libxcursor: Changes to 'upstream-unstable'
configure.ac | 2 +-
src/Makefile.am | 2 +-
src/file.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
New commits:
commit f92f118047ee8cea7dbbc734d476225f033ba0b7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed May 29 23:22:29 2013 -0700
libXcursor 1.1.14
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/configure.ac b/configure.ac
index 16c753b..ee8a500 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ AC_PREREQ([2.60])
# This is the package version number, not the shared library
# version. This version number will be substituted into Xcursor.h
#
-AC_INIT([libXcursor], [1.1.13],
+AC_INIT([libXcursor], [1.1.14],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg],[libXcursor])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h include/X11/Xcursor/Xcursor.h])
commit 8f677eaea05290531d007d1fec2768119926088d
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri Apr 12 21:17:28 2013 -0700
signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
When parsing cursor files, a user defined (e.g. through environment
variables) cursor file is opened and parsed.
The header is read in _XcursorReadFileHeader(), which reads an unsigned
int for the number of toc structures in the header, but it was being
passed to _XcursorFileHeaderCreate() as a signed int to allocate those
structures. If the number was negative, it would pass the bounds check
and could overflow the calculation for how much memory to allocate to
store the data being read, leading to overflowing the buffer with the
data read from the user controlled file.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/file.c b/src/file.c
index efe6d4b..ce9de78 100644
--- a/src/file.c
+++ b/src/file.c
@@ -205,7 +205,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
}
static XcursorFileHeader *
-_XcursorFileHeaderCreate (int ntoc)
+_XcursorFileHeaderCreate (XcursorUInt ntoc)
{
XcursorFileHeader *fileHeader;
commit 1b98fd6a2e8c00a563187849a585e68c7344468b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Tue Jan 15 18:51:39 2013 -0800
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
- Support for the long-deprecated INCLUDES variable will be removed
altogether in Automake 1.14. The AM_CPPFLAGS variable should be
used instead.
This variable was deprecated in Automake releases prior to 1.10, which is
the current minimum level required to build X.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Makefile.am b/src/Makefile.am
index a44dcb3..a6bee09 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,7 +12,7 @@ AM_CFLAGS = \
-DICONDIR=\"$(ICONDIR)\" \
-DXCURSORPATH=\"$(XCURSORPATH)\"
-INCLUDES = -I$(top_srcdir)/include/X11/Xcursor
+AM_CPPFLAGS = -I$(top_srcdir)/include/X11/Xcursor
#
# Shared library version info. This is not the same as the package version
Reply to: