diff --git a/U_0001-XauFileName-reset-bsize-when-malloc-failed.patch b/U_0001-XauFileName-reset-bsize-when-malloc-failed.patch new file mode 100644 index 0000000..a9d6072 --- /dev/null +++ b/U_0001-XauFileName-reset-bsize-when-malloc-failed.patch @@ -0,0 +1,32 @@ +From 67beb3d0bc41c3416902c858f595b35306f76704 Mon Sep 17 00:00:00 2001 +From: Fuminobu TAKEYAMA +Date: Sun, 29 Sep 2013 09:21:05 -0700 +Subject: [PATCH 1/2] XauFileName: reset bsize when malloc failed + +https://bugs.freedesktop.org/show_bug.cgi?id=69929 + +Reviewed-by: Alan Coopersmith +Signed-off-by: Alan Coopersmith +--- + AuFileName.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/AuFileName.c b/AuFileName.c +index 0904273..63d4956 100644 +--- a/AuFileName.c ++++ b/AuFileName.c +@@ -70,8 +70,10 @@ XauFileName (void) + if (buf) + free (buf); + buf = malloc (size); +- if (!buf) ++ if (!buf) { ++ bsize = 0; + return NULL; ++ } + + if (!atexit_registered) { + atexit(free_filename_buffer); +-- +1.8.1.4 + diff --git a/U_0002-XauFileName-always-go-through-buf-allocation-if-buf-.patch b/U_0002-XauFileName-always-go-through-buf-allocation-if-buf-.patch new file mode 100644 index 0000000..d87fde4 --- /dev/null +++ b/U_0002-XauFileName-always-go-through-buf-allocation-if-buf-.patch @@ -0,0 +1,27 @@ +From 304a11be4727c5a7feeb2501e8e001466f8ce84e Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Sun, 29 Sep 2013 09:23:45 -0700 +Subject: [PATCH 2/2] XauFileName: always go through buf allocation if buf is + NULL + +Signed-off-by: Alan Coopersmith +--- + AuFileName.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/AuFileName.c b/AuFileName.c +index 63d4956..7cedfcc 100644 +--- a/AuFileName.c ++++ b/AuFileName.c +@@ -66,7 +66,7 @@ XauFileName (void) + return NULL; + } + size = strlen (name) + strlen(&slashDotXauthority[1]) + 2; +- if (size > bsize) { ++ if ((size > bsize) || (buf == NULL)) { + if (buf) + free (buf); + buf = malloc (size); +-- +1.8.1.4 + diff --git a/libXau.changes b/libXau.changes index b8dfc1e..3ca2564 100644 --- a/libXau.changes +++ b/libXau.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Sep 30 10:12:46 UTC 2013 - sndirsch@suse.com + +- U_0001-XauFileName-reset-bsize-when-malloc-failed.patch/ + U_0002-XauFileName-always-go-through-buf-allocation-if-buf-.patch + * fixes regression in libXau 1.0.8, which resulted in a crash in + Mozilla (bnc#831620,fdo#69929) + ------------------------------------------------------------------- Wed May 29 22:21:50 UTC 2013 - tobias.johannes.klausmann@mni.thm.de diff --git a/libXau.spec b/libXau.spec index 7f536e7..ca9b220 100644 --- a/libXau.spec +++ b/libXau.spec @@ -28,6 +28,8 @@ Url: http://xorg.freedesktop.org/ #Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXau #Git-Web: http://cgit.freedesktop.org/xorg/lib/libXau/ Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2 +Patch1: U_0001-XauFileName-reset-bsize-when-malloc-failed.patch +Patch2: U_0002-XauFileName-always-go-through-buf-allocation-if-buf-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #git#BuildRequires: autoconf >= 2.60, automake BuildRequires: fdupes @@ -77,6 +79,8 @@ in %lname. %prep %setup -q +%patch1 -p1 +%patch2 -p1 %build %configure --disable-static