[arch-commits] Commit in lib32-mesa/trunk (3 files)

Laurent Carlier lcarlier at nymeria.archlinux.org
Mon Jul 1 23:11:26 UTC 2013 

    Date: Tuesday, July 2, 2013 @ 01:11:26
  Author: lcarlier
Revision: 93325

upgpkg: lib32-mesa 9.1.4-1

Sync with extra

Modified:
  lib32-mesa/trunk/PKGBUILD
Deleted:
  lib32-mesa/trunk/CVE-2013-1993.patch
  lib32-mesa/trunk/git-fixes.patch

---------------------+
 CVE-2013-1993.patch |   82 --------------------------------------------------
 PKGBUILD            |   17 ++--------
 git-fixes.patch     |   52 -------------------------------
 3 files changed, 4 insertions(+), 147 deletions(-)

Deleted: CVE-2013-1993.patch
===================================================================
--- CVE-2013-1993.patch	2013-07-01 22:56:17 UTC (rev 93324)
+++ CVE-2013-1993.patch	2013-07-01 23:11:26 UTC (rev 93325)
@@ -1,82 +0,0 @@
-From 80ac3b279e776b3d9f45a209e52c5bd34ba7e7df Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith at oracle.com>
-Date: Fri, 26 Apr 2013 23:31:58 +0000
-Subject: integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
-
-busIdStringLength is a CARD32 and needs to be bounds checked before adding
-one to it to come up with the total size to allocate, to avoid integer
-overflow leading to underallocation and writing data from the network past
-the end of the allocated buffer.
-
-NOTE: This is a candidate for stable release branches.
-
-Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
-Reviewed-by: Brian Paul <brianp at vmware.com>
-(cherry picked from commit 2e5a268f18be30df15aed0b44b01a18a37fb5df4)
----
-diff --git a/src/glx/XF86dri.c b/src/glx/XF86dri.c
-index b1cdc9b..8f53bd7 100644
---- a/src/glx/XF86dri.c
-+++ b/src/glx/XF86dri.c
-@@ -43,6 +43,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- #include <X11/extensions/Xext.h>
- #include <X11/extensions/extutil.h>
- #include "xf86dristr.h"
-+#include <limits.h>
- 
- static XExtensionInfo _xf86dri_info_data;
- static XExtensionInfo *xf86dri_info = &_xf86dri_info_data;
-@@ -201,7 +202,11 @@ XF86DRIOpenConnection(Display * dpy, int screen, drm_handle_t * hSAREA,
-    }
- 
-    if (rep.length) {
--      if (!(*busIdString = calloc(rep.busIdStringLength + 1, 1))) {
-+      if (rep.busIdStringLength < INT_MAX)
-+         *busIdString = calloc(rep.busIdStringLength + 1, 1);
-+      else
-+         *busIdString = NULL;
-+      if (*busIdString == NULL) {
-          _XEatData(dpy, ((rep.busIdStringLength + 3) & ~3));
-          UnlockDisplay(dpy);
-          SyncHandle();
---
-cgit v0.9.0.2-2-gbebe
-From 6de60ddf9ccac6f185d8f4e88ddfc63a94bd670f Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith at oracle.com>
-Date: Fri, 26 Apr 2013 23:33:03 +0000
-Subject: integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
-
-clientDriverNameLength is a CARD32 and needs to be bounds checked before
-adding one to it to come up with the total size to allocate, to avoid
-integer overflow leading to underallocation and writing data from the
-network past the end of the allocated buffer.
-
-NOTE: This is a candidate for stable release branches.
-
-Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
-Reviewed-by: Brian Paul <brianp at vmware.com>
-(cherry picked from commit 306f630e676eb901789dd09a0f30d7e7fa941ebe)
----
-diff --git a/src/glx/XF86dri.c b/src/glx/XF86dri.c
-index 8f53bd7..56e3557 100644
---- a/src/glx/XF86dri.c
-+++ b/src/glx/XF86dri.c
-@@ -305,9 +305,11 @@ XF86DRIGetClientDriverName(Display * dpy, int screen,
-    *ddxDriverPatchVersion = rep.ddxDriverPatchVersion;
- 
-    if (rep.length) {
--      if (!
--          (*clientDriverName =
--           calloc(rep.clientDriverNameLength + 1, 1))) {
-+      if (rep.clientDriverNameLength < INT_MAX)
-+         *clientDriverName = calloc(rep.clientDriverNameLength + 1, 1);
-+      else
-+         *clientDriverName = NULL;
-+      if (*clientDriverName == NULL) {
-          _XEatData(dpy, ((rep.clientDriverNameLength + 3) & ~3));
-          UnlockDisplay(dpy);
-          SyncHandle();
---
-cgit v0.9.0.2-2-gbebe

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-07-01 22:56:17 UTC (rev 93324)
+++ PKGBUILD	2013-07-01 23:11:26 UTC (rev 93325)
@@ -4,26 +4,17 @@
 
 pkgbase=lib32-mesa
 pkgname=('lib32-ati-dri' 'lib32-intel-dri' 'lib32-nouveau-dri' 'lib32-mesa' 'lib32-mesa-libgl')
-pkgver=9.1.3
-pkgrel=3
+pkgver=9.1.4
+pkgrel=1
 arch=('x86_64')
 makedepends=('python2' 'lib32-libxml2' 'lib32-expat' 'lib32-libx11' 'glproto' 'lib32-libdrm' 'dri2proto' 'lib32-libxxf86vm' 'lib32-libxdamage'
              'gcc-multilib' 'lib32-llvm-amdgpu-snapshot' 'lib32-systemd')
 url="http://mesa3d.sourceforge.net"
 license=('custom')
 options=('!libtool')
-source=(ftp://ftp.freedesktop.org/pub/mesa/${pkgver}/MesaLib-${pkgver}.tar.bz2
-        CVE-2013-1993.patch)
-md5sums=('952ccd03547ed72333b64e1746cf8ada'
-         'dc8dad7c9bc6a92bd9c33b27b9da825e')
+source=(ftp://ftp.freedesktop.org/pub/mesa/${pkgver}/MesaLib-${pkgver}.tar.bz2)
+md5sums=('a2c4e25d0e27918bc67f61bae04d0cb8')
 
-prepare() {
-  cd ${srcdir}/?esa-*
-
-  # fix CVE-2013-1993 merged upstream
-  patch -Np1 -i ${srcdir}/CVE-2013-1993.patch
-}
-
 build() {
   export CC="gcc -m32"
   export CXX="g++ -m32"

Deleted: git-fixes.patch
===================================================================
--- git-fixes.patch	2013-07-01 22:56:17 UTC (rev 93324)
+++ git-fixes.patch	2013-07-01 23:11:26 UTC (rev 93325)
@@ -1,52 +0,0 @@
-From 17f1cb1d99e66227d1e05925ef937643f5c1089a Mon Sep 17 00:00:00 2001
-From: Jan de Groot <jan at jgc.homeip.net>
-Date: Thu, 07 Mar 2013 18:48:13 +0000
-Subject: dri/nouveau: fix crash in nouveau_flush
-
-https://bugs.freedesktop.org/show_bug.cgi?id=61947
-
-Note: this is a candidate for the stable branches
----
-diff --git a/src/mesa/drivers/dri/nouveau/nouveau_driver.c b/src/mesa/drivers/dri/nouveau/nouveau_driver.c
-index f56b3b2..6c119d5 100644
---- a/src/mesa/drivers/dri/nouveau/nouveau_driver.c
-+++ b/src/mesa/drivers/dri/nouveau/nouveau_driver.c
-@@ -69,7 +69,8 @@ nouveau_flush(struct gl_context *ctx)
- 		__DRIdri2LoaderExtension *dri2 = screen->dri2.loader;
- 		__DRIdrawable *drawable = nctx->dri_context->driDrawablePriv;
- 
--		dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
-+		if (drawable && drawable->loaderPrivate)
-+			dri2->flushFrontBuffer(drawable, drawable->loaderPrivate);
- 	}
- }
- 
---
-cgit v0.9.0.2-2-gbebe
-From e062a4187d8ea518a39c913ae7562cf1d8ac3205 Mon Sep 17 00:00:00 2001
-From: Tapani Pälli <tapani.palli at intel.com>
-Date: Mon, 28 Jan 2013 06:53:56 +0000
-Subject: intel: Fix regression in intel_create_image_from_name stride handling
-
-Strangely, the DRIimage interface we have passes the pitch in pixels
-instead of bytes, which anholt missed in the change to using bytes for
-region pitch.
-
-Signed-off-by: Tapani Pälli <tapani.palli at intel.com>
-Reviewed-by: Eric Anholt <eric at anholt.net>
----
-diff --git a/src/mesa/drivers/dri/intel/intel_screen.c b/src/mesa/drivers/dri/intel/intel_screen.c
-index defcd73..d223a0b 100644
---- a/src/mesa/drivers/dri/intel/intel_screen.c
-+++ b/src/mesa/drivers/dri/intel/intel_screen.c
-@@ -377,7 +377,7 @@ intel_create_image_from_name(__DRIscreen *screen,
-        cpp = _mesa_get_format_bytes(image->format);
-     image->region = intel_region_alloc_for_handle(intelScreen,
- 						  cpp, width, height,
--						  pitch, name, "image");
-+						  pitch * cpp, name, "image");
-     if (image->region == NULL) {
-        free(image);
-        return NULL;
---
-cgit v0.9.0.2-2-gbebe

More information about the arch-commits mailing list