libxcursor: Changes to 'debian-unstable'
.gitignore | 79
ChangeLog | 110
INSTALL | 370
Makefile.in | 921 +
aclocal.m4 |11671 ++++++++++++++++++++++++
config.guess | 1544 +++
config.h.in | 83
config.sub | 1788 +++
configure |20253 ++++++++++++++++++++++++++++++++++++++++++
configure.ac | 7
debian/changelog | 17
debian/control | 2
depcomp | 790 +
include/X11/Xcursor/Xcursor.h | 500 +
install-sh | 527 +
ltmain.sh | 9655 ++++++++++++++++++++
man/Makefile.in | 552 +
missing | 215
src/Makefile.in | 707 +
src/cursor.c | 4
src/display.c | 16
src/file.c | 15
src/library.c | 4
23 files changed, 49727 insertions(+), 103 deletions(-)
New commits:
commit 8bd1cf6dc8fbe7fcbfcf6f71223ea42031a8c1f5
Author: Drew Parsons <dparsons@debian.org>
Date: Tue Dec 19 22:12:08 2017 +0800
upload 1:1.1.15-1 to unstable
diff --git a/debian/changelog b/debian/changelog
index 85e2eb8..7d9c191 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-libxcursor (1:1.1.15-1) UNRELEASED; urgency=medium
+libxcursor (1:1.1.15-1) unstable; urgency=medium
* Team upload.
* New upstream version
- contains patch for CVE-2017-16612
* Standards-Version: 4.1.2
- -- Drew Parsons <dparsons@debian.org> Tue, 19 Dec 2017 22:09:25 +0800
+ -- Drew Parsons <dparsons@debian.org> Tue, 19 Dec 2017 22:11:50 +0800
libxcursor (1:1.1.14-3.1) unstable; urgency=medium
commit 874a3ddb68461154834e0f25e176e5bd9b208a6e
Author: Drew Parsons <dparsons@debian.org>
Date: Tue Dec 19 22:11:42 2017 +0800
Standards-Version: 4.1.2
diff --git a/debian/changelog b/debian/changelog
index a911b39..85e2eb8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxcursor (1:1.1.15-1) UNRELEASED; urgency=medium
* Team upload.
* New upstream version
- contains patch for CVE-2017-16612
+ * Standards-Version: 4.1.2
-- Drew Parsons <dparsons@debian.org> Tue, 19 Dec 2017 22:09:25 +0800
diff --git a/debian/control b/debian/control
index aa0de7a..971ba43 100644
--- a/debian/control
+++ b/debian/control
@@ -16,7 +16,7 @@ Build-Depends:
automake,
libtool,
xutils-dev (>= 1:7.5+4),
-Standards-Version: 4.1.0
+Standards-Version: 4.1.2
Homepage: https://www.x.org
Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxcursor
Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxcursor.git
commit 70c587cb22ed129babe687407841654248e2be00
Author: Drew Parsons <dparsons@debian.org>
Date: Tue Dec 19 22:10:23 2017 +0800
new upstream version, drop debian patch for CVE-2017-16612
Heap overflow patch already applied in 1.1.15.
diff --git a/debian/changelog b/debian/changelog
index 34aba58..a911b39 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libxcursor (1:1.1.15-1) UNRELEASED; urgency=medium
+
+ * Team upload.
+ * New upstream version
+ - contains patch for CVE-2017-16612
+
+ -- Drew Parsons <dparsons@debian.org> Tue, 19 Dec 2017 22:09:25 +0800
+
libxcursor (1:1.1.14-3.1) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/patches/Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch b/debian/patches/Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch
deleted file mode 100644
index 4c5d1b4..0000000
--- a/debian/patches/Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sat, 21 Oct 2017 23:47:52 +0200
-Subject: Fix heap overflows when parsing malicious files. (CVE-2017-16612)
-Origin: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit?id=4794b5dd34688158fb51a2943032569d3780c4b8
-Bug-Debian: https://bugs.debian.org/883792
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16612
-
-It is possible to trigger heap overflows due to an integer overflow
-while parsing images and a signedness issue while parsing comments.
-
-The integer overflow occurs because the chosen limit 0x10000 for
-dimensions is too large for 32 bit systems, because each pixel takes
-4 bytes. Properly chosen values allow an overflow which in turn will
-lead to less allocated memory than needed for subsequent reads.
-
-The signedness bug is triggered by reading the length of a comment
-as unsigned int, but casting it to int when calling the function
-XcursorCommentCreate. Turning length into a negative value allows the
-check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
-addition of sizeof (XcursorComment) + 1 makes it possible to allocate
-less memory than needed for subsequent reads.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/file.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/src/file.c b/src/file.c
-index 43163c2..da16277 100644
---- a/src/file.c
-+++ b/src/file.c
-@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height)
- {
- XcursorImage *image;
-
-+ if (width < 0 || height < 0)
-+ return NULL;
-+ if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
-+ return NULL;
-+
- image = malloc (sizeof (XcursorImage) +
- width * height * sizeof (XcursorPixel));
- if (!image)
-@@ -101,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length)
- {
- XcursorComment *comment;
-
-- if (length > XCURSOR_COMMENT_MAX_LEN)
-+ if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN)
- return NULL;
-
- comment = malloc (sizeof (XcursorComment) + length + 1);
-@@ -448,7 +453,8 @@ _XcursorReadImage (XcursorFile *file,
- if (!_XcursorReadUInt (file, &head.delay))
- return NULL;
- /* sanity check data */
-- if (head.width >= 0x10000 || head.height > 0x10000)
-+ if (head.width > XCURSOR_IMAGE_MAX_SIZE ||
-+ head.height > XCURSOR_IMAGE_MAX_SIZE)
- return NULL;
- if (head.width == 0 || head.height == 0)
- return NULL;
-@@ -457,6 +463,8 @@ _XcursorReadImage (XcursorFile *file,
-
- /* Create the image and initialize it */
- image = XcursorImageCreate (head.width, head.height);
-+ if (image == NULL)
-+ return NULL;
- if (chunkHeader.version < image->version)
- image->version = chunkHeader.version;
- image->size = chunkHeader.subtype;
---
-2.15.1
-
diff --git a/debian/patches/series b/debian/patches/series
index fef3ba0..a45425d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
autogen.sh-install
-Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch
commit 3a1742c3e6bd0b47f3ad78f792f7e6f83963c1a5
Author: Drew Parsons <dparsons@debian.org>
Date: Tue Dec 19 22:07:16 2017 +0800
update generated files from tarball
Only substantive files updated, not automake auxiliaries.
diff --git a/ChangeLog b/ChangeLog
index 9f8623b..25ac4d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,113 @@
+commit 4828abe494df8fb4aa00dcaa22a03446ba418d01
+Author: Matthieu Herrb <matthieu@herrb.eu>
+Date: Sat Nov 25 11:59:31 2017 +0100
+
+ libXcursor 1.1.15
+
+ Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 4794b5dd34688158fb51a2943032569d3780c4b8
+Author: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sat Oct 21 23:47:52 2017 +0200
+
+ Fix heap overflows when parsing malicious files. (CVE-2017-16612)
+
+ It is possible to trigger heap overflows due to an integer overflow
+ while parsing images and a signedness issue while parsing comments.
+
+ The integer overflow occurs because the chosen limit 0x10000 for
+ dimensions is too large for 32 bit systems, because each pixel takes
+ 4 bytes. Properly chosen values allow an overflow which in turn will
+ lead to less allocated memory than needed for subsequent reads.
+
+ The signedness bug is triggered by reading the length of a comment
+ as unsigned int, but casting it to int when calling the function
+ XcursorCommentCreate. Turning length into a negative value allows the
+ check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
+ addition of sizeof (XcursorComment) + 1 makes it possible to allocate
+ less memory than needed for subsequent reads.
+
+ Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+ Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 75b10c972d15c036a692ef4590a81a6c54d384f6
+Author: Mihail Konev <k.mvc@ya.ru>
+Date: Thu Jan 26 13:52:49 2017 +1000
+
+ autogen: add default patch prefix
+
+ Signed-off-by: Mihail Konev <k.mvc@ya.ru>
+
+commit 721901fec3d829426d7c8df82a14beb11905c7a8
+Author: Emil Velikov <emil.l.velikov@gmail.com>
+Date: Mon Mar 9 12:00:52 2015 +0000
+
+ autogen.sh: use quoted string variables
+
+ Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
+ fall-outs, when they contain space.
+
+ Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
+ Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+ Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+commit 860bda4cb1f126f42cfc255c958aa3c7be17f3c6
+Author: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue Jan 24 10:32:07 2017 +1000
+
+ autogen.sh: use exec instead of waiting for configure to finish
+
+ Syncs the invocation of configure with the one from the server.
+
+ Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+ Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
+
+commit 897213f36baf6926daf6d192c709cf627aa5fd05
+Author: shubham shrivastav <shubham.sh@samsung.com>
+Date: Fri Jun 5 13:36:22 2015 -0700
+
+ Insufficient memory for terminating null of string in _XcursorThemeInherits
+
+ Fix does one byte of memory allocation for null termination of string.
+ https://bugs.freedesktop.org/show_bug.cgi?id=90857
+
+ Reviewed-by: Keith Packard <keithp@keithp.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit edf52212a09bd80b52dc9932b5ca19e20dfcaa2b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat Oct 18 10:52:49 2014 -0700
+
+ Fix some clang integer sign/size mismatch warnings
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit bbf3c582c97af3abfaf81e3ca63646d59fe6e28a
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat Oct 18 10:24:13 2014 -0700
+
+ Use strdup() instead of malloc(strlen())+strcpy()
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 2e6bda49d062d5064efe66a066558f7d1eec7e78
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat May 31 21:39:32 2014 -0700
+
+ autogen.sh: Honor NOCONFIGURE=1
+
+ See http://people.gnome.org/~walters/docs/build-api.txt
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit b1df53701f40959ac66c26ca2e5263bb521d0ebb
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat May 31 21:38:41 2014 -0700
+
+ configure: Drop AM_MAINTAINER_MODE
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
commit f92f118047ee8cea7dbbc734d476225f033ba0b7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed May 29 23:22:29 2013 -0700
diff --git a/INSTALL b/INSTALL
index 8b82ade..a1e89e1 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,11 +1,13 @@
Installation Instructions
*************************
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
-2006, 2007, 2008 Free Software Foundation, Inc.
+Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation,
+Inc.
- This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
Basic Installation
==================
@@ -13,7 +15,11 @@ Basic Installation
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.
+instructions specific to this package. Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
@@ -42,7 +48,7 @@ may remove or edit it.
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
-The simplest way to compile this package is:
+ The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
@@ -53,12 +59,22 @@ The simplest way to compile this package is:
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
- the package.
+ the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
- documentation.
-
- 5. You can remove the program binaries and object files from the
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the `make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior `make install' required
+ root privileges, verifies that the installation completed
+ correctly.
+
+ 6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
@@ -67,8 +83,15 @@ The simplest way to compile this package is:
all sorts of other programs in order to regenerate files that came
with the distribution.
- 6. Often, you can also type `make uninstall' to remove the installed
- files again.
+ 7. Often, you can also type `make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide `make
+ distcheck', which can by used by developers to test that all other
+ targets like `make install' and `make uninstall' work correctly.
+ This target is generally not run by end users.
Compilers and Options
=====================
@@ -93,7 +116,8 @@ same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
+source code in the directory that `configure' is in and in `..'. This
+is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
@@ -120,7 +144,8 @@ Installation Names
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX'.
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
@@ -131,15 +156,46 @@ Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
+you can set and what kinds of files go in them. In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'. Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated. The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the `DESTDIR' variable. For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names. The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-Optional Features
-=================
-
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
@@ -152,6 +208,13 @@ find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
+ Some packages offer the ability to configure how verbose the
+execution of `make' will be. For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
Particular systems
==================
@@ -159,10 +222,15 @@ Particular systems
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
- ./configure CC="cc -Ae"
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+ HP-UX `make' updates targets which have the same time stamps as
+their prerequisites, which makes it generally unusable when shipped
+generated files such as `configure' are involved. Use GNU `make'
+instead.
+
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
@@ -174,6 +242,16 @@ and if that doesn't work, try
./configure CC="cc -nodtk"
+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+ On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
Specifying the System Type
==========================
@@ -189,7 +267,8 @@ type, such as `sun4', or a canonical name which has the form:
where SYSTEM can have one of these forms:
- OS KERNEL-OS
+ OS
+ KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
@@ -277,7 +356,7 @@ operates.
`configure' can determine that directory automatically.
`--prefix=DIR'
- Use DIR as the installation prefix. *Note Installation Names::
+ Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
diff --git a/include/X11/Xcursor/Xcursor.h b/include/X11/Xcursor/Xcursor.h
index f3bc43d..5ccbce1 100644
--- a/include/X11/Xcursor/Xcursor.h
+++ b/include/X11/Xcursor/Xcursor.h
@@ -76,7 +76,7 @@ typedef XcursorUInt XcursorPixel;
#define XCURSOR_LIB_MAJOR 1
#define XCURSOR_LIB_MINOR 1
-#define XCURSOR_LIB_REVISION 14
+#define XCURSOR_LIB_REVISION 15
#define XCURSOR_LIB_VERSION ((XCURSOR_LIB_MAJOR * 10000) + \
(XCURSOR_LIB_MINOR * 100) + \
(XCURSOR_LIB_REVISION))
commit 26d596e5696f8c3626714643d364645ae73f7e4b
Author: Drew Parsons <dparsons@debian.org>
Date: Tue Dec 19 21:43:58 2017 +0800
delete autogen.sh
Present in upstream git but not in tarball.
autogen.sh is relegated to a debian patch in order to align the
upstream code in the debian branch with the tarball.
diff --git a/autogen.sh b/autogen.sh
deleted file mode 100755
index 995ec58..0000000
--- a/autogen.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#! /bin/sh
-
-srcdir=`dirname "$0"`
-test -z "$srcdir" && srcdir=.
-
-ORIGDIR=`pwd`
-cd "$srcdir"
-
-autoreconf -v --install || exit 1
-cd "$ORIGDIR" || exit $?
-
-git config --local --get format.subjectPrefix >/dev/null 2>&1 ||
- git config --local format.subjectPrefix "PATCH libXcursor"
-
-if test -z "$NOCONFIGURE"; then
- exec "$srcdir"/configure "$@"
-fi
commit dc4c73d198f880b9e86c01794f22a4cbef85e1f8
Author: Drew Parsons <dparsons@debian.org>
Date: Tue Dec 19 21:24:12 2017 +0800
Import Upstream version 1.1.14
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 6d8cab1..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,79 +0,0 @@
-#
-# X.Org module default exclusion patterns
-# The next section if for module specific patterns
-#
-# Do not edit the following section
-# GNU Build System (Autotools)
-aclocal.m4
-autom4te.cache/
-autoscan.log
-ChangeLog
-compile
-config.guess
-config.h
-config.h.in
-config.log
-config-ml.in
-config.py
-config.status
-config.status.lineno
-config.sub
-configure
-configure.scan
-depcomp
-.deps/
-INSTALL
-install-sh
-.libs/
-libtool
-libtool.m4
-ltmain.sh
-lt~obsolete.m4
-ltoptions.m4
-ltsugar.m4
-ltversion.m4
-Makefile
-Makefile.in
-mdate-sh
-missing
-mkinstalldirs
-*.pc
-py-compile
-stamp-h?
-symlink-tree
-texinfo.tex
-ylwrap
-
-# Do not edit the following section
-# Edit Compile Debug Document Distribute
-*~
-*.[0-9]
-*.[0-9]x
-*.bak
-*.bin
-core
-*.dll
-*.exe
-*-ISO*.bdf
-*-JIS*.bdf
-*-KOI8*.bdf
-*.kld
-*.ko
-*.ko.cmd
-*.lai
-*.l[oa]
-*.[oa]
-*.obj
-*.patch
-*.so
-*.pcf.gz
-*.pdb
-*.tar.bz2
-*.tar.gz
-#
-# Add & Override patterns for libXcursor
-#
-# Edit the following section as needed
-# For example, !report.pc overrides *.pc. See 'man gitignore'
-#
-include/X11/Xcursor/Xcursor.h
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..9f8623b
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,846 @@
+commit f92f118047ee8cea7dbbc734d476225f033ba0b7
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed May 29 23:22:29 2013 -0700
+
+ libXcursor 1.1.14
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 8f677eaea05290531d007d1fec2768119926088d
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Apr 12 21:17:28 2013 -0700
+
+ signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
+
+ When parsing cursor files, a user defined (e.g. through environment
+ variables) cursor file is opened and parsed.
+
+ The header is read in _XcursorReadFileHeader(), which reads an unsigned
+ int for the number of toc structures in the header, but it was being
+ passed to _XcursorFileHeaderCreate() as a signed int to allocate those
+ structures. If the number was negative, it would pass the bounds check
+ and could overflow the calculation for how much memory to allocate to
+ store the data being read, leading to overflowing the buffer with the
+ data read from the user controlled file.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 1b98fd6a2e8c00a563187849a585e68c7344468b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Tue Jan 15 18:51:39 2013 -0800
+
+ Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
+
+ Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
+
+ - Support for the long-deprecated INCLUDES variable will be removed
+ altogether in Automake 1.14. The AM_CPPFLAGS variable should be
+ used instead.
+
+ This variable was deprecated in Automake releases prior to 1.10, which is
+ the current minimum level required to build X.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 2a9eaf3305d1577ad763d56dddd46e10f8d0676b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed Mar 7 18:54:15 2012 -0800
+
+ libXcursor 1.1.13
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 8229cf75b34c2991eaf973f05326be9bfa16ef0c
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu Nov 24 13:10:15 2011 -0800
+
+ XcursorImageLoadCursor: return failure if _XcursorGetDisplayInfo fails
+
+ Error: Null pointer dereference (CWE 476)
+ Read from null pointer 'info'
+ at line 615 of src/cursor.c in function 'XcursorImageLoadCursor'.
+ Function '_XcursorGetDisplayInfo' may return constant 'NULL' at line 134, called at line 597.
+ Null pointer introduced at line 134 of src/display.c in function '_XcursorGetDisplayInfo'.
+
+ [ This bug was found by the Parfait 0.3.7 bug checking tool.
+ For more information see http://labs.oracle.com/projects/parfait/ ]
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
+
+commit 2b8d373bddf427bcd95e2595cb64740ebd1d0d30
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu Nov 24 12:59:56 2011 -0800
+
+ XcursorFileSaveImages: plug memory leak on invalid input
+
+ Error: Memory leak (CWE 401)
+ Memory leak of pointer 'comments' allocated with XcursorCommentsCreate(0)
+ at line 982 of src/file.c in function 'XcursorFileSaveImages'.
+ 'comments' allocated at line 978 with XcursorCommentsCreate(0).
+ comments leaks when comments != 0 at line 981.
+
+ [ This bug was found by the Parfait 0.3.7 bug checking tool.
+ For more information see http://labs.oracle.com/projects/parfait/ ]
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
+
+commit bcfb8e8ce56cf47bc6a61bd8c896bafba9e2a9c2
+Author: Jon TURNEY <jon.turney@dronecode.org.uk>
+Date: Thu Sep 22 14:43:38 2011 +0100
+
+ Add generated Xcursor.h to .gitignore
+
+ Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
+ Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
+ Tested-by: Gaetan Nadon <memsize@videotron.ca>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 862b9ce4aa819bf87b6e24db9d7d5867cbaa577c
+Author: Jon TURNEY <jon.turney@dronecode.org.uk>
+Date: Wed Sep 21 20:50:46 2011 +0100
+
+ Fix install of generated Xcursor.h when builddir != srcdir
+
+ Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
+ Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
+ Tested-by: Gaetan Nadon <memsize@videotron.ca>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 334dc4f4df69d780f312f23b860df11bee5e9009
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Sep 16 21:41:41 2011 -0700
+
+ Set Xcursor.h version numbers from configure.ac
+
+ Based on similar commit dac73a519816 to libXft
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit e086eb1bf49f2a8c270eaebd5beb595c1dc2973e
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Sep 16 21:26:17 2011 -0700
+
+ Strip trailing whitespace
+
+ Performed with: find * -type f | xargs perl -i -p -e 's{\s+$}{\n}'
+ git diff -w & git diff -b show no diffs from this change
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit d79ddc01e4b247ae95af3581b93aef2b93e76888
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed Jun 29 21:41:09 2011 -0700
+
+ libXcursor 1.1.12
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 4ce23fcd978ed389ea30315c0e02629a31bda265
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sun May 22 12:55:31 2011 -0700
+
+ Mark bitmasks as unsigned ints
+
+ Clears Sun compiler warnings from shifting 8 bits by 24 bits:
+ "cursor.c", line 215: warning: integer overflow detected: op "<<"
+ "cursor.c", line 280: warning: integer overflow detected: op "<<"
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 047993c76a677ca12a2b575990b99e3ddbc0dd58
+Author: Jeremy Huddleston <jeremyhu@apple.com>
+Date: Sat May 7 10:16:18 2011 -0700
+
+ Correct error handling in _XcursorAverageColor
+
+ Previously it would either div-zero or get stuck in a loop until int overflow
+ if called with a bad value.
+
+ cursor.c:214:32: warning: Division by zero
+ return (0xff << 24) | ((red/npixels) << 16) | ((green/npixels) << 8) | (blue/npixels);
+
+ Found-by: clang static analyzer
+ Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
+
+commit bee68e54e5c3a4b9f46c81366a720531e3e07a82
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri Apr 1 12:16:23 2011 +0100
+
+ Free the FontInfo structure after loading the cursor from it.
+
+ References: https://bugs.freedesktop.org/show_bug.cgi?id=2731
+ Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+
+commit f49e7e1608f2dac140f60bcae21d5c37f79fc41b
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri Apr 1 12:15:46 2011 +0100
+
+ Free the partial header after failing to open the cursor.
+
+ Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+
+commit 073eb2c56f4794275eee40a825dbfe1232bb2690
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri Apr 1 12:14:51 2011 +0100
+
+ Free list on shutdown.
+
+ We freed the parent structure without freeing the list contained within,
+ making valgrind unhappy.
+
+ Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+
+commit de50317ec4e0e8da7de84e85d1f7a6d2e184d58b
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Wed Feb 2 17:08:19 2011 -0500
+
+ config: perform XCURSORPATH formatting in man/Makefile.am
+
+ We can skip the extra step of using XCURSORPATH_LIST in configure.ac.
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit a929c3621b9da8e56ce1223afd3e487fc488fa47
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Wed Feb 2 11:43:41 2011 -0500
+
+ config: comment, minor upgrade, quote and layout configure.ac
+
+ Group statements per section as per Autoconf standard layout
+ Quote statements where appropriate.
+ Autoconf recommends not using dnl instead of # for comments
+
+ Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters.
+
+ This helps automated maintenance and release activities.
+ Details can be found in http://wiki.x.org/wiki/NewModuleGuidelines
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 96c5877fd7ebc59569f140d9e2cb30fdb8371ef1
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Fri Jan 28 19:41:37 2011 -0500
+
+ config: replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 4f7a749fcb7a8e93d40a7621fa1c159e003b2f5c
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Fri Jan 28 16:07:07 2011 -0500
+
+ config: replace deprecated AC_HELP_STRING with AS_HELP_STRING
+
+ This silences an Automake warning.
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit c38adc6bf116146fa1e291b9f4deed45497e5c2e
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Thu Jan 27 18:50:14 2011 -0500
+
+ config: remove AC_PROG_CC as it overrides AC_PROG_C_C99
+
+ XORG_STRICT_OPTION from XORG_DEFAULT_OPTIONS calls
+ AC_PROG_C_C99. This sets gcc with -std=gnu99.
+ If AC_PROG_CC macro is called afterwards, it resets CC to gcc.
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 731e84d79e83b59d022d0f453b245696b4d2750f
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed Oct 27 22:48:19 2010 -0700
+
+ libXcursor 1.1.11
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 42b7717c32b3c7097180667a9ba2f62e40fc6506
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Mon Aug 16 19:28:57 2010 -0400
+
+ man: whitespace management
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 862bc06d58152e74e85fc29db7eaec06af20e00b
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Mon Aug 16 19:25:25 2010 -0400
+
+ man: reorder makefile statements
+
+ No functional change. Shadows are part of libman_PRE.
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit b18568dd5b5a11ae49cad66a54ec50465c6ffa77
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Mon Aug 16 19:17:21 2010 -0400
+
+ man: store shadow man pages in git rather than generating them
+
+ Simplify the build process and the makefile.
+
+ Local fix in CVS for bug 5628 is not required
+ as the problem has been fixed in
+ util-macros d9062e4077ebfd0985baf8418f3d0f111b9ddbba
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
+
+commit 68d830bcf67632b474c8996b6a2c9bcde8e27f97
+Author: Gaetan Nadon <memsize@videotron.ca>
+Date: Mon Aug 16 19:05:35 2010 -0400
+
+ config: upgrade to util-macros 1.8 for additional man page support
+
+ Use MAN_SUBST now supplied in XORG_MANPAGE_SECTIONS
+ The value of MAN_SUBST is the same for all X.Org packages.
+
+ Use AC_PROG_SED now supplied by XORG_DEFAULT_OPTIONS
+
+ Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Reply to: