Update to libXcursor 1.1.15

2017-11-28 15:46:58 +00:00 · 2017-11-28 15:46:58 +00:00 · e19bfc2895
commit e19bfc2895
parent 4959227bfa
10 changed files with 2045 additions and 1428 deletions
--- a/lib/libXcursor/ChangeLog
+++ b/lib/libXcursor/ChangeLog
@ -1,3 +1,113 @@
+commit 4828abe494df8fb4aa00dcaa22a03446ba418d01
+Author: Matthieu Herrb <matthieu@herrb.eu>
+Date:   Sat Nov 25 11:59:31 2017 +0100
+
+    libXcursor 1.1.15
+    
+    Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 4794b5dd34688158fb51a2943032569d3780c4b8
+Author: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date:   Sat Oct 21 23:47:52 2017 +0200
+
+    Fix heap overflows when parsing malicious files. (CVE-2017-16612)
+    
+    It is possible to trigger heap overflows due to an integer overflow
+    while parsing images and a signedness issue while parsing comments.
+    
+    The integer overflow occurs because the chosen limit 0x10000 for
+    dimensions is too large for 32 bit systems, because each pixel takes
+    4 bytes. Properly chosen values allow an overflow which in turn will
+    lead to less allocated memory than needed for subsequent reads.
+    
+    The signedness bug is triggered by reading the length of a comment
+    as unsigned int, but casting it to int when calling the function
+    XcursorCommentCreate. Turning length into a negative value allows the
+    check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
+    addition of sizeof (XcursorComment) + 1 makes it possible to allocate
+    less memory than needed for subsequent reads.
+    
+    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 75b10c972d15c036a692ef4590a81a6c54d384f6
+Author: Mihail Konev <k.mvc@ya.ru>
+Date:   Thu Jan 26 13:52:49 2017 +1000
+
+    autogen: add default patch prefix
+    
+    Signed-off-by: Mihail Konev <k.mvc@ya.ru>
+
+commit 721901fec3d829426d7c8df82a14beb11905c7a8
+Author: Emil Velikov <emil.l.velikov@gmail.com>
+Date:   Mon Mar 9 12:00:52 2015 +0000
+
+    autogen.sh: use quoted string variables
+    
+    Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
+    fall-outs, when they contain space.
+    
+    Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
+    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+commit 860bda4cb1f126f42cfc255c958aa3c7be17f3c6
+Author: Peter Hutterer <peter.hutterer@who-t.net>
+Date:   Tue Jan 24 10:32:07 2017 +1000
+
+    autogen.sh: use exec instead of waiting for configure to finish
+    
+    Syncs the invocation of configure with the one from the server.
+    
+    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+    Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
+
+commit 897213f36baf6926daf6d192c709cf627aa5fd05
+Author: shubham shrivastav <shubham.sh@samsung.com>
+Date:   Fri Jun 5 13:36:22 2015 -0700
+
+    Insufficient memory for terminating null of string in _XcursorThemeInherits
+    
+    Fix does one byte of memory allocation for null termination of string.
+    https://bugs.freedesktop.org/show_bug.cgi?id=90857
+    
+    Reviewed-by: Keith Packard <keithp@keithp.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit edf52212a09bd80b52dc9932b5ca19e20dfcaa2b
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat Oct 18 10:52:49 2014 -0700
+
+    Fix some clang integer sign/size mismatch warnings
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit bbf3c582c97af3abfaf81e3ca63646d59fe6e28a
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat Oct 18 10:24:13 2014 -0700
+
+    Use strdup() instead of malloc(strlen())+strcpy()
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 2e6bda49d062d5064efe66a066558f7d1eec7e78
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat May 31 21:39:32 2014 -0700
+
+    autogen.sh: Honor NOCONFIGURE=1
+    
+    See http://people.gnome.org/~walters/docs/build-api.txt
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit b1df53701f40959ac66c26ca2e5263bb521d0ebb
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date:   Sat May 31 21:38:41 2014 -0700
+
+    configure: Drop AM_MAINTAINER_MODE
+    
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
 commit f92f118047ee8cea7dbbc734d476225f033ba0b7
 Author: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date:   Wed May 29 23:22:29 2013 -0700
--- a/lib/libXcursor/Makefile.in
+++ b/lib/libXcursor/Makefile.in
@ -76,8 +76,8 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
 	$(srcdir)/Makefile.in $(srcdir)/config.h.in \
 	$(srcdir)/xcursor.pc.in $(top_srcdir)/configure \
 	$(top_srcdir)/include/X11/Xcursor/Xcursor.h.in AUTHORS COPYING \
-	ChangeLog INSTALL config.guess config.sub depcomp install-sh \
-	ltmain.sh missing
+	ChangeLog INSTALL compile config.guess config.sub depcomp \
+	install-sh ltmain.sh missing
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
--- a/lib/libXcursor/compile
+++ b/lib/libXcursor/compile
@ -0,0 +1,347 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2012-10-14.11; # UTC
+
+# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" ""	$nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+  file=$1
+  case $file in
+    / | /[!/]*) # absolute file, and not a UNC file
+      if test -z "$file_conv"; then
+	# lazily determine how to convert abs files
+	case `uname -s` in
+	  MINGW*)
+	    file_conv=mingw
+	    ;;
+	  CYGWIN*)
+	    file_conv=cygwin
+	    ;;
+	  *)
+	    file_conv=wine
+	    ;;
+	esac
+      fi
+      case $file_conv/,$2, in
+	*,$file_conv,*)
+	  ;;
+	mingw/*)
+	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+	  ;;
+	cygwin/*)
+	  file=`cygpath -m "$file" || echo "$file"`
+	  ;;
+	wine/*)
+	  file=`winepath -w "$file" || echo "$file"`
+	  ;;
+      esac
+      ;;
+  esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+  func_file_conv "$1"
+  if test -z "$lib_path"; then
+    lib_path=$file
+  else
+    lib_path="$lib_path;$file"
+  fi
+  linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+  lib=$1
+  found=no
+  save_IFS=$IFS
+  IFS=';'
+  for dir in $lib_path $LIB
+  do
+    IFS=$save_IFS
+    if $shared && test -f "$dir/$lib.dll.lib"; then
+      found=yes
+      lib=$dir/$lib.dll.lib
+      break
+    fi
+    if test -f "$dir/$lib.lib"; then
+      found=yes
+      lib=$dir/$lib.lib
+      break
+    fi
+    if test -f "$dir/lib$lib.a"; then
+      found=yes
+      lib=$dir/lib$lib.a
+      break
+    fi
+  done
+  IFS=$save_IFS
+
+  if test "$found" != yes; then
+    lib=$lib.lib
+  fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+  # Assume a capable shell
+  lib_path=
+  shared=:
+  linker_opts=
+  for arg
+  do
+    if test -n "$eat"; then
+      eat=
+    else
+      case $1 in
+	-o)
+	  # configure might choose to run compile as 'compile cc -o foo foo.c'.
+	  eat=1
+	  case $2 in
+	    *.o | *.[oO][bB][jJ])
+	      func_file_conv "$2"
+	      set x "$@" -Fo"$file"
+	      shift
+	      ;;
+	    *)
+	      func_file_conv "$2"
+	      set x "$@" -Fe"$file"
+	      shift
+	      ;;
+	  esac
+	  ;;
+	-I)
+	  eat=1
+	  func_file_conv "$2" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-I*)
+	  func_file_conv "${1#-I}" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-l)
+	  eat=1
+	  func_cl_dashl "$2"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-l*)
+	  func_cl_dashl "${1#-l}"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-L)
+	  eat=1
+	  func_cl_dashL "$2"
+	  ;;
+	-L*)
+	  func_cl_dashL "${1#-L}"
+	  ;;
+	-static)
+	  shared=false
+	  ;;
+	-Wl,*)
+	  arg=${1#-Wl,}
+	  save_ifs="$IFS"; IFS=','
+	  for flag in $arg; do
+	    IFS="$save_ifs"
+	    linker_opts="$linker_opts $flag"
+	  done
+	  IFS="$save_ifs"
+	  ;;
+	-Xlinker)
+	  eat=1
+	  linker_opts="$linker_opts $2"
+	  ;;
+	-*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+	*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+	  func_file_conv "$1"
+	  set x "$@" -Tp"$file"
+	  shift
+	  ;;
+	*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+	  func_file_conv "$1" mingw
+	  set x "$@" "$file"
+	  shift
+	  ;;
+	*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+      esac
+    fi
+    shift
+  done
+  if test -n "$linker_opts"; then
+    linker_opts="-link$linker_opts"
+  fi
+  exec "$@" $linker_opts
+  exit 1
+}
+
+eat=
+
+case $1 in
+  '')
+     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit $?
+    ;;
+  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+    func_cl_wrapper "$@"      # Doesn't return...
+    ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+  if test -n "$eat"; then
+    eat=
+  else
+    case $1 in
+      -o)
+	# configure might choose to run compile as 'compile cc -o foo foo.c'.
+	# So we strip '-o arg' only if arg is an object.
+	eat=1
+	case $2 in
+	  *.o | *.obj)
+	    ofile=$2
+	    ;;
+	  *)
+	    set x "$@" -o "$2"
+	    shift
+	    ;;
+	esac
+	;;
+      *.c)
+	cfile=$1
+	set x "$@" "$1"
+	shift
+	;;
+      *)
+	set x "$@" "$1"
+	shift
+	;;
+    esac
+  fi
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no '-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # '.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+  if mkdir "$lockdir" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- a/lib/libXcursor/config.h.in
+++ b/lib/libXcursor/config.h.in
@ -70,6 +70,28 @@
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS

+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+
+
 /* Version number of package */
 #undef VERSION

@ -81,3 +103,13 @@

 /* Micro revision of libXcursor */
 #undef XCURSOR_LIB_REVISION
+
+/* Define to 1 if on MINIX. */
+#undef _MINIX
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+#undef _POSIX_1_SOURCE
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+#undef _POSIX_SOURCE
--- a/lib/libXcursor/configure
+++ b/lib/libXcursor/configure
--- a/lib/libXcursor/configure.ac
+++ b/lib/libXcursor/configure.ac
@ -26,14 +26,17 @@ AC_PREREQ([2.60])
 # This is the package version number, not the shared library
 # version.  This version number will be substituted into Xcursor.h
 #
-AC_INIT([libXcursor], [1.1.14],
+AC_INIT([libXcursor], [1.1.15],
        [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg],[libXcursor])
 AC_CONFIG_SRCDIR([Makefile.am])
 AC_CONFIG_HEADERS([config.h include/X11/Xcursor/Xcursor.h])
+# Set common system defines for POSIX extensions, such as _GNU_SOURCE
+# Must be called before any macros that run the compiler (like AC_PROG_LIBTOOL)
+# to avoid autoconf errors.
+AC_USE_SYSTEM_EXTENSIONS

 # Initialize Automake
 AM_INIT_AUTOMAKE([foreign dist-bzip2])
-AM_MAINTAINER_MODE

 # Initialize libtool
 AC_PROG_LIBTOOL
--- a/lib/libXcursor/src/cursor.c
+++ b/lib/libXcursor/src/cursor.c
@ -226,7 +226,7 @@ static Bool
 _XcursorHeckbertMedianCut (const XcursorImage *image, XcursorCoreCursor *core)
 {
    XImage	    *src_image = core->src_image, *msk_image = core->msk_image;
-    int		    npixels = image->width * image->height;
+    unsigned int    npixels = image->width * image->height;
    int		    ncolors;
    int		    n;
    XcursorPixel    *po, *pn, *pc;
@ -395,7 +395,7 @@ _XcursorFloydSteinberg (const XcursorImage *image, XcursorCoreCursor *core)
    int		    *aPicture, *iPicture, *aP, *iP;
    XcursorPixel    *pixel, p;
    int		    aR, iR, aA, iA;
-    int		    npixels = image->width * image->height;
+    unsigned int    npixels = image->width * image->height;
    int		    n;
    int		    right = 1;
    int		    belowLeft = image->width - 1;
--- a/lib/libXcursor/src/display.c
+++ b/lib/libXcursor/src/display.c
@ -216,17 +216,8 @@ _XcursorGetDisplayInfo (Display *dpy)
 	v = XGetDefault (dpy, "Xcursor", "theme");
    if (v)
    {
-	int len;
-
-	len = strlen (v) + 1;
-
-	info->theme = malloc (len);
-	if (info->theme)
-	    strcpy (info->theme, v);
-
-	info->theme_from_config = malloc (len);
-	if (info->theme_from_config)
-	    strcpy (info->theme_from_config, v);
+	info->theme = strdup (v);
+	info->theme_from_config = strdup (v);
    }

    /*
@ -342,10 +333,9 @@ XcursorSetTheme (Display *dpy, const char *theme)

    if (theme)
    {
-	copy = malloc (strlen (theme) + 1);
+	copy = strdup (theme);
 	if (!copy)
 	    return XcursorFalse;
-	strcpy (copy, theme);
    }
    else
 	copy = NULL;
--- a/lib/libXcursor/src/file.c
+++ b/lib/libXcursor/src/file.c
@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height)
 {
    XcursorImage    *image;

+    if (width < 0 || height < 0)
+       return NULL;
+    if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
+       return NULL;
+
    image = malloc (sizeof (XcursorImage) +
 		    width * height * sizeof (XcursorPixel));
    if (!image)
@ -86,12 +91,11 @@ XcursorImagesSetName (XcursorImages *images, const char *name)
    if (!images || !name)
        return;

-    new = malloc (strlen (name) + 1);
+    new = strdup (name);

    if (!new)
 	return;

-    strcpy (new, name);
    if (images->name)
 	free (images->name);
    images->name = new;
@ -102,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length)
 {
    XcursorComment  *comment;

-    if (length > XCURSOR_COMMENT_MAX_LEN)
+    if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN)
 	return NULL;

    comment = malloc (sizeof (XcursorComment) + length + 1);
@ -449,7 +453,8 @@ _XcursorReadImage (XcursorFile		*file,
    if (!_XcursorReadUInt (file, &head.delay))
 	return NULL;
    /* sanity check data */
-    if (head.width >= 0x10000 || head.height > 0x10000)
+    if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
+	head.height > XCURSOR_IMAGE_MAX_SIZE)
 	return NULL;
    if (head.width == 0 || head.height == 0)
 	return NULL;
@ -458,6 +463,8 @@ _XcursorReadImage (XcursorFile		*file,

    /* Create the image and initialize it */
    image = XcursorImageCreate (head.width, head.height);
+    if (image == NULL)
+	return NULL;
    if (chunkHeader.version < image->version)
 	image->version = chunkHeader.version;
    image->size = chunkHeader.subtype;
--- a/lib/libXcursor/src/library.c
+++ b/lib/libXcursor/src/library.c
@ -49,7 +49,7 @@ XcursorLibraryPath (void)
 static  void
 _XcursorAddPathElt (char *path, const char *elt, int len)
 {
-    int	    pathlen = strlen (path);
+    size_t    pathlen = strlen (path);

    /* append / if the path doesn't currently have one */
    if (path[0] == '\0' || path[pathlen - 1] != '/')
@ -180,7 +180,7 @@ _XcursorThemeInherits (const char *full)
 		if (*l != '=') continue;
 		l++;
 		while (*l == ' ') l++;
-		result = malloc (strlen (l));
+		result = malloc (strlen (l) + 1);
 		if (result)
 		{
 		    r = result;