commit libXrender for openSUSE:Factory
Hello community, here is the log from the commit of package libXrender for openSUSE:Factory checked in at 2016-11-05 21:21:36 Comparing /work/SRC/openSUSE:Factory/libXrender (Old) and /work/SRC/openSUSE:Factory/.libXrender.new (New) Package is "libXrender" Changes: --- /work/SRC/openSUSE:Factory/libXrender/libXrender.changes2015-05-06 07:48:02.0 +0200 +++ /work/SRC/openSUSE:Factory/.libXrender.new/libXrender.changes 2016-11-05 21:21:37.0 +0100 @@ -1,0 +2,8 @@ +Sat Oct 29 00:03:45 UTC 2016 - tobias.johannes.klausm...@mni.thm.de + +- Update to version 0.9.10: + + Fix documentation to explicitly mention premultiplied alpha + + Avoid OOB write in XRenderQueryFilters + + Validate lengths while parsing server data. + +--- Old: libXrender-0.9.9.tar.bz2 New: libXrender-0.9.10.tar.bz2 Other differences: -- ++ libXrender.spec ++ --- /var/tmp/diff_new_pack.0qDwh3/_old 2016-11-05 21:21:38.0 +0100 +++ /var/tmp/diff_new_pack.0qDwh3/_new 2016-11-05 21:21:38.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libXrender # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libXrender %define lname libXrender1 -Version:0.9.9 +Version:0.9.10 Release:0 Summary:X Rendering Extension library License:MIT @@ -42,8 +42,8 @@ %package -n %lname Summary:X Rendering Extension library -Group: System/Libraries # O/P added for 12.2 +Group: System/Libraries Provides: xorg-x11-libXrender = 7.6_%version-%release Obsoletes: xorg-x11-libXrender < 7.6_%version-%release ++ libXrender-0.9.9.tar.bz2 -> libXrender-0.9.10.tar.bz2 ++ 11910 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXrender-0.9.9/ChangeLog new/libXrender-0.9.10/ChangeLog --- old/libXrender-0.9.9/ChangeLog 2015-05-01 07:31:06.0 +0200 +++ new/libXrender-0.9.10/ChangeLog 2016-10-04 22:23:40.0 +0200 @@ -1,3 +1,59 @@ +commit 845716f8f14963d338e5a8d5d2424baafc90fb30 +Author: Matthieu Herrb+Date: Tue Oct 4 21:24:55 2016 +0200 + +libXrender 0.9.10 + +Signed-off-by: Matthieu Herrb + +commit 9362c7ddd1af3b168953d0737877bc52d79c94f4 +Author: Tobias Stoeckmann +Date: Sun Sep 25 21:43:09 2016 +0200 + +Validate lengths while parsing server data. + +Individual lengths inside received server data can overflow +the previously reserved memory. + +It is therefore important to validate every single length +field to not overflow the previously agreed sum of all invidual +length fields. + +v2: consume remaining bytes in the reply buffer on error. + +Signed-off-by: Tobias Stoeckmann +Reviewed-by: Matthieu he...@laas.fr + +commit 8fad00b0b647ee662ce4737ca15be033b7a21714 +Author: Tobias Stoeckmann +Date: Sun Sep 25 21:42:09 2016 +0200 + +Avoid OOB write in XRenderQueryFilters + +The memory for filter names is reserved right after receiving the reply. +After that, filters are iterated and each individual filter name is +stored in that reserved memory. + +The individual name lengths are not checked for validity, which means +that a malicious server can reserve less memory than it will write to +during each iteration. + +v2: consume remaining bytes in reply buffer on error. + +Signed-off-by: Tobias Stoeckmann +Reviewed-by: Matthieu Herrb + +commit b2df5bc42f64b45e44dbad61f3386bcb5ec1383d +Author: Lauri Kasanen +Date: Mon May 18 19:41:03 2015 +0300 + +Fix documentation to explicitly mention premultiplied alpha + +Before this patch, it wasn't mentioned in this file at all, which +is a monumental oversight. + +Signed-off-by: Lauri Kasanen + commit bb890936bcc6053cb7a46cd9225c257ff1be389f Author: Alan Coopersmith Date: Thu Apr 30 22:29:55 2015
commit libXrender for openSUSE:Factory
Hello community, here is the log from the commit of package libXrender for openSUSE:Factory checked in at 2015-05-06 07:48:00 Comparing /work/SRC/openSUSE:Factory/libXrender (Old) and /work/SRC/openSUSE:Factory/.libXrender.new (New) Package is libXrender Changes: --- /work/SRC/openSUSE:Factory/libXrender/libXrender.changes2013-06-18 15:21:55.0 +0200 +++ /work/SRC/openSUSE:Factory/.libXrender.new/libXrender.changes 2015-05-06 07:48:02.0 +0200 @@ -1,0 +2,7 @@ +Mon May 4 14:23:51 UTC 2015 - sndir...@suse.com + +- Update to version 0.9.9 + * Fix request length calculation for XRenderCompositeText32 + * Remove fallback for _XEatDataWords, require libX11 1.6 for it + +--- Old: libXrender-0.9.8.tar.bz2 New: libXrender-0.9.9.tar.bz2 Other differences: -- ++ libXrender.spec ++ --- /var/tmp/diff_new_pack.Cs8kH2/_old 2015-05-06 07:48:02.0 +0200 +++ /var/tmp/diff_new_pack.Cs8kH2/_new 2015-05-06 07:48:02.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package libXrender # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libXrender %define lname libXrender1 -Version:0.9.8 +Version:0.9.9 Release:0 Summary:X Rendering Extension library License:MIT @@ -28,6 +28,7 @@ #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXrender #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXrender/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 +Source1:baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires:autoconf = 2.60, automake, libtool BuildRequires: pkgconfig ++ libXrender-0.9.8.tar.bz2 - libXrender-0.9.9.tar.bz2 ++ 4749 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXrender-0.9.8/ChangeLog new/libXrender-0.9.9/ChangeLog --- old/libXrender-0.9.8/ChangeLog 2013-06-14 07:42:42.0 +0200 +++ new/libXrender-0.9.9/ChangeLog 2015-05-01 07:31:06.0 +0200 @@ -1,3 +1,44 @@ +commit bb890936bcc6053cb7a46cd9225c257ff1be389f +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Thu Apr 30 22:29:55 2015 -0700 + +libXrender 0.9.9 + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit 7887382e59b7a06d6b02501205d543fdf76c8249 +Author: Clemens Eisserer linuxhi...@gmail.com +Date: Sat Nov 23 22:15:52 2013 -0800 + +Fix request length calculation for XRenderCompositeText32 + +Request length calculation inside XRenderCompositeText32 is broken for +the case where the number of glyphs fits exactky inside the last +xGlyphElt. + +In XRenderCompositeText8 and XRenderCompositeText16 this case is +handled properly, somehow the -1 got missing in +XRenderCompositeText32. + +Reviewed-by: Keith Packard kei...@keithp.com + +commit b0fbff96b9f0324bb1e2f56416c84be23c3b +Author: Michael Joost m...@michael-joost.de +Date: Mon Nov 18 16:11:26 2013 +0100 + +Remove fallback for _XEatDataWords, require libX11 1.6 for it + +_XEatDataWords was orignally introduced with the May 2013 security +patches, and in order to ease the process of delivering those, +fallback versions of _XEatDataWords were included in the X extension +library patches so they could be applied to older versions that didn't +have libX11 1.6 yet. Now that we're past that hurdle, we can drop +the fallbacks and just require libX11 1.6 for building new versions +of the extension libraries. + +Reviewed-by: Alan Coopersmith alan.coopersm...@oracle.com +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + commit 61236e831f8cc0761b26b49e37a4df9c187aa0ba Author: Alan Coopersmith alan.coopersm...@oracle.com Date: Thu Jun 13 22:41:00 2013 -0700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude
commit libXrender for openSUSE:Factory
Hello community, here is the log from the commit of package libXrender for openSUSE:Factory checked in at 2013-06-18 15:21:53 Comparing /work/SRC/openSUSE:Factory/libXrender (Old) and /work/SRC/openSUSE:Factory/.libXrender.new (New) Package is libXrender Changes: --- /work/SRC/openSUSE:Factory/libXrender/libXrender.changes2013-03-22 11:59:04.0 +0100 +++ /work/SRC/openSUSE:Factory/.libXrender.new/libXrender.changes 2013-06-18 15:21:55.0 +0200 @@ -1,0 +2,7 @@ +Fri Jun 14 12:25:29 UTC 2013 - tobias.johannes.klausm...@mni.thm.de + +- Update to version 0.9.8: + This bugfix release delivers the fixes for the recently announced security + issue CVE-2013-1987. + +--- Old: libXrender-0.9.7.tar.bz2 New: libXrender-0.9.8.tar.bz2 Other differences: -- ++ libXrender.spec ++ --- /var/tmp/diff_new_pack.ZsBHxW/_old 2013-06-18 15:21:56.0 +0200 +++ /var/tmp/diff_new_pack.ZsBHxW/_new 2013-06-18 15:21:56.0 +0200 @@ -18,7 +18,7 @@ Name: libXrender %define lname libXrender1 -Version:0.9.7 +Version:0.9.8 Release:0 Summary:X Rendering Extension library License:MIT ++ libXrender-0.9.7.tar.bz2 - libXrender-0.9.8.tar.bz2 ++ 12943 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXrender-0.9.7/ChangeLog new/libXrender-0.9.8/ChangeLog --- old/libXrender-0.9.7/ChangeLog 2012-03-08 05:49:17.0 +0100 +++ new/libXrender-0.9.8/ChangeLog 2013-06-14 07:42:42.0 +0200 @@ -1,3 +1,83 @@ +commit 61236e831f8cc0761b26b49e37a4df9c187aa0ba +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Thu Jun 13 22:41:00 2013 -0700 + +libXrender 0.9.8 + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit 786f78fd8df6d165ccbc81f306fd9f22b5c1551c +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Fri Apr 12 23:02:11 2013 -0700 + +integer overflow in XRenderQueryPictIndexValues() [CVE-2013-1987 3/3] + +The length and numIndexValues members of the reply are both CARD32 and +need to be bounds checked before multiplying by sizeof (XIndexValue) to +avoid integer overflow leading to underallocation and writing data from +the network past the end of the allocated buffer. + +Reported-by: Ilja Van Sprundel ivansprun...@ioactive.com +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit 9e577d40322b9e3d8bdefec0eefa44d8ead451a4 +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Fri Apr 12 23:02:11 2013 -0700 + +integer overflow in XRenderQueryFormats() [CVE-2013-1987 2/3] + +The length, numFormats, numScreens, numDepths, and numVisuals members of +the reply are all CARD32 and need to be bounds checked before multiplying +and adding them together to come up with the total size to allocate, to +avoid integer overflow leading to underallocation and writing data from +the network past the end of the allocated buffer. + +Reported-by: Ilja Van Sprundel ivansprun...@ioactive.com +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit e52853974664289fe42a92909667ed77cfa1cec5 +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Fri Apr 12 22:45:20 2013 -0700 + +integer overflow in XRenderQueryFilters() [CVE-2013-1987 1/3] + +The length, numFilters numAliases members of the reply are all CARD32 +and need to be bounds checked before multiplying adding them together +to come up with the total size to allocate, to avoid integer overflow +leading to underallocation and writing data from the network past the +end of the allocated buffer. + +Reported-by: Ilja Van Sprundel ivansprun...@ioactive.com +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit 73e77eb21d649edc1ce1746739f9358e337b2935 +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Fri May 3 22:48:11 2013 -0700 + +Use _XEatDataWords to avoid overflow of rep.length bit shifting + +rep.length is a CARD32, so rep.length 2 could overflow in 32-bit builds + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit 1af52cb334377611233d7dc156bc1e6f7923756d +Author: Colin Walters walt...@verbum.org +Date: Wed Jan 4 17:37:06 2012 -0500 + +autogen.sh:
commit libXrender for openSUSE:Factory
Hello community, here is the log from the commit of package libXrender for openSUSE:Factory checked in at 2013-03-22 11:59:02 Comparing /work/SRC/openSUSE:Factory/libXrender (Old) and /work/SRC/openSUSE:Factory/.libXrender.new (New) Package is libXrender, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/libXrender/libXrender.changes2012-05-08 11:59:17.0 +0200 +++ /work/SRC/openSUSE:Factory/.libXrender.new/libXrender.changes 2013-03-22 11:59:04.0 +0100 @@ -1,0 +2,5 @@ +Sun Feb 17 17:21:53 UTC 2013 - jeng...@inai.de + +- Use more robust make install call + +--- Other differences: -- ++ libXrender.spec ++ --- /var/tmp/diff_new_pack.1O03rh/_old 2013-03-22 11:59:05.0 +0100 +++ /var/tmp/diff_new_pack.1O03rh/_new 2013-03-22 11:59:05.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package libXrender # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,7 @@ Url:http://cgit.freedesktop.org/xorg/lib/libXrender/ #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXrender +#Git-Web: http://cgit.freedesktop.org/xorg/lib/libXrender/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires:autoconf = 2.60, automake, libtool @@ -72,7 +73,7 @@ make %{?_smp_mflags} %install -%makeinstall +make install DESTDIR=%buildroot rm -f %buildroot/%_libdir/*.la %post -n %lname -p /sbin/ldconfig -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit libXrender for openSUSE:Factory
Hello community, here is the log from the commit of package libXrender for openSUSE:Factory checked in at 2012-05-08 11:58:01 Comparing /work/SRC/openSUSE:Factory/libXrender (Old) and /work/SRC/openSUSE:Factory/.libXrender.new (New) Package is libXrender, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/libXrender/libXrender.changes2012-02-17 12:04:50.0 +0100 +++ /work/SRC/openSUSE:Factory/.libXrender.new/libXrender.changes 2012-05-08 11:59:17.0 +0200 @@ -1,0 +2,9 @@ +Wed Apr 11 15:13:29 UTC 2012 - vu...@opensuse.org + +- Update to version 0.9.7: + + Fix alpha premultiplication in XRenderParseColor + + Compiler warning fixes + + Documentation typo fixes + + Build configuration fixes + +--- Old: libXrender-0.9.6.tar.bz2 New: libXrender-0.9.7.tar.bz2 Other differences: -- ++ libXrender.spec ++ --- /var/tmp/diff_new_pack.n4TUcL/_old 2012-05-08 11:59:19.0 +0200 +++ /var/tmp/diff_new_pack.n4TUcL/_new 2012-05-08 11:59:19.0 +0200 @@ -14,9 +14,11 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: libXrender %define lname libXrender1 -Version:0.9.6 +Version:0.9.7 Release:0 Summary:X Rendering Extension library License:MIT @@ -24,11 +26,13 @@ Url:http://cgit.freedesktop.org/xorg/lib/libXrender/ #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXrender -Source: %name-%version.tar.bz2 -BuildRoot: %_tmppath/%name-%version-build +Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 +BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires:autoconf = 2.60, automake, libtool -BuildRequires: pkgconfig, pkgconfig(xorg-macros) = 1.3, pkgconfig(x11) +BuildRequires: pkgconfig BuildRequires: pkgconfig(renderproto) = 0.9 +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xorg-macros) = 1.8 %description The Xrender library is designed as a lightweight library interface to ++ libXrender-0.9.6.tar.bz2 - libXrender-0.9.7.tar.bz2 ++ 47377 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXrender-0.9.6/COPYING new/libXrender-0.9.7/COPYING --- old/libXrender-0.9.6/COPYING2010-01-30 08:39:43.0 +0100 +++ new/libXrender-0.9.7/COPYING2012-03-08 05:47:00.0 +0100 @@ -35,5 +35,5 @@ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL SuSE BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXrender-0.9.6/ChangeLog new/libXrender-0.9.7/ChangeLog --- old/libXrender-0.9.6/ChangeLog 2010-06-09 04:24:41.0 +0200 +++ new/libXrender-0.9.7/ChangeLog 2012-03-08 05:49:17.0 +0100 @@ -1,3 +1,102 @@ +commit bf1aa4e05997ab97be4413ccdb6d0d1eb45aeefe +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Wed Mar 7 20:46:50 2012 -0800 + +libXrender 0.9.7 + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit bb6568cbec24ae2c84bb5d9fe418f0021291a0af +Author: Emanuele Giaquinta emanuele.giaqui...@gmail.com +Date: Mon Jan 2 19:58:15 2012 + + +Fix alpha premultiplication in XRenderParseColor. + +Due to C arithmetic conversion rules we must use an unsigned constant (or a +cast) to perform the multiplication using unsigned arithmetic. + +Reviewed-by: Jeremy Huddleston jerem...@apple.com + +commit b3cfeecf2bddbbb120a9c796a4c9fb8fd08e15fc +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Fri Sep 16 22:51:39 2011 -0700 + +Strip trailing whitespace + +Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' +git diff -w git diff -b show no diffs from this change