commit Mesa.1592 for openSUSE:12.3:Update

2013-06-06 Thread h_root 
Hello community,

here is the log from the commit of package Mesa.1592 for openSUSE:12.3:Update 
checked in at 2013-06-06 13:52:15

Comparing /work/SRC/openSUSE:12.3:Update/Mesa.1592 (Old)
 and  /work/SRC/openSUSE:12.3:Update/.Mesa.1592.new (New)


Package is Mesa.1592

Changes:

--- /work/SRC/openSUSE:12.3:Update/Mesa.1592/Mesa.changes   2013-04-23 
15:35:21.0 +0200
+++ /work/SRC/openSUSE:12.3:Update/.Mesa.1592.new/Mesa.changes  2013-06-06 
13:52:17.0 +0200
@@ -1,0 +2,9 @@
+Tue May 28 13:52:21 UTC 2013 - sndir...@suse.com
+
+- u_0001_integer_overflow_in_XF86DRIOpenConnection_CVE-2013-1993.patch,
+  u_0002_integer_overflow_in_XF86DRIGetClientDriverName_CVE-2013-1993.patch
+  * fixes integer overflow in XF86DRIOpenConnection()/
+XF86DRIGetClientDriverName() [CVE-2013-1993] (bnc#821855,
+bnc#815451)
+
+---

New:

  u_0001_integer_overflow_in_XF86DRIOpenConnection_CVE-2013-1993.patch
  u_0002_integer_overflow_in_XF86DRIGetClientDriverName_CVE-2013-1993.patch



Other differences:
--
++ Mesa.spec ++
--- /var/tmp/diff_new_pack.wrYo8H/_old  2013-06-06 13:52:17.0 +0200
+++ /var/tmp/diff_new_pack.wrYo8H/_new  2013-06-06 13:52:17.0 +0200
@@ -96,6 +96,8 @@
 Patch16:u_mesa-8.0-llvmpipe-shmget.patch
 # PATCH-FIX-UPSTREAM mesa-i965-render-between-hiz-flushes.patch fdo#62141 
bnc#814947 dims...@opensuse.org -- i965: Make sure we do render between two hiz 
flushes
 Patch17:mesa-i965-render-between-hiz-flushes.patch
+Patch18:
u_0001_integer_overflow_in_XF86DRIOpenConnection_CVE-2013-1993.patch  
+Patch19:
u_0002_integer_overflow_in_XF86DRIGetClientDriverName_CVE-2013-1993.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -483,6 +485,8 @@
 %patch13 -p1
 %patch14 -p1
 %patch17 -p1
+%patch18 -p1
+%patch19 -p1
 
 %build
 

++ u_0001_integer_overflow_in_XF86DRIOpenConnection_CVE-2013-1993.patch 
++
[Mesa-dev] [PATCH:mesa 1/2] integer overflow in XF86DRIOpenConnection() 
[CVE-2013-1993 1/2]
Alan Coopersmith alan.coopersmith at oracle.com

busIdStringLength is a CARD32 and needs to be bounds checked before adding
one to it to come up with the total size to allocate, to avoid integer
overflow leading to underallocation and writing data from the network past
the end of the allocated buffer.

Reported-by: Ilja Van Sprundel ivansprundel at ioactive.com
Signed-off-by: Alan Coopersmith alan.coopersmith at oracle.com
---
 src/glx/XF86dri.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Index: mesa-8.0.4/src/glx/XF86dri.c
===
--- mesa-8.0.4.orig/src/glx/XF86dri.c
+++ mesa-8.0.4/src/glx/XF86dri.c
@@ -43,6 +43,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #include X11/extensions/Xext.h
 #include X11/extensions/extutil.h
 #include xf86dristr.h
+#include limits.h
 
 static XExtensionInfo _xf86dri_info_data;
 static XExtensionInfo *xf86dri_info = _xf86dri_info_data;
@@ -201,7 +202,11 @@ XF86DRIOpenConnection(Display * dpy, int
}
 
if (rep.length) {
-  if (!(*busIdString = (char *) Xcalloc(rep.busIdStringLength + 1, 1))) {
+  if (rep.busIdStringLength  INT_MAX)
+ *busIdString = calloc(rep.busIdStringLength + 1, 1);
+  else
+ *busIdString = NULL;
+  if (*busIdString == NULL) {
  _XEatData(dpy, ((rep.busIdStringLength + 3)  ~3));
  UnlockDisplay(dpy);
  SyncHandle();
++ 
u_0002_integer_overflow_in_XF86DRIGetClientDriverName_CVE-2013-1993.patch ++
[Mesa-dev] [PATCH:mesa 2/2] integer overflow in XF86DRIGetClientDriverName() 
[CVE-2013-1993 2/2]
Alan Coopersmith alan.coopersmith at oracle.com

clientDriverNameLength is a CARD32 and needs to be bounds checked before
adding one to it to come up with the total size to allocate, to avoid
integer overflow leading to underallocation and writing data from the
network past the end of the allocated buffer.

Reported-by: Ilja Van Sprundel ivansprundel at ioactive.com
Signed-off-by: Alan Coopersmith alan.coopersmith at oracle.com
---
 src/glx/XF86dri.c |8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

Index: mesa-8.0.4/src/glx/XF86dri.c
===
--- mesa-8.0.4.orig/src/glx/XF86dri.c
+++ mesa-8.0.4/src/glx/XF86dri.c
@@ -300,9 +300,11 @@ XF86DRIGetClientDriverName(Display * dpy
*ddxDriverPatchVersion = rep.ddxDriverPatchVersion;
 
if (rep.length) {
-  if (!
-  (*clientDriverName =
-   (char *) Xcalloc(rep.clientDriverNameLength + 1, 1))) {
+  if (rep.clientDriverNameLength  INT_MAX)
+ *clientDriverName =

commit Mesa.1592 for openSUSE:12.3:Update

2013-04-23 Thread h_root 
Hello community,

here is the log from the commit of package Mesa.1592 for openSUSE:12.3:Update 
checked in at 2013-04-23 15:35:20

Comparing /work/SRC/openSUSE:12.3:Update/Mesa.1592 (Old)
 and  /work/SRC/openSUSE:12.3:Update/.Mesa.1592.new (New)


Package is Mesa.1592, Maintainer is 

Changes:

New Changes file:

--- /dev/null   2013-04-05 00:01:41.916011506 +0200
+++ /work/SRC/openSUSE:12.3:Update/.Mesa.1592.new/Mesa.changes  2013-04-23 
15:35:21.0 +0200
@@ -0,0 +1,1803 @@
+---
+Fri Apr 12 16:55:17 UTC 2013 - dims...@opensuse.org
+
+- Add mesa-i965-render-between-hiz-flushes.patch: i965: Make sure
+  we do render between two hiz flushes (fdo#62141, bnc#814947)
+
+---
+Thu Jan 24 14:48:18 UTC 2013 - sndir...@suse.com
+
+- update to Mesa 9.0.2: a bugfix release
+ * [KMS] mesa demo spectex broken on rv280 (fdo#22576)
+ * KMS/R200: Bad shading in NWN since Mesa rewrite (fdo#26809)
+ * [bisected regression] Oglc fbo(negative.invalidParams3)
+   Segmentation fault (fdo#45877)
+ * st_glsl_to_tgsi.cpp:4006:dst_register: Assertion 
+   `index  VERT_RESULT_MAX' failed (fdo#54402)
+ * Memoryleak with glPopAttrib only on Intel GM45 (fdo#55175)
+ * glcpp accepts junk after #else/#elif/#endif tokens (fdo#56442)
+ * EGL sets error to EGL_SUCCESS when DRI driver fails to create
+   context (fdo#56706)
+ * Webgl conformance shader-with-non-reserved-words crash. (fdo#57622)
+ * r200: Culling is broken when rendering to an FBO (fdo#57842)
+ * r300g: blend sfactor=GL_DST_COLOR fails with FBOs (fdo#57984)
+ * [llvmpipe] src/gallium/auxiliary/gallivm/lp_bld_tgsi_info.c:75:analyse_src: 
Assertion `src-Index  (sizeof(ctx-imm)/sizeof((ctx-imm)[0]))' failed. 
(fdo#58545)
+ * src/glsl/tests/Makefile.am missing $(top_srcdir)/include (fdo#59383)
+
+---
+Wed Jan 23 11:55:36 UTC 2013 - sndir...@suse.com
+
+- reverted removing Libs.private/Requires.private in pkgconfig
+  files
+
+---
+Sat Jan 19 14:32:46 UTC 2013 - dmuel...@suse.com
+
+- enable llvm backend also for ARM
+
+---
+Fri Jan 18 17:04:12 UTC 2013 - rbrown...@opensuse.org
+- Add requires for Mesa to Mesa-libGL1 in baselibs.conf
+ * Mesa required for many applications in wine
+ * wine-32bit pulls through Mesa-libGL1-32bit without Mesa-32bit
+
+---
+Sat Jan  5 15:28:51 UTC 2013 - crrodrig...@opensuse.org
+
+- Remove Requires.private and Libs.private from *.pc files
+ * Both are needed only for static linking
+ * This package provides only shared libraries
+ * the rpm pkgconfig dependency generator considers Requires.private
+   a valid dependency even though there are no static libraries in the 
+   packages
+ * This cause bloat and hides broken buildRequires in other packages.
+
+---
+Fri Dec 14 11:00:21 UTC 2012 - tobias.johannes.klausm...@mni.thm.de
+
+- Remove unrecognized configure option --disable-glu
+
+---
+Mon Dec 10 13:22:01 UTC 2012 - sndir...@suse.com
+
+- Update to Version 9.0.1
+  * bug fix release
+
+---
+Tue Oct 16 18:09:16 UTC 2012 - sndir...@suse.com
+
+- improved packages descriptions 
+
+---
+Mon Oct  8 23:36:24 UTC 2012 - tobias.johannes.klausm...@mni.thm.de
+
+- Update to version 9.0:
+  Mesa 9.0 has been released.  Mesa 9.0 is a feature release.
+  The big feature is the availability of OpenGL 3.1 on some
+  supported hardware.
+  + Remove the Git Commit ID
+
+---
+Tue Sep 25 15:28:52 UTC 2012 - tobias.johannes.klausm...@mni.thm.de
+
+- Update the Mesa 9.0 Git Snapshot
+  + Add the Git CommitID to the buildscript
+  + Minor cleanup of the buildscript
+
+---
+Mon Sep 24 17:04:35 UTC 2012 - sndir...@suse.com
+
+- removed any .la file
+- moved libglapi.so from Mesa-devel to Mesa-libglapi-devel package;
+  Mesa-devel requires Mesa-libglapi-devel package anyway
+
+---
+Fri Sep 21 08:28:28 UTC 2012 - sndir...@suse.com
+
+- fixed libOSMesa packaging (only a dangling symlink has been
+  packaged) 
+
+---
+Fri Sep 21 07:08:05 UTC 2012 - co...@suse.com
+
+- fix baselibs.conf after package split
+