Update to 1.14.91

2018-02-27 09:30:36 +01:00 · 2018-02-27 09:30:36 +01:00 · 700bbaa6f2
commit 700bbaa6f2
parent 972f0b0033
4 changed files with 7 additions and 59 deletions
--- a/.gitignore
+++ b/.gitignore
@ -45,3 +45,4 @@
 /wayland-1.13.92.tar.xz
 /wayland-1.13.93.tar.xz
 /wayland-1.14.0.tar.xz
+/wayland-1.14.91.tar.xz
--- a/0001-cursor-Fix-heap-overflows-when-parsing-malicious-fil.patch
+++ b/0001-cursor-Fix-heap-overflows-when-parsing-malicious-fil.patch
@ -1,52 +0,0 @@
-From 5d201df72f3d4f4cb8b8f75f980169b03507da38 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Tue, 28 Nov 2017 21:38:07 +0100
-Subject: [PATCH] cursor: Fix heap overflows when parsing malicious files.
-
-It is possible to trigger heap overflows due to an integer overflow
-while parsing images.
-
-The integer overflow occurs because the chosen limit 0x10000 for
-dimensions is too large for 32 bit systems, because each pixel takes
-4 bytes. Properly chosen values allow an overflow which in turn will
-lead to less allocated memory than needed for subsequent reads.
-
-See also: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
-Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=103961
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-[Pekka: add link to the corresponding libXcursor commit]
-Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
---
- cursor/xcursor.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/cursor/xcursor.c b/cursor/xcursor.c
-index ca41c4ac611f..689c7026729d 100644
--- a/cursor/xcursor.c
-+++ b/cursor/xcursor.c
-@@ -202,6 +202,11 @@ XcursorImageCreate (int width, int height)
- {
-     XcursorImage    *image;
- 
-+    if (width < 0 || height < 0)
-+       return NULL;
-+    if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
-+       return NULL;
-+
-     image = malloc (sizeof (XcursorImage) +
- 		    width * height * sizeof (XcursorPixel));
-     if (!image)
-@@ -482,7 +487,8 @@ _XcursorReadImage (XcursorFile		*file,
-     if (!_XcursorReadUInt (file, &head.delay))
- 	return NULL;
-     /* sanity check data */
-    if (head.width >= 0x10000 || head.height > 0x10000)
-+    if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
-+	head.height > XCURSOR_IMAGE_MAX_SIZE)
- 	return NULL;
-     if (head.width == 0 || head.height == 0)
- 	return NULL;
-- 
-2.14.3
-
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (wayland-1.14.0.tar.xz) = bd38b2b8963d4d98d42c270e5d7dbff6323789a173b19b67a18258424fd8adee5021b282c9d7f6dad0bd25aa0160e76aecd8ed803d4eb25d911ef0a81cd713a5
+SHA512 (wayland-1.14.91.tar.xz) = e9a1f465188c46e82512efba1c7502fee1201f3ddfb7afe132c406c3fb728f0f5144580663bea4cdc2af38794f00b2c30369ca6e04fdcb691b9ed1889bc11344
--- a/wayland.spec
+++ b/wayland.spec
@ -1,16 +1,12 @@
 Name:           wayland
-Version:        1.14.0
-Release:        3%{?dist}
+Version:        1.14.91
+Release:        1%{?dist}
 Summary:        Wayland Compositor Infrastructure

 License:        MIT
 URL:            http://wayland.freedesktop.org/
 Source0:        http://wayland.freedesktop.org/releases/%{name}-%{version}.tar.xz

-# https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
-# Backported from upstream
-Patch0:         0001-cursor-Fix-heap-overflows-when-parsing-malicious-fil.patch
-
 BuildRequires:  chrpath
 BuildRequires:  docbook-style-xsl
 BuildRequires:  doxygen
@ -131,6 +127,9 @@ XDG_RUNTIME_DIR=$PWD/tests/run make check || \
 %{_libdir}/libwayland-server.so.0*

 %changelog
+* Tue Feb 27 2018 Kalev Lember <klember@redhat.com> - 1.14.91-1
+- Update to 1.14.91
+
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.14.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild