[blfs-book] [BLFS Trac] #10086: libXcursor-1.1.15 (xorg library)

2017-11-29 Thread BLFS Trac via blfs-book 
#10086: libXcursor-1.1.15 (xorg library)
-+-
 Reporter:  bdubbs@… |  Owner:  blfs-book@…
 Type:  enhancement  | Status:  new
 Priority:  normal   |  Milestone:  8.2
Component:  BOOK |Version:  SVN
 Severity:  normal   |   Keywords:
-+-
 New point version.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #10086: libXcursor-1.1.15 (xorg library)

2017-11-30 Thread BLFS Trac via blfs-book 
#10086: libXcursor-1.1.15 (xorg library)
-+---
 Reporter:  bdubbs@… |   Owner:  bdubbs@…
 Type:  enhancement  |  Status:  assigned
 Priority:  normal   |   Milestone:  8.2
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by bdubbs@…):

 libXcursor 1.1.15

 Fix heap overflows when parsing malicious files. (CVE-2017-16612)

 It is possible to trigger heap overflows due to an integer overflow
 while parsing images and a signedness issue while parsing comments.

 The integer overflow occurs because the chosen limit 0x1 for
 dimensions is too large for 32 bit systems, because each pixel takes
 4 bytes. Properly chosen values allow an overflow which in turn will
 lead to less allocated memory than needed for subsequent reads.

 The signedness bug is triggered by reading the length of a comment
 as unsigned int, but casting it to int when calling the function
 XcursorCommentCreate. Turning length into a negative value allows the
 check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
 addition of sizeof (XcursorComment) + 1 makes it possible to allocate
 less memory than needed for subsequent reads.

 autogen: add default patch prefix

 autogen.sh: use quoted string variables

 Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
 fall-outs, when they contain space.

 autogen.sh: use exec instead of waiting for configure to finish

 Syncs the invocation of configure with the one from the server.

 Insufficient memory for terminating null of string in
 _XcursorThemeInherits

 Fix does one byte of memory allocation for null termination of string.
 https://bugs.freedesktop.org/show_bug.cgi?id=90857

 Fix some clang integer sign/size mismatch warnings

 Use strdup() instead of malloc(strlen())+strcpy()

 autogen.sh: Honor NOCONFIGURE=1

 configure: Drop AM_MAINTAINER_MODE

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page