Date: Saturday, June 22, 2013 @ 13:14:43
Author: lcarlier
Revision: 93025
archrelease: copy trunk to multilib-x86_64
Added:
lib32-mesa/repos/multilib-x86_64/
lib32-mesa/repos/multilib-x86_64/CVE-2013-1993.patch
(from rev 93024, lib32-mesa/trunk/CVE-2013-1993.patch)
lib32-mesa/repos/multilib-x86_64/PKGBUILD
(from rev 93024, lib32-mesa/trunk/PKGBUILD)
lib32-mesa/repos/multilib-x86_64/git-fixes.patch
(from rev 93024, lib32-mesa/trunk/git-fixes.patch)
---------------------+
CVE-2013-1993.patch | 82 +++++++++++++++++++++++++++++
PKGBUILD | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++
git-fixes.patch | 52 ++++++++++++++++++
3 files changed, 271 insertions(+)
Copied: lib32-mesa/repos/multilib-x86_64/CVE-2013-1993.patch (from rev 93024,
lib32-mesa/trunk/CVE-2013-1993.patch)
===================================================================
--- multilib-x86_64/CVE-2013-1993.patch (rev 0)
+++ multilib-x86_64/CVE-2013-1993.patch 2013-06-22 11:14:43 UTC (rev 93025)
@@ -0,0 +1,82 @@
+From 80ac3b279e776b3d9f45a209e52c5bd34ba7e7df Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersm...@oracle.com>
+Date: Fri, 26 Apr 2013 23:31:58 +0000
+Subject: integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
+
+busIdStringLength is a CARD32 and needs to be bounds checked before adding
+one to it to come up with the total size to allocate, to avoid integer
+overflow leading to underallocation and writing data from the network past
+the end of the allocated buffer.
+
+NOTE: This is a candidate for stable release branches.
+
+Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
+Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com>
+Reviewed-by: Brian Paul <bri...@vmware.com>
+(cherry picked from commit 2e5a268f18be30df15aed0b44b01a18a37fb5df4)
+---
+diff --git a/src/glx/XF86dri.c b/src/glx/XF86dri.c
+index b1cdc9b..8f53bd7 100644
+--- a/src/glx/XF86dri.c
++++ b/src/glx/XF86dri.c
+@@ -43,6 +43,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ #include <X11/extensions/Xext.h>
+ #include <X11/extensions/extutil.h>
+ #include "xf86dristr.h"
++#include <limits.h>
+
+ static XExtensionInfo _xf86dri_info_data;
+ static XExtensionInfo *xf86dri_info = &_xf86dri_info_data;
+@@ -201,7 +202,11 @@ XF86DRIOpenConnection(Display * dpy, int screen,
drm_handle_t * hSAREA,
+ }
+
+ if (rep.length) {
+- if (!(*busIdString = calloc(rep.busIdStringLength + 1, 1))) {
++ if (rep.busIdStringLength < INT_MAX)
++ *busIdString = calloc(rep.busIdStringLength + 1, 1);
++ else
++ *busIdString = NULL;
++ if (*busIdString == NULL) {
+ _XEatData(dpy, ((rep.busIdStringLength + 3) & ~3));
+ UnlockDisplay(dpy);
+ SyncHandle();
+--
+cgit v0.9.0.2-2-gbebe
+From 6de60ddf9ccac6f185d8f4e88ddfc63a94bd670f Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersm...@oracle.com>
+Date: Fri, 26 Apr 2013 23:33:03 +0000
+Subject: integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
+
+clientDriverNameLength is a CARD32 and needs to be bounds checked before
+adding one to it to come up with the total size to allocate, to avoid
+integer overflow leading to underallocation and writing data from the
+network past the end of the allocated buffer.
+
+NOTE: This is a candidate for stable release branches.
+
+Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
+Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com>
+Reviewed-by: Brian Paul <bri...@vmware.com>
+(cherry picked from commit 306f630e676eb901789dd09a0f30d7e7fa941ebe)
+---
+diff --git a/src/glx/XF86dri.c b/src/glx/XF86dri.c
+index 8f53bd7..56e3557 100644
+--- a/src/glx/XF86dri.c
++++ b/src/glx/XF86dri.c
+@@ -305,9 +305,11 @@ XF86DRIGetClientDriverName(Display * dpy, int screen,
+ *ddxDriverPatchVersion = rep.ddxDriverPatchVersion;
+
+ if (rep.length) {
+- if (!
+- (*clientDriverName =
+- calloc(rep.clientDriverNameLength + 1, 1))) {
++ if (rep.clientDriverNameLength < INT_MAX)
++ *clientDriverName = calloc(rep.clientDriverNameLength + 1, 1);
++ else
++ *clientDriverName = NULL;
++ if (*clientDriverName == NULL) {
+ _XEatData(dpy, ((rep.clientDriverNameLength + 3) & ~3));
+ UnlockDisplay(dpy);
+ SyncHandle();
+--
+cgit v0.9.0.2-2-gbebe
Copied: lib32-mesa/repos/multilib-x86_64/PKGBUILD (from rev 93024,
lib32-mesa/trunk/PKGBUILD)
===================================================================
--- multilib-x86_64/PKGBUILD (rev 0)
+++ multilib-x86_64/PKGBUILD 2013-06-22 11:14:43 UTC (rev 93025)
@@ -0,0 +1,137 @@
+# $Id$
+# Contributor: Jan de Groot <j...@archlinux.org>
+# Contributor: Andreas Radke <andy...@archlinux.org>
+
+pkgbase=lib32-mesa
+pkgname=('lib32-ati-dri' 'lib32-intel-dri' 'lib32-nouveau-dri' 'lib32-mesa'
'lib32-mesa-libgl')
+pkgver=9.1.3
+pkgrel=3
+arch=('x86_64')
+makedepends=('python2' 'lib32-libxml2' 'lib32-expat' 'lib32-libx11' 'glproto'
'lib32-libdrm' 'dri2proto' 'lib32-libxxf86vm' 'lib32-libxdamage'
+ 'gcc-multilib' 'lib32-llvm-amdgpu-snapshot' 'lib32-systemd')
+url="http://mesa3d.sourceforge.net";
+license=('custom')
+options=('!libtool')
+source=(ftp://ftp.freedesktop.org/pub/mesa/${pkgver}/MesaLib-${pkgver}.tar.bz2
+ CVE-2013-1993.patch)
+md5sums=('952ccd03547ed72333b64e1746cf8ada'
+ 'dc8dad7c9bc6a92bd9c33b27b9da825e')
+
+prepare() {
+ cd ${srcdir}/?esa-*
+
+ # fix CVE-2013-1993 merged upstream
+ patch -Np1 -i ${srcdir}/CVE-2013-1993.patch
+}
+
+build() {
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+ export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+ export LLVM_CONFIG=/usr/bin/llvm-config32
+
+ cd ${srcdir}/?esa-*
+
+ # our automake is far too new for their build system :)
+ autoreconf -vfi
+
+ ./configure --enable-32-bit \
+ --libdir=/usr/lib32 \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-dri-driverdir=/usr/lib32/xorg/modules/dri \
+ --with-gallium-drivers=r300,r600,radeonsi,nouveau,swrast \
+ --with-dri-drivers=i915,i965,r200,radeon,nouveau,swrast \
+ --with-llvm-shared-libs \
+ --enable-gallium-llvm \
+ --enable-egl \
+ --enable-gallium-egl \
+ --with-egl-platforms=x11,drm \
+ --enable-shared-glapi \
+ --enable-gbm \
+ --enable-glx-tls \
+ --enable-dri \
+ --enable-glx \
+ --enable-osmesa \
+ --enable-gles1 \
+ --enable-gles2 \
+ --enable-texture-float
+ make
+
+ mkdir $srcdir/fakeinstall
+ make DESTDIR=${srcdir}/fakeinstall install
+}
+
+package_lib32-ati-dri() {
+ pkgdesc="Mesa drivers for AMD/ATI Radeon (32-bit)"
+ depends=("lib32-mesa-libgl=${pkgver}" 'ati-dri')
+ conflicts=('xf86-video-ati<6.9.0-6')
+
+ install -m755 -d ${pkgdir}/usr/lib32/xorg/modules/dri
+ mv -v
${srcdir}/fakeinstall/usr/lib32/xorg/modules/dri/{r200,r300,r600,radeon,radeonsi}_dri.so
${pkgdir}/usr/lib32/xorg/modules/dri/
+
+ install -m755 -d ${pkgdir}/usr/lib32/gallium-pipe
+ mv -v
${srcdir}/fakeinstall/usr/lib32/gallium-pipe/pipe_{r300,r600,radeonsi}*
${pkgdir}/usr/lib32/gallium-pipe/
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/ati-dri"
+ ln -s ati-dri "$pkgdir/usr/share/licenses/ati-dri/lib32-ati-dri"
+}
+
+package_lib32-intel-dri() {
+ pkgdesc="Mesa DRI drivers for Intel (32-bit)"
+ depends=("lib32-mesa-libgl=${pkgver}" 'intel-dri')
+
+ install -m755 -d ${pkgdir}/usr/lib32/xorg/modules/dri
+ mv -v ${srcdir}/fakeinstall/usr/lib32/xorg/modules/dri/{i915,i965}_dri.so
${pkgdir}/usr/lib32/xorg/modules/dri/
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/intel-dri"
+ ln -s intel-dri "$pkgdir/usr/share/licenses/intel-dri/lib32-intel-dri"
+}
+
+package_lib32-nouveau-dri() {
+ pkgdesc="Mesa drivers for Nouveau (32-bit)"
+ depends=("lib32-mesa-libgl=${pkgver}" 'nouveau-dri')
+
+ install -m755 -d ${pkgdir}/usr/lib32/xorg/modules/dri
+ mv -v
${srcdir}/fakeinstall/usr/lib32/xorg/modules/dri/nouveau_{dri,vieux_dri}.so
${pkgdir}/usr/lib32/xorg/modules/dri/
+
+ install -m755 -d ${pkgdir}/usr/lib32/gallium-pipe
+ mv -v ${srcdir}/fakeinstall/usr/lib32/gallium-pipe/pipe_nouveau*
${pkgdir}/usr/lib32/gallium-pipe/
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/nouveau-dri"
+ ln -s nouveau-dri "$pkgdir/usr/share/licenses/nouveau-dri/lib32-nouveau-dri"
+}
+
+package_lib32-mesa() {
+ pkgdesc="an open-source implementation of the OpenGL specification (32-bit)"
+ depends=('lib32-libdrm' 'lib32-libxxf86vm' 'lib32-libxdamage'
'lib32-systemd' 'lib32-llvm-amdgpu-lib-snapshot' 'mesa')
+ optdepends=('opengl-man-pages: for the OpenGL API man pages')
+ provides=('lib32-libglapi' 'lib32-osmesa' 'lib32-libgbm' 'lib32-libgles'
'lib32-libegl')
+ conflicts=('lib32-libglapi' 'lib32-osmesa' 'lib32-libgbm' 'lib32-libgles'
'lib32-libegl')
+ replaces=('lib32-libglapi' 'lib32-osmesa' 'lib32-libgbm' 'lib32-libgles'
'lib32-libegl')
+
+ mv -v ${srcdir}/fakeinstall/* ${pkgdir}
+ mv ${pkgdir}/usr/lib32/libGL.so.1.2.0 ${pkgdir}/usr/lib32/mesa-libGL.so.1.2.0
+ rm ${pkgdir}/usr/lib32/libGL.so{,.1}
+ rm -r ${pkgdir}/etc
+ rm -r ${pkgdir}/usr/include
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/mesa"
+ ln -s mesa "$pkgdir/usr/share/licenses/mesa/lib32-mesa"
+}
+
+package_lib32-mesa-libgl() {
+ pkgdesc="Mesa 3-D graphics library (32-bit)"
+ depends=("lib32-mesa=${pkgver}")
+ provides=("lib32-libgl=${pkgver}")
+ replaces=('lib32-libgl')
+
+ install -m755 -d ${pkgdir}/usr/lib32
+
+ ln -s mesa-libGL.so.1.2.0 ${pkgdir}/usr/lib32/libGL.so
+ ln -s mesa-libGL.so.1.2.0 ${pkgdir}/usr/lib32/libGL.so.1
+ ln -s mesa-libGL.so.1.2.0 ${pkgdir}/usr/lib32/libGL.so.1.2.0
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/libglapi"
+ ln -s libglapi "${pkgdir}/usr/share/licenses/libglapi/lib32-libglapi"
+}
Copied: lib32-mesa/repos/multilib-x86_64/git-fixes.patch (from rev 93024,
lib32-mesa/trunk/git-fixes.patch)
===================================================================
--- multilib-x86_64/git-fixes.patch (rev 0)
+++ multilib-x86_64/git-fixes.patch 2013-06-22 11:14:43 UTC (rev 93025)
@@ -0,0 +1,52 @@
+From 17f1cb1d99e66227d1e05925ef937643f5c1089a Mon Sep 17 00:00:00 2001
+From: Jan de Groot <j...@jgc.homeip.net>
+Date: Thu, 07 Mar 2013 18:48:13 +0000
+Subject: dri/nouveau: fix crash in nouveau_flush
+
+https://bugs.freedesktop.org/show_bug.cgi?id=61947
+
+Note: this is a candidate for the stable branches
+---
+diff --git a/src/mesa/drivers/dri/nouveau/nouveau_driver.c
b/src/mesa/drivers/dri/nouveau/nouveau_driver.c
+index f56b3b2..6c119d5 100644
+--- a/src/mesa/drivers/dri/nouveau/nouveau_driver.c
++++ b/src/mesa/drivers/dri/nouveau/nouveau_driver.c
+@@ -69,7 +69,8 @@ nouveau_flush(struct gl_context *ctx)
+ __DRIdri2LoaderExtension *dri2 = screen->dri2.loader;
+ __DRIdrawable *drawable = nctx->dri_context->driDrawablePriv;
+
+- dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
++ if (drawable && drawable->loaderPrivate)
++ dri2->flushFrontBuffer(drawable,
drawable->loaderPrivate);
+ }
+ }
+
+--
+cgit v0.9.0.2-2-gbebe
+From e062a4187d8ea518a39c913ae7562cf1d8ac3205 Mon Sep 17 00:00:00 2001
+From: Tapani Pälli <tapani.pa...@intel.com>
+Date: Mon, 28 Jan 2013 06:53:56 +0000
+Subject: intel: Fix regression in intel_create_image_from_name stride handling
+
+Strangely, the DRIimage interface we have passes the pitch in pixels
+instead of bytes, which anholt missed in the change to using bytes for
+region pitch.
+
+Signed-off-by: Tapani Pälli <tapani.pa...@intel.com>
+Reviewed-by: Eric Anholt <e...@anholt.net>
+---
+diff --git a/src/mesa/drivers/dri/intel/intel_screen.c
b/src/mesa/drivers/dri/intel/intel_screen.c
+index defcd73..d223a0b 100644
+--- a/src/mesa/drivers/dri/intel/intel_screen.c
++++ b/src/mesa/drivers/dri/intel/intel_screen.c
+@@ -377,7 +377,7 @@ intel_create_image_from_name(__DRIscreen *screen,
+ cpp = _mesa_get_format_bytes(image->format);
+ image->region = intel_region_alloc_for_handle(intelScreen,
+ cpp, width, height,
+- pitch, name, "image");
++ pitch * cpp, name, "image");
+ if (image->region == NULL) {
+ free(image);
+ return NULL;
+--
+cgit v0.9.0.2-2-gbebe
