mesa: Changes to 'ubuntu-precise'
debian/changelog | 10 ++++++++++
debian/patches/50-CVE-2012-2864.patch | 33 +++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 44 insertions(+)
New commits:
commit 964862dcd1f203ad804561ba2c2636fdfaffe89a
Author: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Date: Wed Jan 9 12:39:24 2013 +0100
SECURITY UPDATE: samplers array overflow (LP: #1046933)
* SECURITY UPDATE: samplers array overflow (LP: #1046933)
- debian/patches/50-CVE-2012-2864.patch: ensure that more than
MAX_SAMPLERS are not used
- CVE-2012-2864
diff --git a/debian/changelog b/debian/changelog
index 2c9fe92..b63838c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+mesa (8.0.4-0ubuntu0.2) precise-security; urgency=low
+
+ [ Steve Beattie ]
+ * SECURITY UPDATE: samplers array overflow (LP: #1046933)
+ - debian/patches/50-CVE-2012-2864.patch: ensure that more than
+ MAX_SAMPLERS are not used
+ - CVE-2012-2864
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 19 Oct 2012 09:04:04 -0400
+
mesa (8.0.4-0ubuntu0.1) precise-proposed; urgency=low
* New upstream stable release. (LP: #1019444)
diff --git a/debian/patches/50-CVE-2012-2864.patch b/debian/patches/50-CVE-2012-2864.patch
new file mode 100644
index 0000000..5fc3999
--- /dev/null
+++ b/debian/patches/50-CVE-2012-2864.patch
@@ -0,0 +1,33 @@
+Origin: http://cgit.freedesktop.org/mesa/mesa/commit/src/glsl/link_uniforms.cpp?id=ff996cafce511dd8a6c4e066e409c23e147a670c
+From ff996cafce511dd8a6c4e066e409c23e147a670c Mon Sep 17 00:00:00 2001
+From: Stéphane Marchesin <marcheu@chromium.org>
+Date: Wed, 15 Aug 2012 00:15:54 +0000
+Subject: glsl/linker: Avoid buffer over-run in parcel_out_uniform_storage::visit_field
+
+When too may uniforms are used, the error will be caught in
+check_resources (src/glsl/linker.cpp).
+
+NOTE: This is a candidate for the 8.0 branch.
+
+Signed-off-by: Stéphane Marchesin <marcheu@chromium.org>
+Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
+Tested-by: Benoit Jacob <bjacob@mozilla.com>
+
+CVE-2012-2864
+
+---
+(limited to 'src/glsl/link_uniforms.cpp')
+
+Index: mesa-8.0.4/src/glsl/link_uniforms.cpp
+===================================================================
+--- mesa-8.0.4.orig/src/glsl/link_uniforms.cpp 2012-10-19 09:02:52.998649667 -0400
++++ mesa-8.0.4/src/glsl/link_uniforms.cpp 2012-10-19 09:03:55.490649071 -0400
+@@ -275,7 +275,7 @@
+ const gl_texture_index target = base_type->sampler_index();
+ const unsigned shadow = base_type->sampler_shadow;
+ for (unsigned i = this->uniforms[id].sampler
+- ; i < this->next_sampler
++ ; i < MIN2(this->next_sampler, MAX_SAMPLERS)
+ ; i++) {
+ this->targets[i] = target;
+ this->shader_samplers_used |= 1U << i;
diff --git a/debian/patches/series b/debian/patches/series
index 593506e..9f3e365 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
117_nullptr_check_in_query_version.patch
118_glsl_initialize_samplers.patch
119_reduce_wm_thread_count_on_ivb_gt1.diff
+50-CVE-2012-2864.patch
Reply to: