From c564432d33fd30e957116342c63000c9203b6a6346cc58166786004cabac96f4 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Sun, 10 Dec 2017 12:44:02 +0000
Subject: [PATCH] Accepting request 555108 from home:tobijk:branches:X11:XOrg

- Update to version 1.1.15:
  * configure: Drop AM_MAINTAINER_MODE
  * autogen.sh: Honor NOCONFIGURE=1
  * Use strdup() instead of malloc(strlen())+strcpy()
  * Fix some clang integer sign/size mismatch warnings
  * autogen.sh: use quoted string variables
  * autogen: add default patch prefix
  * autogen.sh: use exec instead of waiting for configure to finish
  * Fix heap overflows when parsing malicious files. (CVE-2017-16612)
  * Insufficient memory for terminating null of string in _XcursorThemeInherits
- Drop U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch

OBS-URL: https://build.opensuse.org/request/show/555108
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libXcursor?expand=0&rev=17
---
 ...lows-due-to-integer-overflow-signedn.patch | 73 -------------------
 libXcursor-1.1.14.tar.bz2                     |  3 -
 libXcursor-1.1.15.tar.bz2                     |  3 +
 libXcursor.changes                            | 15 ++++
 libXcursor.spec                               |  4 +-
 5 files changed, 19 insertions(+), 79 deletions(-)
 delete mode 100644 U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch
 delete mode 100644 libXcursor-1.1.14.tar.bz2
 create mode 100644 libXcursor-1.1.15.tar.bz2

diff --git a/U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch b/U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch
deleted file mode 100644
index 220b2ad..0000000
--- a/U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 77a4331570c660ebee77f19eb385911299948422 Mon Sep 17 00:00:00 2001
-From: Stefan Dirsch <sndirsch@suse.de>
-Date: Tue, 21 Nov 2017 16:50:56 +0100
-Subject: [PATCH] Avoid heap overflows due to integer overflow + signedness
- issue [CVE-2017-16612]
-
-It is possible to trigger heap overflows due to an integer overflow
-while parsing images and a signedness issue while parsing comments.
-
-The integer overflow occurs because the chosen limit 0x10000 for
-dimensions is too large for 32 bit systems, because each pixel takes
-4 bytes. Properly chosen values allow an overflow which in turn will
-lead to less allocated memory than needed for subsequent reads.
-
-The signedness bug is triggered by reading the length of a comment
-as unsigned int, but casting it to int when calling the function
-XcursorCommentCreate. Turning length into a negative value allows the
-check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
-addition of sizeof (XcursorComment) + 1 makes it possible to allocate
-less memory than needed for subsequent reads.
-
-Signed-off-by: Tobias Stoeckmann
----
- src/file.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/src/file.c b/src/file.c
-index 43163c2..da16277 100644
---- a/src/file.c
-+++ b/src/file.c
-@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height)
- {
-     XcursorImage    *image;
- 
-+    if (width < 0 || height < 0)
-+       return NULL;
-+    if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
-+       return NULL;
-+
-     image = malloc (sizeof (XcursorImage) +
- 		    width * height * sizeof (XcursorPixel));
-     if (!image)
-@@ -101,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length)
- {
-     XcursorComment  *comment;
- 
--    if (length > XCURSOR_COMMENT_MAX_LEN)
-+    if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN)
- 	return NULL;
- 
-     comment = malloc (sizeof (XcursorComment) + length + 1);
-@@ -448,7 +453,8 @@ _XcursorReadImage (XcursorFile		*file,
-     if (!_XcursorReadUInt (file, &head.delay))
- 	return NULL;
-     /* sanity check data */
--    if (head.width >= 0x10000 || head.height > 0x10000)
-+    if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
-+	head.height > XCURSOR_IMAGE_MAX_SIZE)
- 	return NULL;
-     if (head.width == 0 || head.height == 0)
- 	return NULL;
-@@ -457,6 +463,8 @@ _XcursorReadImage (XcursorFile		*file,
- 
-     /* Create the image and initialize it */
-     image = XcursorImageCreate (head.width, head.height);
-+    if (image == NULL)
-+	return NULL;
-     if (chunkHeader.version < image->version)
- 	image->version = chunkHeader.version;
-     image->size = chunkHeader.subtype;
--- 
-2.13.6
-
diff --git a/libXcursor-1.1.14.tar.bz2 b/libXcursor-1.1.14.tar.bz2
deleted file mode 100644
index de0f566..0000000
--- a/libXcursor-1.1.14.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9bc6acb21ca14da51bda5bc912c8955bc6e5e433f0ab00c5e8bef842596c33df
-size 311896
diff --git a/libXcursor-1.1.15.tar.bz2 b/libXcursor-1.1.15.tar.bz2
new file mode 100644
index 0000000..3efa206
--- /dev/null
+++ b/libXcursor-1.1.15.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:294e670dd37cd23995e69aae626629d4a2dfe5708851bbc13d032401b7a3df6b
+size 331607
diff --git a/libXcursor.changes b/libXcursor.changes
index fef5414..8b42bd0 100644
--- a/libXcursor.changes
+++ b/libXcursor.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Dec  7 17:26:32 UTC 2017 - tobias.johannes.klausmann@mni.thm.de
+
+- Update to version 1.1.15:
+  * configure: Drop AM_MAINTAINER_MODE
+  * autogen.sh: Honor NOCONFIGURE=1
+  * Use strdup() instead of malloc(strlen())+strcpy()
+  * Fix some clang integer sign/size mismatch warnings
+  * autogen.sh: use quoted string variables
+  * autogen: add default patch prefix
+  * autogen.sh: use exec instead of waiting for configure to finish
+  * Fix heap overflows when parsing malicious files. (CVE-2017-16612)
+  * Insufficient memory for terminating null of string in _XcursorThemeInherits
+- Drop U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch
+
 -------------------------------------------------------------------
 Tue Nov 28 19:08:11 UTC 2017 - sndirsch@suse.com
 
diff --git a/libXcursor.spec b/libXcursor.spec
index a5e850a..64958d8 100644
--- a/libXcursor.spec
+++ b/libXcursor.spec
@@ -18,7 +18,7 @@
 
 Name:           libXcursor
 %define lname	libXcursor1
-Version:        1.1.14
+Version:        1.1.15
 Release:        0
 Summary:        X Window System Cursor management library
 License:        MIT
@@ -29,7 +29,6 @@ Url:            http://xorg.freedesktop.org/
 #Git-Web:	http://cgit.freedesktop.org/xorg/lib/libXcursor/
 Source:         http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
-Patch0:         U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:	autoconf >= 2.60, automake, libtool
 BuildRequires:  fdupes
@@ -73,7 +72,6 @@ in %lname.
 
 %prep
 %setup -q
-%patch0 -p1
 
 %build
 %configure --disable-static