Update to libXres 1.0.7

lib/libXRes/ChangeLog

@@ -1,3 +1,65 @@
+commit b51a7b0ccf0d5ccb53fbd5d34ed8fe57603d2604
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Thu May 30 17:51:12 2013 -0700
+
+    libXres 1.0.7
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit ad156a716a324ee60362c8ba66a5ed8c835c219b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Fri Apr 12 23:36:13 2013 -0700
+
+    integer overflow in XResQueryClientResources() [CVE-2013-1988 2/2]
+    
+    The CARD32 rep.num_types needs to be bounds checked before multiplying
+    by sizeof(XResType) to avoid integer overflow leading to underallocation
+    and writing data from the network past the end of the allocated buffer.
+    
+    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 3ec2db9eeb9ba8fb561802b0c4b8bf79e321b7a2
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Fri Apr 12 23:36:13 2013 -0700
+
+    integer overflow in XResQueryClients() [CVE-2013-1988 1/2]
+    
+    The CARD32 rep.num_clients needs to be bounds checked before multiplying
+    by sizeof(XResClient) to avoid integer overflow leading to underallocation
+    and writing data from the network past the end of the allocated buffer.
+    
+    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 95b352b0f4a1ab1bc254e78adbc73cd65223ded4
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat Apr 13 10:34:22 2013 -0700
+
+    Use _XEatDataWords to avoid overflow of rep.length shifting
+    
+    rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit d54acff47096cf52a9b8e018a26f7165e1092eb5
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Fri Jan 18 23:06:20 2013 -0800
+
+    Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
+    
+    Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
+    
+      - Support for the long-deprecated INCLUDES variable will be removed
+        altogether in Automake 1.14.  The AM_CPPFLAGS variable should be
+        used instead.
+    
+    This variable was deprecated in Automake releases prior to 1.10, which is
+    the current minimum level required to build X.
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+    (cherry picked from commit 83e7693515369d57dcd11c2bb1f03563f51bc500)
+
 commit e6e0e02e4bf764fa58798540793bdeb44a60cc7f
 Author: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date:   Wed Mar 7 20:53:56 2012 -0800

lib/libXRes/configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libXres 1.0.6.
+# Generated by GNU Autoconf 2.69 for libXres 1.0.7.
 #
 # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=xorg>.
 #
@@ -591,8 +591,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libXres'
 PACKAGE_TARNAME='libXres'
-PACKAGE_VERSION='1.0.6'
-PACKAGE_STRING='libXres 1.0.6'
+PACKAGE_VERSION='1.0.7'
+PACKAGE_STRING='libXres 1.0.7'
 PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg'
 PACKAGE_URL=''
 
@@ -1346,7 +1346,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libXres 1.0.6 to adapt to many kinds of systems.
+\`configure' configures libXres 1.0.7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1416,7 +1416,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libXres 1.0.6:";;
+     short | recursive ) echo "Configuration of libXres 1.0.7:";;
    esac
   cat <<\_ACEOF
 
@@ -1535,7 +1535,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libXres configure 1.0.6
+libXres configure 1.0.7
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1859,7 +1859,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libXres $as_me 1.0.6, which was
+It was created by libXres $as_me 1.0.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2688,7 +2688,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libXres'
- VERSION='1.0.6'
+ VERSION='1.0.7'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17640,6 +17640,22 @@ done
 
 LIBS="$SAVE_LIBS"
 
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$XRES_LIBS"
+for ac_func in _XEatDataWords
+do :
+  ac_fn_c_check_func "$LINENO" "_XEatDataWords" "ac_cv_func__XEatDataWords"
+if test "x$ac_cv_func__XEatDataWords" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE__XEATDATAWORDS 1
+_ACEOF
+
+fi
+done
+
+LIBS="$SAVE_LIBS"
+
 ac_config_files="$ac_config_files Makefile src/Makefile man/Makefile xres.pc"
 
 cat >confcache <<\_ACEOF
@@ -18176,7 +18192,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libXres $as_me 1.0.6, which was
+This file was extended by libXres $as_me 1.0.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -18242,7 +18258,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libXres config.status 1.0.6
+libXres config.status 1.0.7
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

lib/libXRes/configure.ac

@@ -1,5 +1,5 @@
 dnl 
-dnl  $Id: configure.ac,v 1.5 2013/05/23 22:42:11 matthieu Exp $
+dnl  $Id: configure.ac,v 1.6 2013/05/31 15:23:23 matthieu Exp $
 #
 #  Copyright © 2003 Keith Packard, Noah Levitt
 #
@@ -31,7 +31,7 @@ AC_PREREQ([2.60])
 # digit in the version number to track changes which don't affect the
 # protocol, so XRes version l.n.m corresponds to protocol version l.n
 #
-AC_INIT([libXres], [1.0.6],
+AC_INIT([libXres], [1.0.7],
         [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXres])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h])
@@ -63,6 +63,12 @@ LIBS="$XRES_LIBS"
 AC_CHECK_FUNCS([_XEatDataWords])
 LIBS="$SAVE_LIBS"
 
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$XRES_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
 AC_CONFIG_FILES([Makefile
 		src/Makefile
 		man/Makefile

lib/libXRes/src/Makefile.am

@@ -10,7 +10,7 @@ AM_CFLAGS = \
 	$(XRES_CFLAGS) \
 	$(MALLOC_ZERO_CFLAGS)
 
-INCLUDES = -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include
 
 libXRes_la_LDFLAGS = -version-number 1:0:0 -no-undefined
 

lib/libXRes/src/Makefile.in

@@ -297,7 +297,7 @@ AM_CFLAGS = \
 	$(XRES_CFLAGS) \
 	$(MALLOC_ZERO_CFLAGS)
 
-INCLUDES = -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include
 libXRes_la_LDFLAGS = -version-number 1:0:0 -no-undefined
 libXResincludedir = $(includedir)/X11/extensions
 libXResinclude_HEADERS = $(top_srcdir)/include/X11/extensions/XRes.h