U_0002-integer-overflow-in-XResQueryClientResources-CVE-201.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake, libtool BuildRequires: pkgconfig BuildRequires: pkgconfig(resourceproto) >= 1.0 BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) BuildRequires: pkgconfig(xextproto) BuildRequires: pkgconfig(xorg-macros) >= 1.8 %description libXRes provides an X Window System client interface to the Resource extension to the X protocol. The Resource extension allows for X clients to see and monitor the X resource usage of various clients (pixmaps, et al). %package -n %lname Summary: X Resource extension client library Group: System/Libraries %description -n %lname libXRes provides an X Window System client interface to the Resource extension to the X protocol. The Resource extension allows for X clients to see and monitor the X resource usage of various clients (pixmaps, et al). %package devel Summary: Development files for the X Resource extension library Group: Development/Libraries/C and C++ Requires: %lname = %version %description devel libXRes provides an X Window System client interface to the Resource extension to the X protocol. The Resource extension allows for X clients to see and monitor the X resource usage of various clients (pixmaps, et al). This package contains the development headers for the library found in %lname. %prep %setup -q %patch0 -p1 %patch1 -p1 %build %configure --disable-static make %{?_smp_mflags} %install %makeinstall rm -f "%buildroot/%_libdir"/*.la %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files -n %lname %defattr(-,root,root) %_libdir/libXRes.so.1* %files devel %defattr(-,root,root) %_includedir/X11/* %_libdir/libXRes.so %_libdir/pkgconfig/xres.pc %_mandir/man3/* %changelog ++++++ U_0001-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch ++++++ >From 3ec2db9eeb9ba8fb561802b0c4b8bf79e321b7a2 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Fri, 12 Apr 2013 23:36:13 -0700 Subject: [PATCH] integer overflow in XResQueryClients() [CVE-2013-1988 1/2] The CARD32 rep.num_clients needs to be bounds checked before multiplying by sizeof(XResClient) to avoid integer overflow leading to underallocation and writing data from the network past the end of the allocated buffer. Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> --- src/XRes.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: libXres-1.0.6/src/XRes.c =================================================================== --- libXres-1.0.6.orig/src/XRes.c +++ libXres-1.0.6/src/XRes.c @@ -6,6 +6,7 @@ #include <config.h> #endif #include <stdlib.h> +#include <limits.h> #include <X11/Xlibint.h> #include <X11/Xutil.h> #include <X11/extensions/Xext.h> @@ -118,7 +119,12 @@ Status XResQueryClients ( } if(rep.num_clients) { - if((clnts = Xmalloc(sizeof(XResClient) * rep.num_clients))) { + if (rep.num_clients < (INT_MAX / sizeof(XResClient))) + clnts = Xmalloc(sizeof(XResClient) * rep.num_clients); + else + clnts = NULL; + + if (clnts != NULL) { xXResClient scratch; int i; ++++++ U_0002-integer-overflow-in-XResQueryClientResources-CVE-201.patch ++++++ >From ad156a716a324ee60362c8ba66a5ed8c835c219b Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Fri, 12 Apr 2013 23:36:13 -0700 Subject: [PATCH] integer overflow in XResQueryClientResources() [CVE-2013-1988 2/2] The CARD32 rep.num_types needs to be bounds checked before multiplying by sizeof(XResType) to avoid integer overflow leading to underallocation and writing data from the network past the end of the allocated buffer. Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> --- src/XRes.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: libXres-1.0.6/src/XRes.c =================================================================== --- libXres-1.0.6.orig/src/XRes.c +++ libXres-1.0.6/src/XRes.c @@ -175,7 +175,12 @@ Status XResQueryClientResources ( } if(rep.num_types) { - if((typs = Xmalloc(sizeof(XResType) * rep.num_types))) { + if (rep.num_types < (INT_MAX / sizeof(XResType))) + typs = Xmalloc(sizeof(XResType) * rep.num_types); + else + typs = NULL; + + if (typs != NULL) { xXResType scratch; int i; ++++++ baselibs.conf ++++++ libXRes1 libXres-devel requires -libXres-<targettype> requires "libXRes1-<targettype> = <version>" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org