summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoris <is@pkgsrc.org>2013-12-12 14:44:10 +0000
committeris <is@pkgsrc.org>2013-12-12 14:44:10 +0000
commit77817dada3f445b16e8d0e150c6911ea5d04a57c (patch)
treeac4a1c6bb9bc246f05d4542e438ede14777f0d4b
parent691b4f5d89f8f04410b2778734377b92b025b586 (diff)
downloadpkgsrc-77817dada3f445b16e8d0e150c6911ea5d04a57c.tar.gz
Fix for the integer overflow possibility reported in
http://secunia.com/advisories/53558 / CVE 2013-1993 taken from upstream: http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html but with s/calloc/(char *) Xcalloc/
-rw-r--r--graphics/MesaLib/Makefile4
-rw-r--r--graphics/MesaLib/distinfo3
-rw-r--r--graphics/MesaLib/patches/patch-src_glx_XF86dri.c40
3 files changed, 44 insertions, 3 deletions
diff --git a/graphics/MesaLib/Makefile b/graphics/MesaLib/Makefile
index 1489ccd073b..8926e213f4f 100644
--- a/graphics/MesaLib/Makefile
+++ b/graphics/MesaLib/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.94 2013/11/29 15:27:19 bsiegert Exp $
+# $NetBSD: Makefile,v 1.95 2013/12/12 14:44:10 is Exp $
PKGNAME= MesaLib-${MESA_PKGVERSION}
-PKGREVISION= 2
+PKGREVISION= 3
COMMENT= Graphics library similar to SGI's OpenGL
CONFLICTS+= xf86driproto<2.0.4
diff --git a/graphics/MesaLib/distinfo b/graphics/MesaLib/distinfo
index fa3da453fff..7d4e3479a47 100644
--- a/graphics/MesaLib/distinfo
+++ b/graphics/MesaLib/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.82 2013/11/29 15:27:19 bsiegert Exp $
+$NetBSD: distinfo,v 1.83 2013/12/12 14:44:10 is Exp $
SHA1 (Mesa-7.11.2/MesaGLUT-7.11.2.tar.bz2) = 2e6e730204800a0748b301a5f58b86332699788b
RMD160 (Mesa-7.11.2/MesaGLUT-7.11.2.tar.bz2) = bb2b140375aa13df79fcdb60a7ad0a63622dc531
@@ -13,6 +13,7 @@ SHA1 (patch-include_GL_gl.h) = a97ab309556c78d818d0b8bd867b5f2412c141b0
SHA1 (patch-src_gallium_include_pipe_p__config.h) = 934e2505fe299e1a25da6def2f971fa1302840c0
SHA1 (patch-src_glsl_ir__constant__expression.cpp) = 281e281f51afed244b1a29b92942d572fc095124
SHA1 (patch-src_glu_sgi_glu.exports) = 66609d2ea59b02fc46b41311b0042fe4a2da517f
+SHA1 (patch-src_glx_XF86dri.c) = b69b7cf5e0d617eca129f0d7f0b06c7603d00db0
SHA1 (patch-src_mesa_drivers_dri_common_dri__util.h) = 53e63dcc6243b1872f4e4816b46e92910cf97edc
SHA1 (patch-src_mesa_drivers_dri_common_mmio.h) = b6da48111fb2792b1c71eb7549d0f03adceec9f1
SHA1 (patch-src_mesa_drivers_dri_i915_intel__batchbuffer.c) = fec8b1a9f6888e9a4225861ea5bda776ecc5f054
diff --git a/graphics/MesaLib/patches/patch-src_glx_XF86dri.c b/graphics/MesaLib/patches/patch-src_glx_XF86dri.c
new file mode 100644
index 00000000000..34929e86682
--- /dev/null
+++ b/graphics/MesaLib/patches/patch-src_glx_XF86dri.c
@@ -0,0 +1,40 @@
+$NetBSD: patch-src_glx_XF86dri.c,v 1.1 2013/12/12 14:44:10 is Exp $
+
+--- src/glx/XF86dri.c.orig 2010-10-19 17:58:29.000000000 +0000
++++ src/glx/XF86dri.c
+@@ -43,6 +43,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ #include <X11/extensions/Xext.h>
+ #include <X11/extensions/extutil.h>
+ #include "xf86dristr.h"
++#include <limits.h>
+
+ static XExtensionInfo _xf86dri_info_data;
+ static XExtensionInfo *xf86dri_info = &_xf86dri_info_data;
+@@ -201,7 +202,11 @@ XF86DRIOpenConnection(Display * dpy, int screen, drm_handle_t * hSAREA,
+ }
+
+ if (rep.length) {
+- if (!(*busIdString = (char *) Xcalloc(rep.busIdStringLength + 1, 1))) {
++ if (rep.busIdStringLength < INT_MAX)
++ *busIdString = (char *) Xcalloc(rep.busIdStringLength + 1, 1);
++ else
++ *busIdString = NULL;
++ if (*busIdString == NULL) {
+ _XEatData(dpy, ((rep.busIdStringLength + 3) & ~3));
+ UnlockDisplay(dpy);
+ SyncHandle();
+@@ -300,9 +301,11 @@ XF86DRIGetClientDriverName(Display * dpy
+ *ddxDriverPatchVersion = rep.ddxDriverPatchVersion;
+
+ if (rep.length) {
+- if (!
+- (*clientDriverName =
+- (char *) Xcalloc(rep.clientDriverNameLength + 1, 1))) {
++ if (rep.clientDriverNameLength < INT_MAX)
++ *clientDriverName = (char *) Xcalloc(rep.clientDriverNameLength + 1, 1);
++ else
++ *clientDriverName = NULL;
++ if (*clientDriverName == NULL) {
+ _XEatData(dpy, ((rep.clientDriverNameLength + 3) & ~3));
+ UnlockDisplay(dpy);
+ SyncHandle();