From ce150d74aad2df857dd5ee3b6982f8ea54b6da39 Mon Sep 17 00:00:00 2001 From: matthieu Date: Fri, 31 May 2013 15:47:19 +0000 Subject: [PATCH] Update to libXxf86dga 1.1.4 --- lib/libXxf86dga/ChangeLog | 125 ++++++++++++++++++++++++++++++++ lib/libXxf86dga/Makefile.in | 7 +- lib/libXxf86dga/aclocal.m4 | 38 ---------- lib/libXxf86dga/configure | 70 +++++++----------- lib/libXxf86dga/configure.ac | 9 ++- lib/libXxf86dga/man/Makefile.in | 7 +- lib/libXxf86dga/src/Makefile.in | 9 +-- lib/libXxf86dga/src/XF86DGA2.c | 4 +- 8 files changed, 170 insertions(+), 99 deletions(-) diff --git a/lib/libXxf86dga/ChangeLog b/lib/libXxf86dga/ChangeLog index fd4d98bbd..efa04ec71 100644 --- a/lib/libXxf86dga/ChangeLog +++ b/lib/libXxf86dga/ChangeLog @@ -1,3 +1,128 @@ +commit 0f2e21d7e8310cf7bc02bba56884be0e52c061ae +Author: Alan Coopersmith +Date: Thu May 30 18:36:19 2013 -0700 + + libXxf86dga 1.1.4 + + Signed-off-by: Alan Coopersmith + +commit a8dc6be3213bc91dec5e25535ef4bad5a9456af0 +Author: Alan Coopersmith +Date: Sat Apr 13 12:53:49 2013 -0700 + + integer overflow in XDGAOpenFramebuffer() + + rep.length is a CARD32 and should be bounds checked before left shifting + to come up with the size to allocate and read from the network, though + since both functions take the same size, there should be no way for the + buffer to be overflowed in this case. + + Signed-off-by: Alan Coopersmith + +commit b69d6d51a82b1d1e8c68a233360acb742c879375 +Author: Alan Coopersmith +Date: Sat Apr 13 12:45:41 2013 -0700 + + buffer overflow in XDGASetMode() [CVE-2013-2000 2/2] + + When reading the name strings for the mode off the network, we never + checked to make sure the length of the name strings didn't overflow + the size of the buffer we'd allocated based on the reported rep.length + for the total reply size. + + Reported-by: Ilja Van Sprundel + Signed-off-by: Alan Coopersmith + +commit f89cf306a60facdf102696840bc05acebd7d1772 +Author: Alan Coopersmith +Date: Sat Apr 13 12:38:25 2013 -0700 + + integer overflow & underflow in XDGASetMode() [CVE-2013-1991 2/2] + + rep.length is a CARD32 and needs to be bounds checked before bit shifting + and subtracting sz_xXDGAModeInfo to come up with the total size to allocate, + to avoid integer overflow or underflow leading to underallocation and + writing data from the network past the end of the allocated buffer. + + Reported-by: Ilja Van Sprundel + Signed-off-by: Alan Coopersmith + +commit 5dcfa6a8cf2df39828da733e5945e730518c27b3 +Author: Alan Coopersmith +Date: Sat Apr 13 12:27:10 2013 -0700 + + buffer overflow in XDGAQueryModes() [CVE-2013-2000 1/2] + + When reading the name strings for the modes off the network, we never + checked to make sure the length of the individual name strings didn't + overflow the size of the buffer we'd allocated based on the reported + rep.length for the total reply size. + + Reported-by: Ilja Van Sprundel + Signed-off-by: Alan Coopersmith + +commit f4a8dd63af518640468d82948f450aad4b2b1e6a +Author: Alan Coopersmith +Date: Sat Apr 13 12:18:57 2013 -0700 + + integer overflow in XDGAQueryModes() [CVE-2013-1991 1/2] + + number is a CARD32 and needs to be bounds checked before multiplying by + sizeof(XDGAmode) to come up with the total size to allocate, to avoid + integer overflow leading to underallocation and writing data from the + network past the end of the allocated buffer. + + Reported-by: Ilja Van Sprundel + Signed-off-by: Alan Coopersmith + +commit 6fa471be7a005bde97bcb5ca5a17662ea8d32587 +Author: Alan Coopersmith +Date: Sat Apr 13 12:05:25 2013 -0700 + + Use _XEatDataWords to avoid overflow of rep.length shifting + + rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds + + Signed-off-by: Alan Coopersmith + +commit 1e454b8da70e3f125dd512baa5e66f948878f9f5 +Author: Colin Walters +Date: Wed Jan 4 17:37:06 2012 -0500 + + autogen.sh: Implement GNOME Build API + + http://people.gnome.org/~walters/docs/build-api.txt + + Signed-off-by: Adam Jackson + +commit 968295ede4d96fd40483d97bc4d25ae32d86a9fa +Author: Adam Jackson +Date: Tue Jan 15 14:28:48 2013 -0500 + + configure: Remove AM_MAINTAINER_MODE + + Signed-off-by: Adam Jackson + +commit d4f89f7f42484963575b4c7d2fa694051e111e76 +Author: Jeremy Huddleston +Date: Fri Mar 9 02:48:14 2012 -0800 + + Include for uintptr_t + + Found-by: Tinderbox + + Signed-off-by: Jeremy Huddleston + +commit 56b5a5887349e9d0e1d28da157fe6441ca691f56 +Author: Jeremy Huddleston +Date: Thu Mar 8 11:49:36 2012 -0800 + + Build fix when sizeof(off_t) > sizeof(void *) + + https://trac.macports.org/ticket/33532 + + Signed-off-by: Jeremy Huddleston + commit 3dad5d7c34c5787f0466b9ff50d7c26cd18e37bd Author: Alan Coopersmith Date: Wed Mar 7 21:34:06 2012 -0800 diff --git a/lib/libXxf86dga/Makefile.in b/lib/libXxf86dga/Makefile.in index 58a8a4490..2691dd9e0 100644 --- a/lib/libXxf86dga/Makefile.in +++ b/lib/libXxf86dga/Makefile.in @@ -224,7 +224,6 @@ LIB_MAN_SUFFIX = @LIB_MAN_SUFFIX@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MALLOC_ZERO_CFLAGS = @MALLOC_ZERO_CFLAGS@ MANIFEST_TOOL = @MANIFEST_TOOL@ @@ -320,7 +319,7 @@ all: all-recursive .SUFFIXES: am--refresh: Makefile @: -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ @@ -347,9 +346,9 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) +$(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): xxf86dga.pc: $(top_builddir)/config.status $(srcdir)/xxf86dga.pc.in diff --git a/lib/libXxf86dga/aclocal.m4 b/lib/libXxf86dga/aclocal.m4 index d0b280e85..f64a04b22 100644 --- a/lib/libXxf86dga/aclocal.m4 +++ b/lib/libXxf86dga/aclocal.m4 @@ -9344,44 +9344,6 @@ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) -# Add --enable-maintainer-mode option to configure. -*- Autoconf -*- -# From Jim Meyering - -# Copyright (C) 1996-2012 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# AM_MAINTAINER_MODE([DEFAULT-MODE]) -# ---------------------------------- -# Control maintainer-specific portions of Makefiles. -# Default is to disable them, unless 'enable' is passed literally. -# For symmetry, 'disable' may be passed as well. Anyway, the user -# can override the default with the --enable/--disable switch. -AC_DEFUN([AM_MAINTAINER_MODE], -[m4_case(m4_default([$1], [disable]), - [enable], [m4_define([am_maintainer_other], [disable])], - [disable], [m4_define([am_maintainer_other], [enable])], - [m4_define([am_maintainer_other], [enable]) - m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) -AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) - dnl maintainer-mode's default is 'disable' unless 'enable' is passed - AC_ARG_ENABLE([maintainer-mode], - [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode], - am_maintainer_other[ make rules and dependencies not useful - (and sometimes confusing) to the casual installer])], - [USE_MAINTAINER_MODE=$enableval], - [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) - AC_MSG_RESULT([$USE_MAINTAINER_MODE]) - AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) - MAINT=$MAINTAINER_MODE_TRUE - AC_SUBST([MAINT])dnl -] -) - -AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) - # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001-2012 Free Software Foundation, Inc. diff --git a/lib/libXxf86dga/configure b/lib/libXxf86dga/configure index f5e52c22d..b9d124c20 100644 --- a/lib/libXxf86dga/configure +++ b/lib/libXxf86dga/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libXxf86dga 1.1.3. +# Generated by GNU Autoconf 2.69 for libXxf86dga 1.1.4. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libXxf86dga' PACKAGE_TARNAME='libXxf86dga' -PACKAGE_VERSION='1.1.3' -PACKAGE_STRING='libXxf86dga 1.1.3' +PACKAGE_VERSION='1.1.4' +PACKAGE_STRING='libXxf86dga 1.1.4' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg' PACKAGE_URL='' @@ -713,9 +713,6 @@ build_vendor build_cpu build LIBTOOL -MAINT -MAINTAINER_MODE_FALSE -MAINTAINER_MODE_TRUE am__untar am__tar AMTAR @@ -780,7 +777,6 @@ SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking -enable_maintainer_mode enable_shared enable_static with_pic @@ -1346,7 +1342,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libXxf86dga 1.1.3 to adapt to many kinds of systems. +\`configure' configures libXxf86dga 1.1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1416,7 +1412,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libXxf86dga 1.1.3:";; + short | recursive ) echo "Configuration of libXxf86dga 1.1.4:";; esac cat <<\_ACEOF @@ -1424,9 +1420,6 @@ Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-maintainer-mode - enable make rules and dependencies not useful (and - sometimes confusing) to the casual installer --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1537,7 +1530,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libXxf86dga configure 1.1.3 +libXxf86dga configure 1.1.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1861,7 +1854,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libXxf86dga $as_me 1.1.3, which was +It was created by libXxf86dga $as_me 1.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2690,7 +2683,7 @@ fi # Define the identity of the package. PACKAGE='libXxf86dga' - VERSION='1.1.3' + VERSION='1.1.4' cat >>confdefs.h <<_ACEOF @@ -2737,29 +2730,6 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 -$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } - # Check whether --enable-maintainer-mode was given. -if test "${enable_maintainer_mode+set}" = set; then : - enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval -else - USE_MAINTAINER_MODE=no -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 -$as_echo "$USE_MAINTAINER_MODE" >&6; } - if test $USE_MAINTAINER_MODE = yes; then - MAINTAINER_MODE_TRUE= - MAINTAINER_MODE_FALSE='#' -else - MAINTAINER_MODE_TRUE='#' - MAINTAINER_MODE_FALSE= -fi - - MAINT=$MAINTAINER_MODE_TRUE - - - # Initialize libtool case `pwd` in *\ * | *\ *) @@ -17638,6 +17608,22 @@ done LIBS="$SAVE_LIBS" +# Check for _XEatDataWords function that may be patched into older Xlib release +SAVE_LIBS="$LIBS" +LIBS="$XXF86DGA_LIBS" +for ac_func in _XEatDataWords +do : + ac_fn_c_check_func "$LINENO" "_XEatDataWords" "ac_cv_func__XEatDataWords" +if test "x$ac_cv_func__XEatDataWords" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE__XEATDATAWORDS 1 +_ACEOF + +fi +done + +LIBS="$SAVE_LIBS" + ac_config_files="$ac_config_files Makefile src/Makefile man/Makefile xxf86dga.pc" cat >confcache <<\_ACEOF @@ -17765,10 +17751,6 @@ else am__EXEEXT_FALSE= fi -if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then - as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18174,7 +18156,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libXxf86dga $as_me 1.1.3, which was +This file was extended by libXxf86dga $as_me 1.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18240,7 +18222,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libXxf86dga config.status 1.1.3 +libXxf86dga config.status 1.1.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/lib/libXxf86dga/configure.ac b/lib/libXxf86dga/configure.ac index 755066c9e..7e83cb523 100644 --- a/lib/libXxf86dga/configure.ac +++ b/lib/libXxf86dga/configure.ac @@ -1,14 +1,13 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXxf86dga], [1.1.3], +AC_INIT([libXxf86dga], [1.1.4], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXxf86dga]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS(src/config.h) # Initialize Automake AM_INIT_AUTOMAKE([foreign dist-bzip2]) -AM_MAINTAINER_MODE # Initialize libtool AC_PROG_LIBTOOL @@ -29,6 +28,12 @@ LIBS="$XXF86DGA_LIBS" AC_CHECK_FUNCS([_XEatDataWords]) LIBS="$SAVE_LIBS" +# Check for _XEatDataWords function that may be patched into older Xlib release +SAVE_LIBS="$LIBS" +LIBS="$XXF86DGA_LIBS" +AC_CHECK_FUNCS([_XEatDataWords]) +LIBS="$SAVE_LIBS" + AC_CONFIG_FILES([Makefile src/Makefile man/Makefile diff --git a/lib/libXxf86dga/man/Makefile.in b/lib/libXxf86dga/man/Makefile.in index c21d03342..04a880b77 100644 --- a/lib/libXxf86dga/man/Makefile.in +++ b/lib/libXxf86dga/man/Makefile.in @@ -185,7 +185,6 @@ LIB_MAN_SUFFIX = @LIB_MAN_SUFFIX@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MALLOC_ZERO_CFLAGS = @MALLOC_ZERO_CFLAGS@ MANIFEST_TOOL = @MANIFEST_TOOL@ @@ -306,7 +305,7 @@ all: all-am .SUFFIXES: .SUFFIXES: .$(LIB_MAN_SUFFIX) .man -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ @@ -331,9 +330,9 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) +$(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): diff --git a/lib/libXxf86dga/src/Makefile.in b/lib/libXxf86dga/src/Makefile.in index 3ff8d05a6..c90ec7edb 100644 --- a/lib/libXxf86dga/src/Makefile.in +++ b/lib/libXxf86dga/src/Makefile.in @@ -203,7 +203,6 @@ LIB_MAN_SUFFIX = @LIB_MAN_SUFFIX@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ MALLOC_ZERO_CFLAGS = @MALLOC_ZERO_CFLAGS@ MANIFEST_TOOL = @MANIFEST_TOOL@ @@ -308,7 +307,7 @@ all: config.h .SUFFIXES: .SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ @@ -333,9 +332,9 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) +$(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): @@ -346,7 +345,7 @@ config.h: stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status src/config.h -$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) +$(srcdir)/config.h.in: $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ diff --git a/lib/libXxf86dga/src/XF86DGA2.c b/lib/libXxf86dga/src/XF86DGA2.c index cac9d7343..9c656e6f7 100644 --- a/lib/libXxf86dga/src/XF86DGA2.c +++ b/lib/libXxf86dga/src/XF86DGA2.c @@ -23,6 +23,7 @@ Copyright (c) 1995,1996 The XFree86 Project, Inc #include #include #include + #include #include @@ -37,7 +38,6 @@ static inline void _XEatDataWords(Display *dpy, unsigned long n) } #endif - /* If you change this, change the Bases[] array below as well */ #define MAX_HEADS 16 @@ -972,7 +972,7 @@ DGAMapPhysical( if ((pMap->fd = open(name, O_RDWR)) < 0) return False; pMap->virtual = mmap(NULL, size, PROT_READ | PROT_WRITE, - MAP_FILE | MAP_SHARED, pMap->fd, (off_t)(uintptr_t)base); + MAP_FILE | MAP_SHARED, pMap->fd, (off_t)(uintptr_t)base); if (pMap->virtual == (void *)-1) return False; mprotect(pMap->virtual, size, PROT_READ | PROT_WRITE);