Wed Jul 3 00:48:29 PDT 2013

author: root <root@rshg054.dnsready.net> 2013-07-03 00:48:29 -0700
committer: root <root@rshg054.dnsready.net> 2013-07-03 00:48:29 -0700
commit: 68e8645dcd1ce619af6d92f3645c43b15bc5ac71 (patch)
tree: fc71038e4bda87188130eebe5cee6d23bfda5472 /extra/mesa
parent: 8917cf5e44af1562114fe0d243dcea7d187c8047 (diff)
2 files changed, 6 insertions, 97 deletions
diff --git a/extra/mesa/CVE-2013-1993.patch b/extra/mesa/CVE-2013-1993.patch
deleted file mode 100644
index 00f723d35..000000000
--- a/extra/mesa/CVE-2013-1993.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 80ac3b279e776b3d9f45a209e52c5bd34ba7e7df Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 26 Apr 2013 23:31:58 +0000
-Subject: integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
-
-busIdStringLength is a CARD32 and needs to be bounds checked before adding
-one to it to come up with the total size to allocate, to avoid integer
-overflow leading to underallocation and writing data from the network past
-the end of the allocated buffer.
-
-NOTE: This is a candidate for stable release branches.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Brian Paul <brianp@vmware.com>
-(cherry picked from commit 2e5a268f18be30df15aed0b44b01a18a37fb5df4)
----
-diff --git a/src/glx/XF86dri.c b/src/glx/XF86dri.c
-index b1cdc9b..8f53bd7 100644
---- a/src/glx/XF86dri.c
-+++ b/src/glx/XF86dri.c
-@@ -43,6 +43,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- #include <X11/extensions/Xext.h>
- #include <X11/extensions/extutil.h>
- #include "xf86dristr.h"
-+#include <limits.h>
- 
- static XExtensionInfo _xf86dri_info_data;
- static XExtensionInfo *xf86dri_info = &_xf86dri_info_data;
-@@ -201,7 +202,11 @@ XF86DRIOpenConnection(Display * dpy, int screen, drm_handle_t * hSAREA,
-    }
- 
-    if (rep.length) {
--      if (!(*busIdString = calloc(rep.busIdStringLength + 1, 1))) {
-+      if (rep.busIdStringLength < INT_MAX)
-+         *busIdString = calloc(rep.busIdStringLength + 1, 1);
-+      else
-+         *busIdString = NULL;
-+      if (*busIdString == NULL) {
-          _XEatData(dpy, ((rep.busIdStringLength + 3) & ~3));
-          UnlockDisplay(dpy);
-          SyncHandle();
---
-cgit v0.9.0.2-2-gbebe
-From 6de60ddf9ccac6f185d8f4e88ddfc63a94bd670f Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 26 Apr 2013 23:33:03 +0000
-Subject: integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
-
-clientDriverNameLength is a CARD32 and needs to be bounds checked before
-adding one to it to come up with the total size to allocate, to avoid
-integer overflow leading to underallocation and writing data from the
-network past the end of the allocated buffer.
-
-NOTE: This is a candidate for stable release branches.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Brian Paul <brianp@vmware.com>
-(cherry picked from commit 306f630e676eb901789dd09a0f30d7e7fa941ebe)
----
-diff --git a/src/glx/XF86dri.c b/src/glx/XF86dri.c
-index 8f53bd7..56e3557 100644
---- a/src/glx/XF86dri.c
-+++ b/src/glx/XF86dri.c
-@@ -305,9 +305,11 @@ XF86DRIGetClientDriverName(Display * dpy, int screen,
-    *ddxDriverPatchVersion = rep.ddxDriverPatchVersion;
- 
-    if (rep.length) {
--      if (!
--          (*clientDriverName =
--           calloc(rep.clientDriverNameLength + 1, 1))) {
-+      if (rep.clientDriverNameLength < INT_MAX)
-+         *clientDriverName = calloc(rep.clientDriverNameLength + 1, 1);
-+      else
-+         *clientDriverName = NULL;
-+      if (*clientDriverName == NULL) {
-          _XEatData(dpy, ((rep.clientDriverNameLength + 3) & ~3));
-          UnlockDisplay(dpy);
-          SyncHandle();
---
-cgit v0.9.0.2-2-gbebe
diff --git a/extra/mesa/PKGBUILD b/extra/mesa/PKGBUILD
index 6990f754e..aca17ca8c 100644
--- a/extra/mesa/PKGBUILD
+++ b/extra/mesa/PKGBUILD
@@ -1,11 +1,11 @@
-# $Id: PKGBUILD 188839 2013-06-22 10:51:37Z lcarlier $
+# $Id: PKGBUILD 189266 2013-07-01 22:29:39Z lcarlier $
 # Maintainer: Jan de Groot <jgc@archlinux.org>
 # Maintainer: Andreas Radke <andyrtr@archlinux.org>
 
 pkgbase=mesa
 pkgname=('ati-dri' 'intel-dri' 'nouveau-dri' 'svga-dri' 'mesa' 'mesa-libgl')
-pkgver=9.1.3
-pkgrel=2
+pkgver=9.1.4
+pkgrel=1
 arch=('i686' 'x86_64')
 makedepends=('python2' 'libxml2' 'libx11' 'glproto' 'libdrm' 'dri2proto' 'libxxf86vm' 'libxdamage'
              'libvdpau' 'wayland' 'llvm-amdgpu-snapshot' 'systemd')
@@ -13,18 +13,9 @@ url="http://mesa3d.sourceforge.net"
 license=('custom')
 options=('!libtool')
 source=(ftp://ftp.freedesktop.org/pub/mesa/${pkgver}/MesaLib-${pkgver}.tar.bz2
-        LICENSE
-	CVE-2013-1993.patch)
-md5sums=('952ccd03547ed72333b64e1746cf8ada'
-         '5c65a0fe315dd347e09b1f2826a1df5a'
-         'dc8dad7c9bc6a92bd9c33b27b9da825e')
-
-prepare() {
-    cd ${srcdir}/?esa-*
-
-    # fix CVE-2013-1993 merged upstream
-    patch -Np1 -i ${srcdir}/CVE-2013-1993.patch
-}
+        LICENSE)
+md5sums=('a2c4e25d0e27918bc67f61bae04d0cb8'
+         '5c65a0fe315dd347e09b1f2826a1df5a')
 
 build() {
     cd ${srcdir}/?esa-*
author	root <root@rshg054.dnsready.net>	2013-07-03 00:48:29 -0700
committer	root <root@rshg054.dnsready.net>	2013-07-03 00:48:29 -0700
commit	68e8645dcd1ce619af6d92f3645c43b15bc5ac71 (patch)
tree	fc71038e4bda87188130eebe5cee6d23bfda5472 /extra/mesa
parent	8917cf5e44af1562114fe0d243dcea7d187c8047 (diff)