ChangeLog | 21 +++++++++++++ configure.ac | 2 - debian/changelog | 11 ++++++ debian/control | 12 +++---- debian/copyright | 2 - debian/patches/series | 1 debian/upstream/signing-key.asc | 64 ++++++++++++++++++++++++++++++++++++++++ debian/watch | 2 - src/XvMC.c | 4 +- 9 files changed, 107 insertions(+), 12 deletions(-)
New commits: commit 313569bf7cafe7a24c493ac07413632925581895 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 15:15:19 2016 +0200 Add placeholder comment into series file. diff --git a/debian/changelog b/debian/changelog index 33ad903..30f35bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium * Update d/upstream/signing-key.asc with Matthieu Herrb's key. * Update a bunch of URLs in packaging to https. * Remove Drew from Uploaders. + * Add placeholder comment into series file. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 15:06:25 +0200 diff --git a/debian/patches/series b/debian/patches/series index e69de29..fdffa2a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +# placeholder commit e1b176dd1cf1944e52949628621bab280e1f3d0f Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 15:11:03 2016 +0200 Remove Drew from Uploaders. diff --git a/debian/changelog b/debian/changelog index 14a8396..33ad903 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium - Fixes CVE-2016-7953. * Update d/upstream/signing-key.asc with Matthieu Herrb's key. * Update a bunch of URLs in packaging to https. + * Remove Drew from Uploaders. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 15:06:25 +0200 diff --git a/debian/control b/debian/control index e99131c..eb2d444 100644 --- a/debian/control +++ b/debian/control @@ -2,8 +2,6 @@ Source: libxvmc Section: x11 Priority: optional Maintainer: Debian X Strike Force <debian-x@lists.debian.org> -Uploaders: - Drew Parsons <dpars...@debian.org>, Build-Depends: dpkg-dev (>= 1.16.1), debhelper (>= 8.1.3), commit 83dbc4c8e195735359af5e10f947995cb6b81639 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 15:09:48 2016 +0200 Update a bunch of URLs in packaging to https. diff --git a/debian/changelog b/debian/changelog index 949a41a..14a8396 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium * New upstream release. - Fixes CVE-2016-7953. * Update d/upstream/signing-key.asc with Matthieu Herrb's key. + * Update a bunch of URLs in packaging to https. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 15:06:25 +0200 diff --git a/debian/control b/debian/control index 82d96b7..e99131c 100644 --- a/debian/control +++ b/debian/control @@ -17,8 +17,8 @@ Build-Depends: automake, libtool Standards-Version: 3.9.4 -Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxvmc -Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxvmc.git +Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxvmc.git +Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxvmc.git Package: libxvmc1 Section: libs @@ -36,7 +36,7 @@ Description: X11 Video extension library non-existent. . More information about X.Org can be found at: - <URL:http://www.X.org> + <URL:https://www.X.org> . This module can be found at git://anongit.freedesktop.org/git/xorg/lib/libXvMC @@ -59,7 +59,7 @@ Description: X11 Video extension library (debug package) Non-developers likely have little use for this package. . More information about X.Org can be found at: - <URL:http://www.X.org> + <URL:https://www.X.org> . This module can be found at git://anongit.freedesktop.org/git/xorg/lib/libXvMC @@ -84,7 +84,7 @@ Description: X11 Video extension library (development headers) libxvmc1. Non-developers likely have little use for this package. . More information about X.Org can be found at: - <URL:http://www.X.org> + <URL:https://www.X.org> . This module can be found at git://anongit.freedesktop.org/git/xorg/lib/libXvMC diff --git a/debian/copyright b/debian/copyright index 0c3621b..b788d08 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,5 +1,5 @@ This package was downloaded from -http://xorg.freedesktop.org/releases/individual/lib/ +https://xorg.freedesktop.org/releases/individual/lib/ Copyright (c) 2004 The Unichrome project. All rights reserved. diff --git a/debian/watch b/debian/watch index 16b3f5d..0c6b747 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,4 @@ #git=git://anongit.freedesktop.org/xorg/lib/libXvMC version=3 opts=pgpsigurlmangle=s/$/.sig/ \ -http://xorg.freedesktop.org/releases/individual/lib/ libXvMC-(.*)\.tar\.gz +https://xorg.freedesktop.org/releases/individual/lib/ libXvMC-(.*)\.tar\.gz commit d111b158d7d7c0ba5bcdfa49fa5188898cd6b212 Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 15:07:19 2016 +0200 Update d/upstream/signing-key.asc with Matthieu Herrb's key. diff --git a/debian/changelog b/debian/changelog index e1de2eb..949a41a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium * New upstream release. - Fixes CVE-2016-7953. + * Update d/upstream/signing-key.asc with Matthieu Herrb's key. -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 15:06:25 +0200 diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc index 863981f..a45df92 100644 --- a/debian/upstream/signing-key.asc +++ b/debian/upstream/signing-key.asc @@ -58,3 +58,67 @@ n4u1yrMJfpnSblPMu5wJi3kjoA+Dd5ZFqx9nTi4wBjfVYGCPsleq59K8kQCYx1Cn lZcq630ITy9dB/aHCQry2gCbBwZ2Rsf9kr05S8uLhlwW3vRSvRs= =tc6G -----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFeKY50BEADAX0lod3IVceb/IWJn3kTAcO2P7PWlcBiyUDaq5b2kFkliKleZ +ec4LoCHakQBlkRBMPNwOOxvADNk3tLQjBDpbYr6lQIrN+AxMGkXBhJ82T3bsDvlj +3Z1wRJ1zVA7eMIktsk0FAoJxV1y7e3sBKcP0eTlXqXvR2djhi+FW+ueJDAJIFSkb +uFirgwtX5t8nt8jCmIl75KNUKOakoENY3hLWtr16W8fO1JGkEhghI2mXcz664KTd +MPZp6JH0/8UHTHzmATOCTqNxoDtMTi2l5059Lh/nhmso9moTYqyKmaJP2rnZUr62 +97sRMG4WcxaYfWpPyO3MCmDyGeh4sW0OC06PpED3i9xMzf/kMkMdY4ZIFcLRcPtf +LIJhw+lc/GE1Rqe961IB5xCgnZezB7ZIL+ZlOAMwKGkq7lLbcZr2QZn84lpABKF0 +AvxECoJ4etmIcdbDVmsw18AhA3u9sr98hS5IXDyeos3Xwz6Abml8aPrhqhkKvo+J +Kcq9FNYHg0RRlos0TqocjDzGnUjEYrmIopLcwIu2SnsNSJTygZGtqrpT+2sGEqvm +k6Oyk95QCa580zqldvxe3CG0vrAfPvoG7irllM68TS4JcqqDHTq6eupUv9ZdIzXf +eyTHa5cytGahgVtUcui1lzqcCBkqwN8TKl+0wCcEnxRasHJy3A2Gp+AG3wARAQAB +tCJNYXR0aGlldSBIZXJyYiA8bWF0dGhpZXVAaGVycmIuZXU+iQI+BBMBAgAoBQJX +imOdAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo ++PF1EACldzZPNYaC9H5E9sMn9pMsJTucBYVUy74Aw6MWAiAzRpxb9DmySmC2oEYW +JJkwDTwv6M0Na0ed6zD79GKtAalORz2GppZpS7uoINClElWoM5TCYph6linyv9Wj +OTlcbpX0Jqw0tdHNI2UOEjvBP3vW9kVYpEhfnHET8Ncp55j1hzoqxOhGIBE/67zc +cLAenONAvA3YN3tHTGaOaFv+vuCFRJx9FpKbGHmdUPd3MtLqtaA4EQvDvDEholEI +eWrjmdXJibSet6Amc5AIdFaQevZiADjjMh8MINw/6OEy9OB4s+z1RzgOrHgLiIZm +dlP6WrNjXQwl2gmNPhctGaSHM+j2+3gckNGlI4LQYxNtKvI4iv/CoHDYmwgrcrZO +TwFHfqt0LwqjpsU203Hw609oWYcxLeGZdITBjDz20UcfsmKQDqrBq3P1FuC5GBW3 +5bEa3wAhyE+/WKhJ94bXiHmpKsp50va3bEe17uQcYd8+E8L53aR7XP87qaHx//Mu ++OQa5Wc2d1OFHf1Mi62nbzr7pws/Mf7OSf/tnhRthuwtlfYnsUVo8usUKL/xStqo +Ul4kc/Q81AlyaZfr7dbxsQWm2q3ksLaMaAxnk0p+kMXVzXZ9GKNOgUOJdbahORs5 +RU2f44xzfNavb63u3McADtaXskl+KHB4uDbGbGESVhm5PULk37QnTWF0dGhpZXUg +SGVycmIgPG1hdHRoaWV1LmhlcnJiQGxhYXMuZnI+iQI+BBMBAgAoBQJXlJ63AhsD +BQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo+PKID/wM +II+2d11clp1X7eZgkxkAHUhI2W3NSesuFnjkkQRKQoVMokDdeSOkBhMJuWoFfbZk +jYs2VHU9029rDqcoDSqGwo2IffvrXXJ4SjOTjlvXS1lr/H2VdWRbq8ImnDwSsoiD +dWB3dZyqzf7ABKZ7ccA+NMSs6NxeEN/0+0sTJ386Zp480ByNX0uPqYSq5lX/VEke +nI8r02u2ZfuykhGkT0sM013VprfYLa+6HvF+QT9KfP220mqRbonaDkYvCxwjCMzd +rUmvyqw3VsooUpg/W/PmDNeShSuOxebaGnFyGTNvTarElCBdynFD01dqOecOqfY8 +gy+PJ1aF1qjmf+RQD/SZq+gvgyXqyBhJy7zgJnzzNWzDlUIw0ZOLyZxzFR7lRV79 +2mrGgczlQr5rLAgBy2pgwsCmP7nFx50r4ft2juugnQixoOBU/YfhBplM76EROaCc +MTs5nPEqzJ9p4SNkPcK8AroR2Ka3+f7t+XOoHpx/XhJOBYlPaUmoFkWKr0Y8BWWh +1nJxyFKrSNbwUgam8ypZzwzbI1vDiX8Ol6NpEeOLwzFNT0pyTdC9UN93M1VIyKWC +1vaeMogUREKT6SmDjRn3fISktZ0IGVf2AnFMhtgZ46TJO4BZgDdZAjTkZc/lP0yF +Nl6MpGwnaymmL50ckT77OdlfIcXFwvNPFwWlFPlcyrkCDQRXimOdARAA4otssvZm +sKg+g0bVyJHhn/YOHLYMih+Xf07xJHyalH0UCGnGdHZwl0B97G950SwQ7yVXtGa9 +CAPe97clE6dPD6jaumQ13BHavXM+ThgjCe8V56ayYcdzqFkxlCx0Uocoa63G0/cE +TiOqeqhNZs8JY+D7l83jCa4lU/1pLusbkCpCQ7d5/FFLz7QSihzJWp+UTsjbNik5 +spaseEMGFRKUcB3SZ/l1dTgc0wBQ1hlvLX+h4/sG0iUs1pVpo5ORC+bUfWRokl96 +uj5QZz5rY21FaNSP1rB1HKHNkwhxifBCHQMhYGTXvD7GH+JNyF2TdRmo7eBCfAPJ +aP3mX9t2SkCipdSsUs+Uuyib9MLA71ApW90AGiRm6HtOCxR0c3+qQRNIdFVm8mnM +hCxXRexf6Z2wZdXXy6uY0LVRgI0o31NPJPk8l2Hnb/kHGxjyUFzEWh65J/eA368d +4m8uF+Rr7WWlpQjwgWHU12kGThEVFFBFh2gmeIjYZdDDVhCi2mQ6lGSV2Pt7pZYL +/PPChWLBqrVBkIUQ0GV22nRYvGdaIv2LVPu8PggbPs/wwh35nJ3rUQyJF55CFV5y +WIWAWXfRYTKG9jkt+ncjZLEBxDO26zzO/MjIVPZxGyYryXEOgr6xp38xbyX9FpjL +KBaIueLWEyphVjBb1uUpDGx+UDYe9vbJjPUAEQEAAYkCJQQYAQIADwUCV4pjnQIb +DAUJA8JnAAAKCRBoc5PuN9Eo+D8dEACa60Q3ta6BWyHG0SOgfYGHE15LodACVHNI +N6Ou+JtmLarMW/AvPclNC25mxZV0ywLbun4CnJ9qYbt/Kx7djn48mrNa0rKN8Q+V +K5RvQA1kD890yzwu5jH6r5BQ8VBcfsPvsvatgbquzFn+NNiH9U4xRf/9BSY2Zk3G +yA15xG0T9zoklOMg8MWbeRaJPkDELyaHPWerbO7rebynePENSFPz3o3g+K9WcCM2 +xkEL571SmT4z3Mp/p0pwemWBCP2WoKCnSjAGiiHpCFru3SlZhRIvNJyK5jeS/IU6 +d5qeTBse6TXzp6Q4xkzACIN66P5SG/YY3/ONbfs6wB3lIkvVC9n7jEXjMK1T0fK8 +9DBDjzvAkJcKLLuIljjkMhRWSCED74sn+MlaWm0xMeo276EnaVILNcrHecSr8+eX +pVXSWEJ1+ErzZladJC+CrqUm0QljPV8Smtmk9MvOLHZ4qL4bI4Hu7MywuGNrLSol +qO0pAT1AjaYTRuH2MhZ6mJe/EtSl0EHXEkcDteE4jbYj3lwVhA1c/So0CdayImmD +/0tdqUfekw4va8PpbQ0wroL0XUvf3wl6HOhFhahWSqqb1fVr2slVttkaMb8M4MPt +Ka2m4qiiuGYivPIAVapSEA4DYc+krVqVXV/yDd3T7XcNtnClVo+rmOn5WiGq24am +79+hF4bWyw== +=WW1Z +-----END PGP PUBLIC KEY BLOCK----- commit 80f5f593e701e07db77491860159bae761b51e9b Author: Andreas Boll <andreas.boll....@gmail.com> Date: Fri Oct 7 15:06:59 2016 +0200 Bump changelogs diff --git a/ChangeLog b/ChangeLog index 6993e6e..e2f2f06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +commit 44a462835cbe263451a463af17f0fbedc1c957b2 +Author: Matthieu Herrb <matthieu.he...@laas.fr> +Date: Tue Oct 4 22:09:12 2016 +0200 + + libXvMC 1.0.10 + + Signed-off-by: Matthieu Herrb <matthieu.he...@laas.fr> + +commit 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb +Author: Tobias Stoeckmann <tob...@stoeckmann.org> +Date: Sun Sep 25 22:34:27 2016 +0200 + + Avoid buffer underflow on empty strings. + + If an empty string is received from an x-server, do not underrun the + buffer by accessing "rep.nameLen - 1" unconditionally, which could end + up being -1. + + Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org> + Reviewed-by: Matthieu Herrb <matth...@herrb.eu> + commit ab0d28935987d48e9359023e82f9d56aa7e4bc95 Author: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Sat Mar 14 10:10:05 2015 -0700 diff --git a/debian/changelog b/debian/changelog index d86a006..e1de2eb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libxvmc (2:1.0.10-1) UNRELEASED; urgency=medium + + * New upstream release. + - Fixes CVE-2016-7953. + + -- Andreas Boll <andreas.boll....@gmail.com> Fri, 07 Oct 2016 15:06:25 +0200 + libxvmc (2:1.0.9-1) unstable; urgency=medium * New upstream release. commit 44a462835cbe263451a463af17f0fbedc1c957b2 Author: Matthieu Herrb <matthieu.he...@laas.fr> Date: Tue Oct 4 22:09:12 2016 +0200 libXvMC 1.0.10 Signed-off-by: Matthieu Herrb <matthieu.he...@laas.fr> diff --git a/configure.ac b/configure.ac index 01f286f..c0b87c9 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXvMC], [1.0.9], +AC_INIT([libXvMC], [1.0.10], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXvMC]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) commit 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Author: Tobias Stoeckmann <tob...@stoeckmann.org> Date: Sun Sep 25 22:34:27 2016 +0200 Avoid buffer underflow on empty strings. If an empty string is received from an x-server, do not underrun the buffer by accessing "rep.nameLen - 1" unconditionally, which could end up being -1. Signed-off-by: Tobias Stoeckmann <tob...@stoeckmann.org> Reviewed-by: Matthieu Herrb <matth...@herrb.eu> diff --git a/src/XvMC.c b/src/XvMC.c index 7336760..3ee4212 100644 --- a/src/XvMC.c +++ b/src/XvMC.c @@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port, if (*name && *busID && tmpBuf) { _XRead(dpy, tmpBuf, realSize); strncpy(*name,tmpBuf,rep.nameLen); - (*name)[rep.nameLen - 1] = '\0'; + (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0'; strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen); - (*busID)[rep.busIDLen - 1] = '\0'; + (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0'; XFree(tmpBuf); } else { XFree(*name);