Update to libdmx 1.1.3

lib/libdmx/ChangeLog

@@ -1,3 +1,60 @@
+commit 76e841968ceb69095eb0efcd435fc47440e86d2c
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Tue May 28 16:45:02 2013 -0700
+
+    libdmx 1.1.3
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 5074d9d64192bd04519a438062b7d5bf216d06ee
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat Mar 9 13:48:28 2013 -0800
+
+    integer overflow in DMXGetInputAttributes() [CVE-2013-1992 3/3]
+    
+    If the server provided nameLength causes integer overflow
+    when padding length is added, a smaller buffer would be allocated
+    than the amount of data written to it.
+    
+    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit b6fe1a7af34ea620e002fc453f9c5eacf7db3969
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat Mar 9 13:48:28 2013 -0800
+
+    integer overflow in DMXGetWindowAttributes() [CVE-2013-1992 2/3]
+    
+    If the server provided screenCount causes integer overflow when
+    multiplied by the size of each array element, a smaller buffer
+    would be allocated than the amount of data written to it.
+    
+    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 78e11efe70d00063c830475eaaaa42f19380755d
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat Mar 9 13:48:28 2013 -0800
+
+    integer overflow in DMXGetScreenAttributes() [CVE-2013-1992 1/3]
+    
+    If the server provided displayNameLength causes integer overflow
+    when padding length is added, a smaller buffer would be allocated
+    than the amount of data written to it.
+    
+    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit f34f6f64698c3b957aadba7315bb13726e3d79b0
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Fri May 3 23:10:47 2013 -0700
+
+    Use _XEatDataWords to avoid overflow of rep.length bit shifting
+    
+    rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
 commit 9f470c92bc2d194c8abb9154f42864e6c82f43ef
 Author: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date:   Wed Mar 7 21:43:10 2012 -0800

lib/libdmx/configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libdmx 1.1.2.
+# Generated by GNU Autoconf 2.69 for libdmx 1.1.3.
 #
 # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=xorg>.
 #
@@ -591,8 +591,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libdmx'
 PACKAGE_TARNAME='libdmx'
-PACKAGE_VERSION='1.1.2'
-PACKAGE_STRING='libdmx 1.1.2'
+PACKAGE_VERSION='1.1.3'
+PACKAGE_STRING='libdmx 1.1.3'
 PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg'
 PACKAGE_URL=''
 
@@ -1346,7 +1346,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libdmx 1.1.2 to adapt to many kinds of systems.
+\`configure' configures libdmx 1.1.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1416,7 +1416,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libdmx 1.1.2:";;
+     short | recursive ) echo "Configuration of libdmx 1.1.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1535,7 +1535,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libdmx configure 1.1.2
+libdmx configure 1.1.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1859,7 +1859,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libdmx $as_me 1.1.2, which was
+It was created by libdmx $as_me 1.1.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2688,7 +2688,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libdmx'
- VERSION='1.1.2'
+ VERSION='1.1.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17637,6 +17637,23 @@ done
 LIBS="$SAVE_LIBS"
 
 
+# Check for _XEatDataWords function that may be patched into older Xlib releases
+SAVE_LIBS="$LIBS"
+LIBS="$DMX_LIBS"
+for ac_func in _XEatDataWords
+do :
+  ac_fn_c_check_func "$LINENO" "_XEatDataWords" "ac_cv_func__XEatDataWords"
+if test "x$ac_cv_func__XEatDataWords" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE__XEATDATAWORDS 1
+_ACEOF
+
+fi
+done
+
+LIBS="$SAVE_LIBS"
+
+
 ac_config_files="$ac_config_files Makefile src/Makefile man/Makefile dmx.pc"
 
 cat >confcache <<\_ACEOF
@@ -18173,7 +18190,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libdmx $as_me 1.1.2, which was
+This file was extended by libdmx $as_me 1.1.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -18239,7 +18256,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libdmx config.status 1.1.2
+libdmx config.status 1.1.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

lib/libdmx/configure.ac

@@ -21,7 +21,7 @@
 
 # Initialize Autoconf
 AC_PREREQ([2.60])
-AC_INIT([libdmx], [1.1.2],
+AC_INIT([libdmx], [1.1.3],
         [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libdmx])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])
@@ -50,6 +50,13 @@ AC_CHECK_FUNCS([_XEatDataWords])
 LIBS="$SAVE_LIBS"
 
 
+# Check for _XEatDataWords function that may be patched into older Xlib releases
+SAVE_LIBS="$LIBS"
+LIBS="$DMX_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
+
 AC_CONFIG_FILES([Makefile
 		src/Makefile
 		man/Makefile