This bug fix release provides the fixes for the recently announced security
issues CVE-2013-1990 & CVE-2013-1999, and the fixes for the bugs introduced
in the initial set of patches for those security issues.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (6):
Use _XEatDataWords to avoid overflow of rep.length shifting
integer overflow in XvMCListSurfaceTypes() [CVE-2013-1990 1/2]
integer overflow in XvMCListSubpictureTypes() [CVE-2013-1990 2/2]
integer overflow in _xvmc_create_*()
Multiple unvalidated assumptions in XvMCGetDRInfo() [CVE-2013-1999]
libXvMC 1.0.8
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Dave Airlie (1):
Multiple unvalidated patches in CVE-2013-1999
Julien Cristau (1):
avoid overflowing by making nameLen and busIDLen addition overflow
This bugfix release delivers the fixes for the recently announced security
issue CVE-2013-1987.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (5):
Use _XEatDataWords to avoid overflow of rep.length bit shifting
integer overflow in XRenderQueryFilters() [CVE-2013-1987 1/3]
integer overflow in XRenderQueryFormats() [CVE-2013-1987 2/3]
integer overflow in XRenderQueryPictIndexValues() [CVE-2013-1987 3/3]
libXrender 0.9.8
Colin Walters (1):
autogen.sh: Implement GNOME Build API
- fix compile problem on newer NetBSD systems that have newlocale support
- fix a couple of cases where ctype functions called with plain char
- last two items from joerg@
(1) clang flags:
dd_rescue.c:1494:22: warning: implicit declaration of function 'basename' is invalid in C99 [-Wimplicit-function-declaration]
const char* ibase = basename(inm);
(3) clang flags:
dd_recue.c:(.text+0x12b4): undefined reference to `mypread'
dd_rescue.c:(.text+0x1374): undefined reference to `mypwrite'
Reported by joerg@ bulkbuild, and discussed on tech-pkg@, thanks.
What is LPeg? LPeg is a new (well, not that new now) pattern-matching
library for Lua, based on Parsing Expression Grammars (PEGs).
What is new in version 0.12?
+ no "unsigned short" limit for pattern sizes
+ mathtime captures considered nullable (*)
+ some bugs and compiler warnings fixed
Where to get it?
http://www.inf.puc-rio.br/~roberto/lpeg/lpeg-0.12-rc1.tar.gz
(*) Although this change can be considered logically a bug fix, it can
lead to some old patterns being refused with a "loop body may accept
empty string" error. It should be easy to fix these patterns.
