Hello community, here is the log from the commit of package libXxf86vm.1749 for openSUSE:12.2:Update checked in at 2013-06-19 07:33:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/libXxf86vm.1749 (Old) and /work/SRC/openSUSE:12.2:Update/.libXxf86vm.1749.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXxf86vm.1749" Changes: -------- New Changes file: --- /dev/null 2013-06-19 06:36:38.484029756 +0200 +++ /work/SRC/openSUSE:12.2:Update/.libXxf86vm.1749.new/libXxf86vm.changes 2013-06-19 07:33:56.000000000 +0200 @@ -0,0 +1,28 @@ +------------------------------------------------------------------- +Tue Jun 11 07:17:09 UTC 2013 - sndir...@suse.com + +- definition of _XEatDataWords() was still missing in patch below + +------------------------------------------------------------------- +Tue Jun 4 14:24:24 UTC 2013 - sndir...@suse.com + +- U_0001-memory-corruption-in-XF86VidModeGetGammaRamp-CVE-201.patch + * memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001] + (bnc#821663, bnc#815451) + +------------------------------------------------------------------- +Wed Apr 11 16:21:21 UTC 2012 - vu...@opensuse.org + +- Update to version 1.1.2: + + Janitorial cleanups + + Build configuration improvements + +------------------------------------------------------------------- +Sun Feb 12 02:02:16 UTC 2012 - jeng...@medozas.de + +- Provide package descriptions and update homepage URL + +------------------------------------------------------------------- +Tue Feb 7 22:17:49 UTC 2012 - jeng...@medozas.de + +- Split xorg-x11-libs into separate packages New: ---- U_0001-memory-corruption-in-XF86VidModeGetGammaRamp-CVE-201.patch baselibs.conf libXxf86vm-1.1.2.tar.bz2 libXxf86vm.changes libXxf86vm.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXxf86vm.spec ++++++ # # spec file for package libXxf86vm # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libXxf86vm %define lname libXxf86vm1 Version: 1.1.2 Release: 0 Summary: XFree86-VidMode X extension library License: MIT Group: Development/Libraries/C and C++ Url: http://xorg.freedesktop.org/ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXxf86vm #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXxf86vm/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 Patch0: U_0001-memory-corruption-in-XF86VidModeGetGammaRamp-CVE-201.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake, libtool BuildRequires: fdupes BuildRequires: pkgconfig BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) BuildRequires: pkgconfig(xextproto) BuildRequires: pkgconfig(xf86vidmodeproto) >= 2.2.99.1 BuildRequires: pkgconfig(xorg-macros) >= 1.8 BuildRequires: pkgconfig(xproto) %description These functions provide aninterface to the server extension XFree86-VidModeExtension which allows the video modes to be queried and adjusted dynamically and mode switching to be controlled. %package -n %lname Summary: XFree86-VidMode X extension library Group: System/Libraries %description -n %lname These functions provide aninterface to the server extension XFree86-VidModeExtension which allows the video modes to be queried and adjusted dynamically and mode switching to be controlled. %package devel Summary: Development files for the XFree86-VidMode X extension library Group: Development/Libraries/C and C++ Requires: %lname = %version %description devel These functions provide aninterface to the server extension XFree86-VidModeExtension which allows the video modes to be queried and adjusted dynamically and mode switching to be controlled. This package contains the development headers for the library found in %lname. %prep %setup -q %patch0 -p1 %build %configure --disable-static make %{?_smp_mflags} %install %makeinstall rm -f "%buildroot/%_libdir"/*.la %fdupes %buildroot %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files -n %lname %defattr(-,root,root) %_libdir/libXxf86vm.so.1* %files devel %defattr(-,root,root) %_includedir/X11/* %_libdir/libXxf86vm.so %_libdir/pkgconfig/xxf86vm.pc %_mandir/man3/* %changelog ++++++ U_0001-memory-corruption-in-XF86VidModeGetGammaRamp-CVE-201.patch ++++++ >From 47bb28ac0e6e49d3b6eb90c7c215f2fcf54f1a95 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Sat, 13 Apr 2013 14:33:32 -0700 Subject: [PATCH] memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001] We trusted the server not to return more data than the client said it had allocated room for, and would overflow the provided buffers if it did. Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> --- src/XF86VMode.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) Index: libXxf86vm-1.1.2/src/XF86VMode.c =================================================================== --- libXxf86vm-1.1.2.orig/src/XF86VMode.c +++ libXxf86vm-1.1.2/src/XF86VMode.c @@ -35,6 +35,7 @@ from Kaleb S. KEITHLEY. #include <X11/extensions/xf86vmode.h> #include <X11/extensions/Xext.h> #include <X11/extensions/extutil.h> +#include "eat.h" #ifdef DEBUG #include <stdio.h> @@ -1097,6 +1098,7 @@ XF86VidModeGetGammaRamp ( XExtDisplayInfo *info = find_display (dpy); xXF86VidModeGetGammaRampReq *req; xXF86VidModeGetGammaRampReply rep; + Bool result = True; XF86VidModeCheckExtension (dpy, info, False); @@ -1107,19 +1109,23 @@ XF86VidModeGetGammaRamp ( req->screen = screen; req->size = size; if (!_XReply (dpy, (xReply *) &rep, 0, xFalse)) { - UnlockDisplay (dpy); - SyncHandle (); - return False; + result = False; } - if(rep.size) { - _XRead(dpy, (char*)red, rep.size << 1); - _XRead(dpy, (char*)green, rep.size << 1); - _XRead(dpy, (char*)blue, rep.size << 1); + else if (rep.size) { + if (rep.size <= size) { + _XRead(dpy, (char*)red, rep.size << 1); + _XRead(dpy, (char*)green, rep.size << 1); + _XRead(dpy, (char*)blue, rep.size << 1); + } + else { + _XEatDataWords(dpy, rep.length); + result = False; + } } UnlockDisplay(dpy); SyncHandle(); - return True; + return result; } Bool XF86VidModeGetGammaRampSize( Index: libXxf86vm-1.1.2/src/eat.h =================================================================== --- /dev/null +++ libXxf86vm-1.1.2/src/eat.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifndef HAVE__XEATDATAWORDS +#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */ +#include <limits.h> + +static inline void _XEatDataWords(Display *dpy, unsigned long n) +{ +# ifndef LONG64 + if (n >= (ULONG_MAX >> 2)) + _XIOError(dpy); +# endif + _XEatData (dpy, n << 2); +} +#endif ++++++ baselibs.conf ++++++ libXxf86vm1 libXxf86vm-devel requires -libXxf86vm-<targettype> requires "libXxf86vm1-<targettype> = <version>" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
