Hello community, here is the log from the commit of package libXext.1714 for openSUSE:12.2:Update checked in at 2013-06-14 16:50:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/libXext.1714 (Old) and /work/SRC/openSUSE:12.2:Update/.libXext.1714.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libXext.1714" Changes: -------- New Changes file: --- /dev/null 2013-06-12 16:57:03.272031756 +0200 +++ /work/SRC/openSUSE:12.2:Update/.libXext.1714.new/libXext.changes 2013-06-14 16:50:42.000000000 +0200 @@ -0,0 +1,168 @@ +------------------------------------------------------------------- +Wed May 29 13:46:41 UTC 2013 - sndirsch@suse.com + +- U_0001-integer-overflow-in-XcupGetReservedColormapEntries-C.patch, + U_0002-integer-overflow-in-XcupStoreColors-CVE-2013-1982-2-.patch, + U_0003-several-integer-overflows-in-XdbeGetVisualInfo-CVE-2.patch, + U_0004-integer-overflow-in-XeviGetVisualInfo-CVE-2013-1982-.patch, + U_0005-integer-overflow-in-XShapeGetRectangles-CVE-2013-198.patch, + U_0006-integer-overflow-in-XSyncListSystemCounters-CVE-2013.patch, + * integer overflow(s) in XcupGetReservedColormapEntries(), + XcupStoreColors(), XdbeGetVisualInfo(), XeviGetVisualInfo(), + XShapeGetRectangles(), XSyncListSystemCounters() [CVE-2013-1982] + (bnc#821665, bnc#815451) + +------------------------------------------------------------------- +Thu Apr 12 07:26:16 UTC 2012 - vuntz@opensuse.org + +- Update to version 1.3.1: + + Fixes for compiler warnings + + Improvements to formattings for all the included extension API + specs + + Improvements to the documentation +- Changes from version 1.3.0: + + New API functions to support the Fence Sync Objects added in + Sync extension version 3.1 + + Redefine the return values of several MIT-SHM API calls from + Status (#define Status int) to Bool (typedef int Bool) to + clarify the expected interpretation of the return values + + Fix build issues + + Documentation improvements + + Build system improvements + +------------------------------------------------------------------- +Sat Feb 11 18:46:20 UTC 2012 - jengelh@medozas.de + +- Rename xorg-x11-libXext to libXext and utilize shlib policy + +------------------------------------------------------------------- +Sat Feb 4 23:27:46 UTC 2012 - jengelh@medozas.de + +- Remove apparently unused (Build)Requires on Xdmcp, xtrans +- Remove redundant tags/sections like %clean + (see specfile guidelines) +- Parallel build with %_smp_mflags + +------------------------------------------------------------------- +Tue Dec 21 02:44:31 UTC 2010 - sndirsch@novell.com + +- bumped version number to 7.6_1.2.0 + +------------------------------------------------------------------- +Thu Oct 28 14:07:53 UTC 2010 - sndirsch@novell.com + +- libXext 1.2.0 + * This release of the catchall library for the X11 extensions + without their own libraries adds documentation for many more + of the extension API's, in the form of the documents formerly + delivered in xorg-docs, now moved here and translated from a + variety of formats to DocBook/XML. + +------------------------------------------------------------------- +Sat Sep 4 18:16:50 UTC 2010 - sndirsch@novell.com + +- update to release 1.1.2 +- bumped version number to 7.5_1.1.2 +- make use of %fdupes macro +- fixed Summary/Group entries in -devel package + +------------------------------------------------------------------- +Fri Apr 2 18:02:19 CEST 2010 - sndirsch@suse.de + +- bumped version number to 7.5 + +------------------------------------------------------------------- +Thu Jan 14 15:54:18 CET 2010 - ro@suse.de + +- update to 1.1.1 (needed for xserver 1.7) + +------------------------------------------------------------------- +Fri Jan 1 06:52:42 CET 2010 - sndirsch@suse.de + +- libXext-commit-8a91fc6.diff: + * Silence "Generic Event Extension missing on display" warning + (bnc #567828) + +------------------------------------------------------------------- +Mon Dec 14 18:22:59 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Fri May 1 19:31:49 CEST 2009 - eich@suse.de + +- revert static library and .la file removal + for SUSE versions <= 11.1. + +------------------------------------------------------------------- +Tue Apr 21 20:24:35 CEST 2009 - crrodriguez@suse.de + +- remove static libraries and "la" files + +------------------------------------------------------------------- +Sun Mar 1 20:55:57 CET 2009 - sndirsch@suse.de + +- libXext 1.0.5 + +------------------------------------------------------------------- +Thu Sep 11 14:21:29 CEST 2008 - sndirsch@suse.de + +- bumped release number to 7.4 + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Feb 29 15:18:17 CET 2008 - sndirsch@suse.de + +- libXext 1.0.4 + * Coverity #467: security_error_list has fewer than + XSecurityNumberErrors + +------------------------------------------------------------------- +Wed Dec 26 08:25:18 CET 2007 - crrodriguez@suse.de + +- fix library-without-ldconfig-postun warning + +------------------------------------------------------------------- +Sat Sep 29 12:22:53 CEST 2007 - sndirsch@suse.de + +- bumped version to 7.3 + +------------------------------------------------------------------- +Fri Jan 26 07:13:18 CET 2007 - sndirsch@suse.de + +- updated to release 1.0.3 + * Add XShm.man and aliases to Makefile.am + * Man page spelling/typo fixes + * Replace static ChangeLog with dist-hook to generate from git log + * Sun bug 4985712: man pages needed for MIT-SHM extension functions + +------------------------------------------------------------------- +Sat Oct 14 06:08:23 CEST 2006 - sndirsch@suse.de + +- updated to X.Org 7.2RC1 + +------------------------------------------------------------------- +Wed Aug 2 16:12:11 CEST 2006 - sndirsch@suse.de + +- fix setup line + +------------------------------------------------------------------- +Fri Jul 28 14:44:28 CEST 2006 - sndirsch@suse.de + +- use "-fno-strict-aliasing" + +------------------------------------------------------------------- +Thu Jul 27 11:42:46 CEST 2006 - sndirsch@suse.de + +- use $RPM_OPT_FLAGS + +------------------------------------------------------------------- +Thu Jun 22 20:40:51 CEST 2006 - sndirsch@suse.de + +- created package + New: ---- U_0001-integer-overflow-in-XcupGetReservedColormapEntries-C.patch U_0002-integer-overflow-in-XcupStoreColors-CVE-2013-1982-2-.patch U_0003-several-integer-overflows-in-XdbeGetVisualInfo-CVE-2.patch U_0004-integer-overflow-in-XeviGetVisualInfo-CVE-2013-1982-.patch U_0005-integer-overflow-in-XShapeGetRectangles-CVE-2013-198.patch U_0006-integer-overflow-in-XSyncListSystemCounters-CVE-2013.patch baselibs.conf libXext-1.3.1.tar.bz2 libXext.changes libXext.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXext.spec ++++++ # # spec file for package libXext # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libXext %define lname libXext6 Version: 1.3.1 Release: 0 Summary: Common extensions to the X11 protocol License: MIT Group: Development/Libraries/C and C++ Url: http://xorg.freedesktop.org/ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXext #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXext/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 Patch0: U_0001-integer-overflow-in-XcupGetReservedColormapEntries-C.patch Patch1: U_0002-integer-overflow-in-XcupStoreColors-CVE-2013-1982-2-.patch Patch2: U_0003-several-integer-overflows-in-XdbeGetVisualInfo-CVE-2.patch Patch3: U_0004-integer-overflow-in-XeviGetVisualInfo-CVE-2013-1982-.patch Patch4: U_0005-integer-overflow-in-XShapeGetRectangles-CVE-2013-198.patch Patch5: U_0006-integer-overflow-in-XSyncListSystemCounters-CVE-2013.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake, libtool BuildRequires: fdupes BuildRequires: pkgconfig BuildRequires: pkgconfig(x11) >= 1.1.99.1 BuildRequires: pkgconfig(xextproto) >= 7.1.99 BuildRequires: pkgconfig(xorg-macros) >= 1.12 BuildRequires: pkgconfig(xproto) >= 7.0.13 %description The Xext library contains a handful of X11 extensions: - Double Buffer extension (DBE/Xdbe) - Display Power Management Signaling (DPMS) extension - X11 Nonrectangular Window Shape extension (Xshape) - The MIT Shared Memory extension (MIT-SHM/Xshm) - TOG-CUP (colormap utilization policy) protocol extension (Xcup) - X Extended Visual Information extension (XEvi) - X11 Double-Buffering, Multi-Buffering, and Stereo extension (Xmbuf) %package -n %lname Summary: Common extensions to the X11 protocol Group: System/Libraries # O/P added for 12.2 Provides: xorg-x11-libXext = 7.6_%version-%release Obsoletes: xorg-x11-libXext < 7.6_%version-%release %description -n %lname The Xext library contains a handful of X11 extensions: - Double Buffer extension (DBE/Xdbe) - Display Power Management Signaling (DPMS) extension - X11 Nonrectangular Window Shape extension (Xshape) - The MIT Shared Memory extension (MIT-SHM/Xshm) - TOG-CUP (colormap) protocol extension (Xcup) - X Extended Visual Information extension (XEvi) - X11 Double-Buffering, Multi-Buffering, and Stereo extension (Xmbuf) %package devel Summary: Development files for the X11 Common Extensions library Group: Development/Libraries/C and C++ Requires: %lname = %version # O/P added for 12.2 Provides: xorg-x11-libXext-devel = 7.6_%version-%release Obsoletes: xorg-x11-libXext-devel < 7.6_%version-%release %description devel The Xext library contains a handful of X11 extensions: - Double Buffer extension (DBE/Xdbe) - Display Power Management Signaling (DPMS) extension - X11 Nonrectangular Window Shape extension (Xshape) - The MIT Shared Memory extension (MIT-SHM/Xshm) - TOG-CUP (colormap) protocol extension (Xcup) - X Extended Visual Information extension (XEvi) - X11 Double-Buffering, Multi-Buffering, and Stereo extension (Xmbuf) This package contains the development headers for the library found in %lname. %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build %configure --docdir=%_docdir/%name --disable-static make %{?_smp_mflags} %install %makeinstall rm -f "%buildroot/%_libdir"/*.la %fdupes %buildroot %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files -n %lname %defattr(-,root,root) %_libdir/libXext.so.6* %files devel %defattr(-,root,root) %_includedir/X11/* %_libdir/libXext.so %_libdir/pkgconfig/xext.pc %_mandir/man3/* %_docdir/%name %changelog ++++++ U_0001-integer-overflow-in-XcupGetReservedColormapEntries-C.patch ++++++
From d05f27a6f74cb419ad5a437f2e4690b17e7faee5 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith
Date: Sat, 9 Mar 2013 14:40:33 -0800 Subject: [PATCH] integer overflow in XcupGetReservedColormapEntries() [CVE-2013-1982 1/6]
If the computed number of entries is large enough that it overflows when
multiplied by the size of a xColorItem struct, or is treated as negative
when compared to the size of the stack allocated buffer, then memory
corruption can occur when more bytes are read from the X server than the
size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel
From 082d70b19848059ba78c9d1c315114fb07e8c0ef Mon Sep 17 00:00:00 2001 From: Alan Coopersmith
Date: Sat, 9 Mar 2013 14:40:33 -0800 Subject: [PATCH] integer overflow in XcupStoreColors() [CVE-2013-1982 2/6]
If the computed number of entries is large enough that it overflows when
multiplied by the size of a xColorItem struct, or is treated as negative
when compared to the size of the stack allocated buffer, then memory
corruption can occur when more bytes are read from the X server than the
size of the buffer we allocated to hold them.
The requirement to match the number of colors specified by the caller makes
this much harder to hit than the one in XcupGetReservedColormapEntries()
Reported-by: Ilja Van Sprundel
From 96d1da55a08c4cd52b763cb07bdce5cdcbec4da8 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith
Date: Sat, 9 Mar 2013 14:40:33 -0800 Subject: [PATCH] several integer overflows in XdbeGetVisualInfo() [CVE-2013-1982 3/6]
If the number of screens or visuals reported by the server is large enough
that it overflows when multiplied by the size of the appropriate struct,
then memory corruption can occur when more bytes are read from the X server
than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel
From 67ecdcf7e29de9fa78b421122620525ed2c7db88 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith
Date: Sat, 9 Mar 2013 14:40:33 -0800 Subject: [PATCH] integer overflow in XeviGetVisualInfo() [CVE-2013-1982 4/6]
If the number of visuals or conflicts reported by the server is large
enough that it overflows when multiplied by the size of the appropriate
struct, then memory corruption can occur when more bytes are read from
the X server than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel
From 6ecd96e8be3c33e2ffad6631cea4aa0a030d93c2 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith
Date: Sat, 9 Mar 2013 14:40:33 -0800 Subject: [PATCH] integer overflow in XShapeGetRectangles() [CVE-2013-1982 5/6]
If the number of rectangles reported by the server is large enough that
it overflows when multiplied by the size of the appropriate struct, then
memory corruption can occur when more bytes are read from the X server
than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel
From dfe6e1f3b8ede3d0bab7a5fa57f73513a09ec649 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith
Date: Sat, 9 Mar 2013 14:40:33 -0800 Subject: [PATCH] integer overflow in XSyncListSystemCounters() [CVE-2013-1982 6/6]
If the number of counters or amount of data reported by the server is
large enough that it overflows when multiplied by the size of the
appropriate struct, then memory corruption can occur when more bytes
are read from the X server than the size of the buffers we allocated
to hold them.
V2: Make sure we don't walk past the end of the reply when converting
data from wire format to the structures returned to the caller.
Reported-by: Ilja Van Sprundel