libxt: Changes to 'debian-unstable'
COPYING | 23 ++++
ChangeLog | 170 +++++++++++++++++++++++++++++++
autogen.sh | 4
configure.ac | 6 -
debian/changelog | 13 ++
debian/rules | 1
man/XtAddActions.man | 63 -----------
man/XtAddCallback.man | 63 -----------
man/XtAddEventHandler.man | 63 -----------
man/XtAddExposureToRegion.man | 63 -----------
man/XtAddGrab.man | 63 -----------
man/XtAddInput.man | 63 -----------
man/XtAllocateGC.man | 63 -----------
man/XtAppAddActionHook.man | 63 -----------
man/XtAppAddActions.man | 63 -----------
man/XtAppAddBlockHook.man | 63 -----------
man/XtAppAddConverter.man | 63 -----------
man/XtAppAddInput.man | 63 -----------
man/XtAppAddSignal.man | 63 -----------
man/XtAppAddTimeOut.man | 63 -----------
man/XtAppAddWorkProc.man | 63 -----------
man/XtAppCreateShell.man | 64 -----------
man/XtAppError.man | 63 -----------
man/XtAppErrorMsg.man | 63 -----------
man/XtAppGetErrorDatabase.man | 63 -----------
man/XtAppGetSelectionTimeout.man | 63 -----------
man/XtAppInitialize.man | 63 -----------
man/XtAppLock.man | 63 -----------
man/XtAppNextEvent.man | 63 -----------
man/XtAppReleaseCacheRefs.man | 63 -----------
man/XtAppSetExitFlag.man | 63 -----------
man/XtAppSetFallbackResources.man | 63 -----------
man/XtAppSetTypeConverter.man | 63 -----------
man/XtBuildEventMask.man | 63 -----------
man/XtCallAcceptFocus.man | 63 -----------
man/XtCallActionProc.man | 63 -----------
man/XtCallCallbacks.man | 63 -----------
man/XtClass.man | 63 -----------
man/XtConfigureWidget.man | 63 -----------
man/XtConvert.man | 63 -----------
man/XtConvertAndStore.man | 63 -----------
man/XtCreateApplicationContext.man | 63 -----------
man/XtCreateApplicationShell.man | 63 -----------
man/XtCreatePopupShell.man | 63 -----------
man/XtCreateSelectionRequest.man | 63 -----------
man/XtCreateWidget.man | 63 -----------
man/XtCreateWindow.man | 63 -----------
man/XtDisplay.man | 63 -----------
man/XtDisplayInitialize.man | 63 -----------
man/XtDisplayStringConversionWarning.man | 63 -----------
man/XtDisplayToApplicationContext.man | 63 -----------
man/XtError.man | 63 -----------
man/XtErrorMsg.man | 63 -----------
man/XtFindFile.man | 63 -----------
man/XtGetActionKeysym.man | 63 -----------
man/XtGetActionList.man | 63 -----------
man/XtGetApplicationNameAndClass.man | 63 -----------
man/XtGetApplicationResources.man | 63 -----------
man/XtGetClassExtension.man | 63 -----------
man/XtGetDisplays.man | 63 -----------
man/XtGetErrorDatabase.man | 63 -----------
man/XtGetGC.man | 63 -----------
man/XtGetKeyboardFocusWidget.man | 63 -----------
man/XtGetKeysymTable.man | 63 -----------
man/XtGetResourceList.man | 63 -----------
man/XtGetSelectionParameters.man | 63 -----------
man/XtGetSelectionRequest.man | 63 -----------
man/XtGetSelectionTimeout.man | 63 -----------
man/XtGetSelectionValue.man | 63 -----------
man/XtGetSelectionValueIncremental.man | 63 -----------
man/XtGetSubresources.man | 63 -----------
man/XtGrabKey.man | 63 -----------
man/XtHooksOfDisplay.man | 63 -----------
man/XtInitialize.man | 63 -----------
man/XtInitializeWidgetClass.man | 63 -----------
man/XtInsertEventTypeHandler.man | 63 -----------
man/XtLastEventProcessed.man | 63 -----------
man/XtMakeGeometryRequest.man | 63 -----------
man/XtMalloc.man | 63 -----------
man/XtManageChildren.man | 63 -----------
man/XtMapWidget.man | 63 -----------
man/XtName.man | 63 -----------
man/XtNameToWidget.man | 63 -----------
man/XtNextEvent.man | 63 -----------
man/XtOffset.man | 63 -----------
man/XtOpenApplication.man | 63 -----------
man/XtOwnSelection.man | 63 -----------
man/XtParent.man | 63 -----------
man/XtParseAcceleratorTable.man | 63 -----------
man/XtParseTranslationTable.man | 63 -----------
man/XtPopdown.man | 70 ------------
man/XtPopup.man | 63 -----------
man/XtProcessLock.man | 63 -----------
man/XtQueryGeometry.man | 63 -----------
man/XtRealizeWidget.man | 63 -----------
man/XtRegisterDrawable.man | 63 -----------
man/XtRegisterGrabAction.man | 63 -----------
man/XtReservePropertyAtom.man | 63 -----------
man/XtResolvePathname.man | 63 -----------
man/XtSessionGetToken.man | 63 -----------
man/XtSetArg.man | 75 -------------
man/XtSetKeyTranslator.man | 63 -----------
man/XtSetKeyboardFocus.man | 63 -----------
man/XtSetLanguageProc.man | 63 -----------
man/XtSetMultiClickTime.man | 63 -----------
man/XtSetSelectionParameters.man | 63 -----------
man/XtSetSensitive.man | 63 -----------
man/XtSetValues.man | 63 -----------
man/XtSetWMColormapWindows.man | 63 -----------
man/XtStringConversionWarning.man | 63 -----------
man/XtToolkitThreadInitialize.man | 63 -----------
man/XtTranslateCoords.man | 63 -----------
man/XtVaCreateArgsList.man | 63 -----------
src/Converters.c | 13 --
src/Display.c | 7 -
src/Intrinsic.c | 31 -----
src/Makefile.am | 6 -
src/NextEvent.c | 3
src/ResConfig.c | 50 ++++-----
src/Selection.c | 84 ++++++++-------
src/TMparse.c | 17 ---
src/Vendor.c | 20 ---
src/sharedlib.c | 2
test/Makefile.am | 2
xt.pc.in | 2
125 files changed, 413 insertions(+), 6802 deletions(-)
New commits:
commit 81cdd16c01626dab2e55190e21d359619d8a94f6
Author: Julien Cristau <jcristau@debian.org>
Date: Mon Aug 12 19:26:33 2013 +0200
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index c706cf9..5fc347c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-libxt (1:1.1.4-1) UNRELEASED; urgency=low
+libxt (1:1.1.4-1) unstable; urgency=low
* New upstream release.
* Add copyright notice and license from the X Consortium to
debian/copyright. Thanks, Ansgar Burchardt!
* Disable silent build rules.
- -- Julien Cristau <jcristau@debian.org> Mon, 12 Aug 2013 19:03:55 +0200
+ -- Julien Cristau <jcristau@debian.org> Mon, 12 Aug 2013 19:26:23 +0200
libxt (1:1.1.3-1+deb7u1) wheezy-security; urgency=high
commit fee766810b54f7f83abba05895c6fd8a9a183429
Author: Julien Cristau <jcristau@debian.org>
Date: Mon Aug 12 19:21:06 2013 +0200
Disable silent build rules.
diff --git a/debian/changelog b/debian/changelog
index 091ce24..c706cf9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxt (1:1.1.4-1) UNRELEASED; urgency=low
* New upstream release.
* Add copyright notice and license from the X Consortium to
debian/copyright. Thanks, Ansgar Burchardt!
+ * Disable silent build rules.
-- Julien Cristau <jcristau@debian.org> Mon, 12 Aug 2013 19:03:55 +0200
diff --git a/debian/rules b/debian/rules
index 383703b..a117d46 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,6 +18,7 @@ libxt_configure:
--with-appdefaultdir=/etc/X11/app-defaults \
--with-xfile-search-path="/usr/lib/X11/%L/%T/%N%S:/usr/lib/X11/%l/%T/%N%S:/usr/lib/X11/%T/%N%S:/etc/X11/%L/%T/%N%C%S:/etc/X11/%l/%T/%N%C%S:/etc/X11/%T/%N%C%S:/etc/X11/%L/%T/%N%S:/etc/X11/%l/%T/%N%S:/etc/X11/%T/%N%S" \
--enable-unit-tests \
+ --disable-silent-rules \
$(docflags) \
CFLAGS="$(CFLAGS)" \
LDFLAGS="$(LDFLAGS)"
commit 3981a4b5ff0de49c1cf5581cab363830b302fcb7
Author: Julien Cristau <jcristau@debian.org>
Date: Mon Aug 12 19:04:24 2013 +0200
Bump changelogs
diff --git a/ChangeLog b/ChangeLog
index cf0ab3d..098b6a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,173 @@
+commit e83d6d66ea28b0aaa7e574dd2471121a5250b934
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu May 30 18:13:27 2013 -0700
+
+ libXt 1.1.4
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 1f4802b745aa172d375cb79403cb1e013e6aa4c0
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat Mar 9 13:33:20 2013 -0800
+
+ Remove old strtoul workaround for SunOS 4
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 9264a21b688891dbdcee630ff72cf39aa75fc4e1
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat Mar 9 11:44:14 2013 -0800
+
+ unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002]
+
+ The RCM_DATA property is expected to be in the format:
+ resource_length, resource, value
+
+ If the property contains a resource_length thats results in a pointer
+ outside the property string, memory corruption can occur.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit eae57493feec958bcf733ad0d334715107029f8b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat Mar 9 11:29:21 2013 -0800
+
+ Unchecked return values of XGetWindowProperty [CVE-2013-2005]
+
+ Multiple functions in Selection.c assumed that XGetWindowProperty() would
+ always set the pointer to the property, but before libX11 1.6, it could
+ fail to do so in some cases, leading to libXt freeing or operating on an
+ uninitialized pointer value, so libXt should always initialize the pointers
+ and check for failure itself.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit ead50a9a274aa96bef94e57c4625be8e9288af4e
+Author: Colin Walters <walters@verbum.org>
+Date: Wed Jan 4 17:37:06 2012 -0500
+
+ autogen.sh: Implement GNOME Build API
+
+ http://people.gnome.org/~walters/docs/build-api.txt
+
+ Signed-off-by: Adam Jackson <ajax@redhat.com>
+
+commit 8f5f3f7a3c36088d6faf0f13da4416596257bc58
+Author: Adam Jackson <ajax@redhat.com>
+Date: Tue Jan 15 14:28:48 2013 -0500
+
+ configure: Remove AM_MAINTAINER_MODE
+
+ Signed-off-by: Adam Jackson <ajax@redhat.com>
+
+commit 6731c2c7e3c16ad17425acfb5024fa1501e94411
+Author: Thierry Reding <thierry.reding@avionic-design.de>
+Date: Thu Jan 3 10:16:56 2013 +0100
+
+ Use AM_CPPFLAGS instead of INCLUDES
+
+ Recent versions of automake deprecate the INCLUDES variable. The same
+ effect can be achieved by using AM_CPPFLAGS instead, which is also
+ automake's recommendation.
+
+ Signed-off-by: Thierry Reding <thierry.reding@avionic-design.de>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 97034e393cfa63a55e9cec2d795ac41e5872f5b5
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Jan 4 19:52:59 2013 -0800
+
+ unifdef -U__UNIXOS2__
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+commit 0033d063894d003b1cb6edb14107d6ef7e0f3fec
+Author: Egbert Eich <eich@freedesktop.org>
+Date: Thu Sep 8 16:40:27 2011 +0200
+
+ Add XtErrorDB directory to pkg-config file.
+
+ Should anyone ever desire to supply this file externally
+ it's location is specified in the pkg-config file.
+
+ Signed-off-by: Egbert Eich <eich@freedesktop.org>
+ Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
+ Tested-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 15d7f9cf9e089f5968a20f80529096e9a1d3551f
+Author: Egbert Eich <eich@freedesktop.org>
+Date: Thu May 19 18:18:52 2011 +0200
+
+ Install ErrorDB into a $datarootdir-path, not $libdir.
+
+ This lets Xt search for it's ErrorDB in the same location
+ as Xlib. These error databases are architecture independent
+ data files.
+
+ The XtErrorDB file neither exists in libXt nor has it ever
+ been supplied by any '3rd party' (at least Google didn't
+ turn up any results).
+ Therefore changing the location of this file (again) should
+ have no side effects on backward compatibility.
+
+ Signed-off-by: Egbert Eich <eich@freedesktop.org>
+ Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
+ Tested-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 690d6587e7e0ba29b70d2b1d6c5c6a128c5547a2
+Author: Eric S. Raymond <esr@thyrsus.com>
+Date: Thu Aug 23 11:43:42 2012 -0400
+
+ Remove unused macros that are temptations to presentation-level klugery.
+
+ Also, change .Ds/.De to use CW font, as what they're wrapping is code displays.
+ This may not be recognized on archaic Unixes, but .ft 1 isn't any too safe
+ either. The PostScript and DVI drivers both grok CW.
+
+ Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
+
+commit 356b3e6235be4cdb51f13249cb68c581c0fc50c7
+Author: Eric S. Raymond <esr@thyrsus.com>
+Date: Thu Aug 23 11:30:47 2012 -0400
+
+ Eliminate use of tab stops.
+
+ Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
+
+commit 1e5e04a80b391ea6827bb3c537be47533c6afe1e
+Author: Thomas Klausner <wiz@NetBSD.org>
+Date: Wed Jul 18 16:45:19 2012 +0200
+
+ Fix DEBUG build (TMparse.c:376:1: error: overflow in implicit constant conversion)
+
+ Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 1ab3a0dd5140489bc80edcfd940609fefaec81f1
+Author: Thomas Klausner <wiz@NetBSD.org>
+Date: Wed Jul 18 16:45:18 2012 +0200
+
+ Avoid referencing something that isn't defined. Bring in the definition from another manual page.
+
+ Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 6adb4655a15276973f5e74fd79f5c99d3d4b77a0
+Author: Julien Cristau <jcristau@debian.org>
+Date: Mon Apr 23 20:08:34 2012 +0200
+
+ Add copyright notice and license from the X Consortium to COPYING
+
+ These appear in the Xt manpages.
+
+ Reported-by: Ansgar Burchardt
+ Signed-off-by: Julien Cristau <jcristau@debian.org>
+
commit 2d689ac861085d1d74bcbd05d1595bac0bf67d20
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Thu Mar 15 22:51:45 2012 -0700
diff --git a/debian/changelog b/debian/changelog
index 4fc3121..091ce24 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-libxt (1:1.1.3-2) UNRELEASED; urgency=low
+libxt (1:1.1.4-1) UNRELEASED; urgency=low
+ * New upstream release.
* Add copyright notice and license from the X Consortium to
debian/copyright. Thanks, Ansgar Burchardt!
- -- Julien Cristau <jcristau@debian.org> Mon, 23 Apr 2012 20:03:44 +0200
+ -- Julien Cristau <jcristau@debian.org> Mon, 12 Aug 2013 19:03:55 +0200
libxt (1:1.1.3-1+deb7u1) wheezy-security; urgency=high
commit e83d6d66ea28b0aaa7e574dd2471121a5250b934
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Thu May 30 18:13:27 2013 -0700
libXt 1.1.4
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/configure.ac b/configure.ac
index bc92fd8..3f82427 100644
--- a/configure.ac
+++ b/configure.ac
@@ -22,7 +22,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libXt], [1.1.3],
+AC_INIT([libXt], [1.1.4],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXt])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
commit 0730a626ee2d43e7c0b046a1e3cf165f96a77a9f
Author: Julien Cristau <jcristau@debian.org>
Date: Tue May 14 19:55:23 2013 +0200
Upload to wheezy-security
diff --git a/debian/changelog b/debian/changelog
index 087e8d3..763ea55 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxt (1:1.1.3-1+deb7u1) wheezy-security; urgency=high
+
+ * Unchecked return values of XGetWindowProperty [CVE-2013-2005]
+ * unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002]
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 14 May 2013 19:53:37 +0200
+
libxt (1:1.1.3-1) unstable; urgency=low
* New upstream release.
commit 30c6d426f7d135531d9ec6fbf63953db496dfa62
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 11:44:14 2013 -0800
unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002]
The RCM_DATA property is expected to be in the format:
resource_length, resource, value
If the property contains a resource_length thats results in a pointer
outside the property string, memory corruption can occur.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
diff --git a/src/ResConfig.c b/src/ResConfig.c
index 68da536..1f3edbe 100644
--- a/src/ResConfig.c
+++ b/src/ResConfig.c
@@ -971,26 +971,37 @@ _XtResourceConfigurationEH (
* resource and value fields.
*/
if (data) {
+ char *data_end = data + nitems;
+ char *data_value;
+
resource_len = Strtoul ((void *)data, &data_ptr, 10);
- data_ptr++;
- data_ptr[resource_len] = '\0';
+ if (data_ptr != (char *) data) {
+ data_ptr++;
+ data_value = data_ptr + resource_len;
+ } else /* strtoul failed to convert a number */
+ data_ptr = data_value = NULL;
+
+ if (data_value > data_ptr && data_value < data_end) {
+ *data_value++ = '\0';
- resource = XtNewString (data_ptr);
- value = XtNewString (&data_ptr[resource_len + 1]);
+ resource = XtNewString (data_ptr);
+ value = XtNewString (data_value);
#ifdef DEBUG
- fprintf (stderr, "resource_len=%d\n",resource_len);
- fprintf (stderr, "resource = %s\t value = %s\n",
- resource, value);
+ fprintf (stderr, "resource_len=%d\n"
+ resource_len);
+ fprintf (stderr, "resource = %s\t value = %s\n",
+ resource, value);
#endif
- /*
- * descend the application widget tree and
- * apply the value to the appropriate widgets
- */
- _search_widget_tree (w, resource, value);
-
- XtFree (resource);
- XtFree (value);
+ /*
+ * descend the application widget tree and
+ * apply the value to the appropriate widgets
+ */
+ _search_widget_tree (w, resource, value);
+
+ XtFree (resource);
+ XtFree (value);
+ }
}
}
commit 29433820344c228580fe09316d6402bbbd7ba44a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 11:29:21 2013 -0800
Unchecked return values of XGetWindowProperty [CVE-2013-2005]
Multiple functions in Selection.c assumed that XGetWindowProperty() would
always set the pointer to the property, but before libX11 1.6, it could
fail to do so in some cases, leading to libXt freeing or operating on an
uninitialized pointer value, so libXt should always initialize the pointers
and check for failure itself.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
diff --git a/src/Selection.c b/src/Selection.c
index f35cb44..4f59d70 100644
--- a/src/Selection.c
+++ b/src/Selection.c
@@ -839,14 +839,16 @@ static void HandleSelectionEvents(
IndirectPair *p;
int format;
unsigned long bytesafter, length;
- unsigned char *value;
+ unsigned char *value = NULL;
ev.property = event->xselectionrequest.property;
StartProtectedSection(ev.display, ev.requestor);
- (void) XGetWindowProperty(ev.display, ev.requestor,
+ if (XGetWindowProperty(ev.display, ev.requestor,
event->xselectionrequest.property, 0L, 1000000,
False,(Atom)AnyPropertyType, &target, &format, &length,
- &bytesafter, &value);
- count = BYTELENGTH(length, format) / sizeof(IndirectPair);
+ &bytesafter, &value) == Success)
+ count = BYTELENGTH(length, format) / sizeof(IndirectPair);
+ else
+ count = 0;
for (p = (IndirectPair *)value; count; p++, count--) {
EndProtectedSection(ctx->dpy);
if (!GetConversion(ctx, (XSelectionRequestEvent*)event,
@@ -1053,9 +1055,10 @@ static Boolean IsINCRtype(
if (prop == None) return False;
- (void)XGetWindowProperty(XtDisplay(info->widget), window, prop, 0L, 0L,
- False, info->ctx->prop_list->incr_atom,
- &type, &format, &length, &bytesafter, &value);
+ if (XGetWindowProperty(XtDisplay(info->widget), window, prop, 0L, 0L,
+ False, info->ctx->prop_list->incr_atom, &type,
+ &format, &length, &bytesafter, &value) != Success)
+ return False;
return (type == info->ctx->prop_list->incr_atom);
}
@@ -1069,7 +1072,6 @@ static void ReqCleanup(
{
CallBackInfo info = (CallBackInfo)closure;
unsigned long bytesafter, length;
- char *value;
int format;
Atom target;
@@ -1093,17 +1095,19 @@ static void ReqCleanup(
(ev->xproperty.state == PropertyNewValue) &&
(ev->xproperty.atom == info->property)) {
XPropertyEvent *event = (XPropertyEvent *) ev;
- (void) XGetWindowProperty(event->display, XtWindow(widget),
- event->atom, 0L, 1000000, True, AnyPropertyType,
- &target, &format, &length, &bytesafter,
- (unsigned char **) &value);
- XFree(value);
- if (length == 0) {
- XtRemoveEventHandler(widget, (EventMask) PropertyChangeMask, FALSE,
- ReqCleanup, (XtPointer) info );
- FreeSelectionProperty(XtDisplay(widget), info->property);
- XtFree(info->value); /* requestor never got this, so free now */
- FreeInfo(info);
+ char *value = NULL;
+ if (XGetWindowProperty(event->display, XtWindow(widget),
+ event->atom, 0L, 1000000, True, AnyPropertyType,
+ &target, &format, &length, &bytesafter,
+ (unsigned char **) &value) == Success) {
+ XFree(value);
+ if (length == 0) {
+ XtRemoveEventHandler(widget, (EventMask) PropertyChangeMask,
+ FALSE, ReqCleanup, (XtPointer) info );
+ FreeSelectionProperty(XtDisplay(widget), info->property);
+ XtFree(info->value); /* requestor never got this, so free now */
+ FreeInfo(info);
+ }
}
}
}
@@ -1121,20 +1125,23 @@ static void ReqTimedOut(
unsigned long bytesafter;
unsigned long proplength;
Atom type;
- IndirectPair *pairs;
XtPointer *c;
int i;
if (*info->target == info->ctx->prop_list->indirect_atom) {
- (void) XGetWindowProperty(XtDisplay(info->widget),
- XtWindow(info->widget), info->property, 0L,
- 10000000, True, AnyPropertyType, &type, &format,
- &proplength, &bytesafter, (unsigned char **) &pairs);
- XFree((char*)pairs);
- for (proplength = proplength / IndirectPairWordSize, i = 0, c = info->req_closure;
- proplength; proplength--, c++, i++)
- (*info->callbacks[i])(info->widget, *c,
- &info->ctx->selection, &resulttype, value, &length, &format);
+ IndirectPair *pairs = NULL;
+ if (XGetWindowProperty(XtDisplay(info->widget), XtWindow(info->widget),
+ info->property, 0L, 10000000, True,
+ AnyPropertyType, &type, &format, &proplength,
+ &bytesafter, (unsigned char **) &pairs)
+ == Success) {
+ XFree(pairs);
+ for (proplength = proplength / IndirectPairWordSize, i = 0,
+ c = info->req_closure;
+ proplength; proplength--, c++, i++)
+ (*info->callbacks[i])(info->widget, *c, &info->ctx->selection,
+ &resulttype, value, &length, &format);
+ }
} else {
(*info->callbacks[0])(info->widget, *info->req_closure,
&info->ctx->selection, &resulttype, value, &length, &format);
@@ -1280,12 +1287,13 @@ Boolean HandleNormal(
unsigned long length;
int format;
Atom type;
- unsigned char *value;
+ unsigned char *value = NULL;
int number = info->current;
- (void) XGetWindowProperty(dpy, XtWindow(widget), property, 0L,
- 10000000, False, AnyPropertyType,
- &type, &format, &length, &bytesafter, &value);
+ if (XGetWindowProperty(dpy, XtWindow(widget), property, 0L, 10000000,
+ False, AnyPropertyType, &type, &format, &length,
+ &bytesafter, &value) != Success)
+ return FALSE;
if (type == info->ctx->prop_list->incr_atom) {
unsigned long size = IncrPropSize(widget, value, format, length);
@@ -1370,7 +1378,6 @@ static void HandleSelectionReplies(
Display *dpy = event->display;
CallBackInfo info = (CallBackInfo) closure;
Select ctx = info->ctx;
- IndirectPair *pairs, *p;
unsigned long bytesafter;
unsigned long length;
int format;
@@ -1385,9 +1392,12 @@ static void HandleSelectionReplies(
XtRemoveEventHandler(widget, (EventMask)0, TRUE,
HandleSelectionReplies, (XtPointer) info );
if (event->target == ctx->prop_list->indirect_atom) {
- (void) XGetWindowProperty(dpy, XtWindow(widget), info->property, 0L,
- 10000000, True, AnyPropertyType, &type, &format,
- &length, &bytesafter, (unsigned char **) &pairs);
+ IndirectPair *pairs = NULL, *p;
+ if (XGetWindowProperty(dpy, XtWindow(widget), info->property, 0L,
+ 10000000, True, AnyPropertyType, &type, &format,
+ &length, &bytesafter, (unsigned char **) &pairs)
+ != Success)
+ length = 0;
for (length = length / IndirectPairWordSize, p = pairs,
c = info->req_closure;
length; length--, p++, c++, info->current++) {
commit 1f4802b745aa172d375cb79403cb1e013e6aa4c0
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 13:33:20 2013 -0800
Remove old strtoul workaround for SunOS 4
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/ResConfig.c b/src/ResConfig.c
index 1f3edbe..161366a 100644
--- a/src/ResConfig.c
+++ b/src/ResConfig.c
@@ -72,13 +72,6 @@ static void _search_child(Widget, char *, char *, char *, char *, char, char *);
static void _set_and_search(Widget, char *, char *, char *, char *, char , char *);
static int _locate_children(Widget, Widget **);
-#if defined(sun) && !defined(SVR4)
-# define Strtoul(a,b,c) (unsigned long)strtol(a,b,c)
-#else
-# define Strtoul(a,b,c) strtoul(a,b,c)
-#endif
-
-
/*
* NAME: _set_resource_values
*
@@ -974,7 +967,7 @@ _XtResourceConfigurationEH (
char *data_end = data + nitems;
char *data_value;
- resource_len = Strtoul ((void *)data, &data_ptr, 10);
+ resource_len = strtoul (data, &data_ptr, 10);
if (data_ptr != (char *) data) {
data_ptr++;
commit 9264a21b688891dbdcee630ff72cf39aa75fc4e1
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 11:44:14 2013 -0800
unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002]
The RCM_DATA property is expected to be in the format:
resource_length, resource, value
If the property contains a resource_length thats results in a pointer
outside the property string, memory corruption can occur.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/ResConfig.c b/src/ResConfig.c
index 68da536..1f3edbe 100644
--- a/src/ResConfig.c
+++ b/src/ResConfig.c
@@ -971,26 +971,37 @@ _XtResourceConfigurationEH (
* resource and value fields.
*/
if (data) {
+ char *data_end = data + nitems;
+ char *data_value;
+
resource_len = Strtoul ((void *)data, &data_ptr, 10);
- data_ptr++;
- data_ptr[resource_len] = '\0';
+ if (data_ptr != (char *) data) {
+ data_ptr++;
+ data_value = data_ptr + resource_len;
+ } else /* strtoul failed to convert a number */
+ data_ptr = data_value = NULL;
+
+ if (data_value > data_ptr && data_value < data_end) {
+ *data_value++ = '\0';
- resource = XtNewString (data_ptr);
- value = XtNewString (&data_ptr[resource_len + 1]);
+ resource = XtNewString (data_ptr);
+ value = XtNewString (data_value);
#ifdef DEBUG
- fprintf (stderr, "resource_len=%d\n",resource_len);
- fprintf (stderr, "resource = %s\t value = %s\n",
- resource, value);
+ fprintf (stderr, "resource_len=%d\n"
+ resource_len);
+ fprintf (stderr, "resource = %s\t value = %s\n",
+ resource, value);
#endif
- /*
- * descend the application widget tree and
- * apply the value to the appropriate widgets
- */
- _search_widget_tree (w, resource, value);
-
- XtFree (resource);
- XtFree (value);
+ /*
+ * descend the application widget tree and
+ * apply the value to the appropriate widgets
+ */
+ _search_widget_tree (w, resource, value);
+
+ XtFree (resource);
+ XtFree (value);
+ }
}
}
commit eae57493feec958bcf733ad0d334715107029f8b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 11:29:21 2013 -0800
Unchecked return values of XGetWindowProperty [CVE-2013-2005]
Multiple functions in Selection.c assumed that XGetWindowProperty() would
always set the pointer to the property, but before libX11 1.6, it could
fail to do so in some cases, leading to libXt freeing or operating on an
uninitialized pointer value, so libXt should always initialize the pointers
and check for failure itself.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Selection.c b/src/Selection.c
index f35cb44..4f59d70 100644
--- a/src/Selection.c
+++ b/src/Selection.c
@@ -839,14 +839,16 @@ static void HandleSelectionEvents(
IndirectPair *p;
int format;
unsigned long bytesafter, length;
- unsigned char *value;
+ unsigned char *value = NULL;
ev.property = event->xselectionrequest.property;
StartProtectedSection(ev.display, ev.requestor);
- (void) XGetWindowProperty(ev.display, ev.requestor,
+ if (XGetWindowProperty(ev.display, ev.requestor,
event->xselectionrequest.property, 0L, 1000000,
False,(Atom)AnyPropertyType, &target, &format, &length,
- &bytesafter, &value);
- count = BYTELENGTH(length, format) / sizeof(IndirectPair);
+ &bytesafter, &value) == Success)
+ count = BYTELENGTH(length, format) / sizeof(IndirectPair);
+ else
+ count = 0;
for (p = (IndirectPair *)value; count; p++, count--) {
EndProtectedSection(ctx->dpy);
if (!GetConversion(ctx, (XSelectionRequestEvent*)event,
@@ -1053,9 +1055,10 @@ static Boolean IsINCRtype(
if (prop == None) return False;
- (void)XGetWindowProperty(XtDisplay(info->widget), window, prop, 0L, 0L,
- False, info->ctx->prop_list->incr_atom,
- &type, &format, &length, &bytesafter, &value);
+ if (XGetWindowProperty(XtDisplay(info->widget), window, prop, 0L, 0L,
+ False, info->ctx->prop_list->incr_atom, &type,
+ &format, &length, &bytesafter, &value) != Success)
+ return False;
return (type == info->ctx->prop_list->incr_atom);
}
@@ -1069,7 +1072,6 @@ static void ReqCleanup(
{
CallBackInfo info = (CallBackInfo)closure;
unsigned long bytesafter, length;
- char *value;
int format;
Atom target;
@@ -1093,17 +1095,19 @@ static void ReqCleanup(
(ev->xproperty.state == PropertyNewValue) &&
(ev->xproperty.atom == info->property)) {
XPropertyEvent *event = (XPropertyEvent *) ev;
- (void) XGetWindowProperty(event->display, XtWindow(widget),
- event->atom, 0L, 1000000, True, AnyPropertyType,
- &target, &format, &length, &bytesafter,
- (unsigned char **) &value);
- XFree(value);
- if (length == 0) {
- XtRemoveEventHandler(widget, (EventMask) PropertyChangeMask, FALSE,
- ReqCleanup, (XtPointer) info );
- FreeSelectionProperty(XtDisplay(widget), info->property);
- XtFree(info->value); /* requestor never got this, so free now */
- FreeInfo(info);
+ char *value = NULL;
+ if (XGetWindowProperty(event->display, XtWindow(widget),
+ event->atom, 0L, 1000000, True, AnyPropertyType,
+ &target, &format, &length, &bytesafter,
+ (unsigned char **) &value) == Success) {
+ XFree(value);
+ if (length == 0) {
+ XtRemoveEventHandler(widget, (EventMask) PropertyChangeMask,
+ FALSE, ReqCleanup, (XtPointer) info );
+ FreeSelectionProperty(XtDisplay(widget), info->property);
+ XtFree(info->value); /* requestor never got this, so free now */
+ FreeInfo(info);
+ }
}
}
}
@@ -1121,20 +1125,23 @@ static void ReqTimedOut(
unsigned long bytesafter;
unsigned long proplength;
Atom type;
- IndirectPair *pairs;
XtPointer *c;
int i;
if (*info->target == info->ctx->prop_list->indirect_atom) {
- (void) XGetWindowProperty(XtDisplay(info->widget),
- XtWindow(info->widget), info->property, 0L,
- 10000000, True, AnyPropertyType, &type, &format,
- &proplength, &bytesafter, (unsigned char **) &pairs);
- XFree((char*)pairs);
- for (proplength = proplength / IndirectPairWordSize, i = 0, c = info->req_closure;
- proplength; proplength--, c++, i++)
- (*info->callbacks[i])(info->widget, *c,
- &info->ctx->selection, &resulttype, value, &length, &format);
+ IndirectPair *pairs = NULL;
+ if (XGetWindowProperty(XtDisplay(info->widget), XtWindow(info->widget),
+ info->property, 0L, 10000000, True,
+ AnyPropertyType, &type, &format, &proplength,
+ &bytesafter, (unsigned char **) &pairs)
+ == Success) {
+ XFree(pairs);
+ for (proplength = proplength / IndirectPairWordSize, i = 0,
+ c = info->req_closure;
+ proplength; proplength--, c++, i++)
+ (*info->callbacks[i])(info->widget, *c, &info->ctx->selection,
+ &resulttype, value, &length, &format);
+ }
} else {
(*info->callbacks[0])(info->widget, *info->req_closure,
&info->ctx->selection, &resulttype, value, &length, &format);
@@ -1280,12 +1287,13 @@ Boolean HandleNormal(
unsigned long length;
int format;
Atom type;
- unsigned char *value;
+ unsigned char *value = NULL;
int number = info->current;
- (void) XGetWindowProperty(dpy, XtWindow(widget), property, 0L,
- 10000000, False, AnyPropertyType,
- &type, &format, &length, &bytesafter, &value);
+ if (XGetWindowProperty(dpy, XtWindow(widget), property, 0L, 10000000,
+ False, AnyPropertyType, &type, &format, &length,
+ &bytesafter, &value) != Success)
+ return FALSE;
if (type == info->ctx->prop_list->incr_atom) {
unsigned long size = IncrPropSize(widget, value, format, length);
@@ -1370,7 +1378,6 @@ static void HandleSelectionReplies(
Display *dpy = event->display;
CallBackInfo info = (CallBackInfo) closure;
Select ctx = info->ctx;
- IndirectPair *pairs, *p;
unsigned long bytesafter;
unsigned long length;
int format;
@@ -1385,9 +1392,12 @@ static void HandleSelectionReplies(
XtRemoveEventHandler(widget, (EventMask)0, TRUE,
HandleSelectionReplies, (XtPointer) info );
if (event->target == ctx->prop_list->indirect_atom) {
- (void) XGetWindowProperty(dpy, XtWindow(widget), info->property, 0L,
- 10000000, True, AnyPropertyType, &type, &format,
- &length, &bytesafter, (unsigned char **) &pairs);
+ IndirectPair *pairs = NULL, *p;
+ if (XGetWindowProperty(dpy, XtWindow(widget), info->property, 0L,
+ 10000000, True, AnyPropertyType, &type, &format,
+ &length, &bytesafter, (unsigned char **) &pairs)
+ != Success)
+ length = 0;
for (length = length / IndirectPairWordSize, p = pairs,
c = info->req_closure;
length; length--, p++, c++, info->current++) {
commit ead50a9a274aa96bef94e57c4625be8e9288af4e
Author: Colin Walters <walters@verbum.org>
Date: Wed Jan 4 17:37:06 2012 -0500
autogen.sh: Implement GNOME Build API
http://people.gnome.org/~walters/docs/build-api.txt
Signed-off-by: Adam Jackson <ajax@redhat.com>
diff --git a/autogen.sh b/autogen.sh
index 904cd67..fc34bd5 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,4 +9,6 @@ cd $srcdir
autoreconf -v --install || exit 1
cd $ORIGDIR || exit $?
-$srcdir/configure --enable-maintainer-mode "$@"
+if test -z "$NOCONFIGURE"; then
+ $srcdir/configure "$@"
+fi
commit 8f5f3f7a3c36088d6faf0f13da4416596257bc58
Author: Adam Jackson <ajax@redhat.com>
Date: Tue Jan 15 14:28:48 2013 -0500
configure: Remove AM_MAINTAINER_MODE
Signed-off-by: Adam Jackson <ajax@redhat.com>
diff --git a/configure.ac b/configure.ac
index c59cc26..bc92fd8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,6 @@ AC_CONFIG_MACRO_DIR([m4])
# Initialize Automake
AM_INIT_AUTOMAKE([foreign dist-bzip2])
-AM_MAINTAINER_MODE
# Initialize libtool
AC_PROG_LIBTOOL
commit 6731c2c7e3c16ad17425acfb5024fa1501e94411
Author: Thierry Reding <thierry.reding@avionic-design.de>
Reply to: