libxcursor: Changes to 'debian-unstable'
ChangeLog | 45 +++++++++++++++++++++++++++++++++++++++++
configure.ac | 2 -
debian/changelog | 18 ++++++++++++++++
debian/compat | 2 -
debian/control | 2 +
debian/libxcursor-dev.install | 2 -
debian/libxcursor-dev.manpages | 1
debian/rules | 14 ++++--------
src/Makefile.am | 2 -
src/file.c | 2 -
10 files changed, 75 insertions(+), 15 deletions(-)
New commits:
commit 11b42153c7a6a7937bc425ecf50906e2434d8a73
Author: Julien Cristau <jcristau@debian.org>
Date: Sun Jun 23 19:55:55 2013 +0200
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index 02bc4b4..24d4208 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
+libxcursor (1:1.1.14-1) unstable; urgency=low
* New upstream release.
* Bump debhelper compat level to 7.
@@ -7,7 +7,7 @@ libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
* Disable silent rules.
* Use dpkg-buildflags.
- -- Julien Cristau <jcristau@debian.org> Sun, 16 Jun 2013 22:13:00 +0200
+ -- Julien Cristau <jcristau@debian.org> Sun, 23 Jun 2013 19:55:42 +0200
libxcursor (1:1.1.13-1+deb7u1) wheezy-security; urgency=high
commit 1d9242a3ef5bbbb3eb9c2d4576e9714e40a85b47
Author: Julien Cristau <jcristau@debian.org>
Date: Thu Jun 20 22:52:16 2013 +0200
Use dpkg-buildflags.
diff --git a/debian/changelog b/debian/changelog
index 1fb9728..02bc4b4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
* Simplify installing the manpage. No need to go through dh_installmanpages
when dh_install does the job.
* Disable silent rules.
+ * Use dpkg-buildflags.
-- Julien Cristau <jcristau@debian.org> Sun, 16 Jun 2013 22:13:00 +0200
diff --git a/debian/control b/debian/control
index 4c9fc60..e37d032 100644
--- a/debian/control
+++ b/debian/control
@@ -5,6 +5,8 @@ Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Uploaders: Drew Parsons <dparsons@debian.org>, Cyril Brulebois <kibi@debian.org>
Build-Depends:
debhelper (>= 8.1.3),
+# dpkg-buildflags --export=configure
+ dpkg-dev (>= 1.16.1),
x11proto-core-dev (>= 6.2.1+cvs.20050722),
libx11-dev (>= 2:1.3.3-2),
libxrender-dev (>= 1:0.9.5-2),
diff --git a/debian/rules b/debian/rules
index 004e9e1..c19108f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -12,12 +12,6 @@ PACKAGE = libxcursor1
include debian/xsfbs/xsfbs.mk
-CFLAGS = -Wall -g
-ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
MAKEFLAGS += -j$(NUMJOBS)
@@ -32,6 +26,7 @@ ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
else
confflags += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
endif
+confflags += $(shell DEB_CFLAGS_MAINT_APPEND=-Wall dpkg-buildflags --export=configure)
build: build-indep build-arch
build-indep:
@@ -46,9 +41,9 @@ build-stamp: $(STAMP_DIR)/patch
../configure --prefix=/usr --mandir=\$${prefix}/share/man \
--with-cursorpath=~/.icons:\$${datadir}/icons:/usr/share/pixmaps \
--libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \
- --infodir=\$${prefix}/share/info $(confflags) \
+ --infodir=\$${prefix}/share/info \
--disable-silent-rules \
- CFLAGS="$(CFLAGS)"
+ $(confflags)
cd build && $(MAKE)
>$@
commit 0a1ac13f3382541342621ae5c8ffae0a674115bf
Author: Julien Cristau <jcristau@debian.org>
Date: Thu Jun 20 22:50:26 2013 +0200
Disable silent rules.
diff --git a/debian/changelog b/debian/changelog
index 2eafccc..1fb9728 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
* Bump debhelper compat level to 7.
* Simplify installing the manpage. No need to go through dh_installmanpages
when dh_install does the job.
+ * Disable silent rules.
-- Julien Cristau <jcristau@debian.org> Sun, 16 Jun 2013 22:13:00 +0200
diff --git a/debian/rules b/debian/rules
index 9eea364..004e9e1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -47,6 +47,7 @@ build-stamp: $(STAMP_DIR)/patch
--with-cursorpath=~/.icons:\$${datadir}/icons:/usr/share/pixmaps \
--libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \
--infodir=\$${prefix}/share/info $(confflags) \
+ --disable-silent-rules \
CFLAGS="$(CFLAGS)"
cd build && $(MAKE)
>$@
commit 9264148d4dd74b86ba137dca04145a505f1f5f2d
Author: Julien Cristau <jcristau@debian.org>
Date: Sun Jun 16 22:22:41 2013 +0200
Simplify installing the manpage.
No need to go through dh_installmanpages when dh_install does the job.
diff --git a/debian/changelog b/debian/changelog
index 72a7854..2eafccc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
* New upstream release.
* Bump debhelper compat level to 7.
+ * Simplify installing the manpage. No need to go through dh_installmanpages
+ when dh_install does the job.
-- Julien Cristau <jcristau@debian.org> Sun, 16 Jun 2013 22:13:00 +0200
diff --git a/debian/libxcursor-dev.install b/debian/libxcursor-dev.install
index f6970b3..e8a5cef 100644
--- a/debian/libxcursor-dev.install
+++ b/debian/libxcursor-dev.install
@@ -2,4 +2,4 @@ usr/include/X11/Xcursor/Xcursor.h
usr/lib/*/libXcursor.a
usr/lib/*/libXcursor.so
usr/lib/*/pkgconfig/*.pc
-
+usr/share/man
diff --git a/debian/libxcursor-dev.manpages b/debian/libxcursor-dev.manpages
deleted file mode 100644
index 7c72677..0000000
--- a/debian/libxcursor-dev.manpages
+++ /dev/null
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man3/*
diff --git a/debian/rules b/debian/rules
index d4106d5..9eea364 100755
--- a/debian/rules
+++ b/debian/rules
@@ -78,7 +78,7 @@ binary-arch: build install
dh_testroot
dh_installdocs
- dh_install --list-missing --exclude=libXcursor.la --exclude=usr/share/man/man3
+ dh_install --list-missing --exclude=libXcursor.la
dh_installman
dh_installchangelogs
dh_link
commit 7e429dbd2efc1bbbc46362f13ec9c25a5fd7022f
Author: Julien Cristau <jcristau@debian.org>
Date: Sun Jun 16 22:21:33 2013 +0200
Bump debhelper compat level to 7.
diff --git a/debian/changelog b/debian/changelog
index b19118a..72a7854 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
* New upstream release.
+ * Bump debhelper compat level to 7.
-- Julien Cristau <jcristau@debian.org> Sun, 16 Jun 2013 22:13:00 +0200
diff --git a/debian/compat b/debian/compat
index 7ed6ff8..7f8f011 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-5
+7
diff --git a/debian/rules b/debian/rules
index 14f346d..d4106d5 100755
--- a/debian/rules
+++ b/debian/rules
@@ -78,7 +78,7 @@ binary-arch: build install
dh_testroot
dh_installdocs
- dh_install --sourcedir=debian/tmp --list-missing --exclude=libXcursor.la --exclude=usr/share/man/man3
+ dh_install --list-missing --exclude=libXcursor.la --exclude=usr/share/man/man3
dh_installman
dh_installchangelogs
dh_link
commit 49efb1f49eaf85202fce536d7a0a6c073cd217f9
Author: Julien Cristau <jcristau@debian.org>
Date: Sun Jun 16 22:14:59 2013 +0200
Bump changelogs
diff --git a/ChangeLog b/ChangeLog
index 95b6b1a..9f8623b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,48 @@
+commit f92f118047ee8cea7dbbc734d476225f033ba0b7
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed May 29 23:22:29 2013 -0700
+
+ libXcursor 1.1.14
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 8f677eaea05290531d007d1fec2768119926088d
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Apr 12 21:17:28 2013 -0700
+
+ signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
+
+ When parsing cursor files, a user defined (e.g. through environment
+ variables) cursor file is opened and parsed.
+
+ The header is read in _XcursorReadFileHeader(), which reads an unsigned
+ int for the number of toc structures in the header, but it was being
+ passed to _XcursorFileHeaderCreate() as a signed int to allocate those
+ structures. If the number was negative, it would pass the bounds check
+ and could overflow the calculation for how much memory to allocate to
+ store the data being read, leading to overflowing the buffer with the
+ data read from the user controlled file.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 1b98fd6a2e8c00a563187849a585e68c7344468b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Tue Jan 15 18:51:39 2013 -0800
+
+ Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
+
+ Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
+
+ - Support for the long-deprecated INCLUDES variable will be removed
+ altogether in Automake 1.14. The AM_CPPFLAGS variable should be
+ used instead.
+
+ This variable was deprecated in Automake releases prior to 1.10, which is
+ the current minimum level required to build X.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
commit 2a9eaf3305d1577ad763d56dddd46e10f8d0676b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed Mar 7 18:54:15 2012 -0800
diff --git a/debian/changelog b/debian/changelog
index abb6de8..b19118a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libxcursor (1:1.1.14-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+
+ -- Julien Cristau <jcristau@debian.org> Sun, 16 Jun 2013 22:13:00 +0200
+
libxcursor (1:1.1.13-1+deb7u1) wheezy-security; urgency=high
* signedness bug & integer overflow in _XcursorFileHeaderCreate()
commit f92f118047ee8cea7dbbc734d476225f033ba0b7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed May 29 23:22:29 2013 -0700
libXcursor 1.1.14
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/configure.ac b/configure.ac
index 16c753b..ee8a500 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ AC_PREREQ([2.60])
# This is the package version number, not the shared library
# version. This version number will be substituted into Xcursor.h
#
-AC_INIT([libXcursor], [1.1.13],
+AC_INIT([libXcursor], [1.1.14],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg],[libXcursor])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h include/X11/Xcursor/Xcursor.h])
commit 9dccb86d48d47d6735fb40c2c56858f7a299b0a3
Author: Julien Cristau <jcristau@debian.org>
Date: Tue May 14 00:41:37 2013 +0200
Upload to wheezy-security
diff --git a/debian/changelog b/debian/changelog
index 2159643..abb6de8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxcursor (1:1.1.13-1+deb7u1) wheezy-security; urgency=high
+
+ * signedness bug & integer overflow in _XcursorFileHeaderCreate()
+ [CVE-2013-2003]
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 14 May 2013 00:38:17 +0200
+
libxcursor (1:1.1.13-1) unstable; urgency=low
* New upstream release.
commit e9cba4fa285f4eb93cea8a8ea1d8d98bce205fb7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri Apr 12 21:17:28 2013 -0700
signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
When parsing cursor files, a user defined (e.g. through environment
variables) cursor file is opened and parsed.
The header is read in _XcursorReadFileHeader(), which reads an unsigned
int for the number of toc structures in the header, but it was being
passed to _XcursorFileHeaderCreate() as a signed int to allocate those
structures. If the number was negative, it would pass the bounds check
and could overflow the calculation for how much memory to allocate to
store the data being read, leading to overflowing the buffer with the
data read from the user controlled file.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
diff --git a/src/file.c b/src/file.c
index efe6d4b..ce9de78 100644
--- a/src/file.c
+++ b/src/file.c
@@ -205,7 +205,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
}
static XcursorFileHeader *
-_XcursorFileHeaderCreate (int ntoc)
+_XcursorFileHeaderCreate (XcursorUInt ntoc)
{
XcursorFileHeader *fileHeader;
commit 8f677eaea05290531d007d1fec2768119926088d
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri Apr 12 21:17:28 2013 -0700
signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
When parsing cursor files, a user defined (e.g. through environment
variables) cursor file is opened and parsed.
The header is read in _XcursorReadFileHeader(), which reads an unsigned
int for the number of toc structures in the header, but it was being
passed to _XcursorFileHeaderCreate() as a signed int to allocate those
structures. If the number was negative, it would pass the bounds check
and could overflow the calculation for how much memory to allocate to
store the data being read, leading to overflowing the buffer with the
data read from the user controlled file.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/file.c b/src/file.c
index efe6d4b..ce9de78 100644
--- a/src/file.c
+++ b/src/file.c
@@ -205,7 +205,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
}
static XcursorFileHeader *
-_XcursorFileHeaderCreate (int ntoc)
+_XcursorFileHeaderCreate (XcursorUInt ntoc)
{
XcursorFileHeader *fileHeader;
commit 1b98fd6a2e8c00a563187849a585e68c7344468b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Tue Jan 15 18:51:39 2013 -0800
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
- Support for the long-deprecated INCLUDES variable will be removed
altogether in Automake 1.14. The AM_CPPFLAGS variable should be
used instead.
This variable was deprecated in Automake releases prior to 1.10, which is
the current minimum level required to build X.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Makefile.am b/src/Makefile.am
index a44dcb3..a6bee09 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,7 +12,7 @@ AM_CFLAGS = \
-DICONDIR=\"$(ICONDIR)\" \
-DXCURSORPATH=\"$(XCURSORPATH)\"
-INCLUDES = -I$(top_srcdir)/include/X11/Xcursor
+AM_CPPFLAGS = -I$(top_srcdir)/include/X11/Xcursor
#
# Shared library version info. This is not the same as the package version
Reply to: