mesa: Changes to 'ubuntu-precise'

Maarten Lankhorst Wed, 09 Jan 2013 03:57:16 -0800

 debian/changelog                      |   10 ++++++++++
 debian/patches/50-CVE-2012-2864.patch |   33 +++++++++++++++++++++++++++++++++
 debian/patches/series                 |    1 +
 3 files changed, 44 insertions(+)


New commits:
commit 964862dcd1f203ad804561ba2c2636fdfaffe89a
Author: Maarten Lankhorst <maarten.lankho...@canonical.com>
Date:   Wed Jan 9 12:39:24 2013 +0100

    SECURITY UPDATE: samplers array overflow (LP: #1046933)
    
    * SECURITY UPDATE: samplers array overflow (LP: #1046933)
      - debian/patches/50-CVE-2012-2864.patch: ensure that more than
        MAX_SAMPLERS are not used
      - CVE-2012-2864

diff --git a/debian/changelog b/debian/changelog
index 2c9fe92..b63838c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+mesa (8.0.4-0ubuntu0.2) precise-security; urgency=low
+
+  [ Steve Beattie ]
+  * SECURITY UPDATE: samplers array overflow (LP: #1046933)
+    - debian/patches/50-CVE-2012-2864.patch: ensure that more than
+      MAX_SAMPLERS are not used
+    - CVE-2012-2864
+
+ -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Fri, 19 Oct 2012 09:04:04 
-0400
+
 mesa (8.0.4-0ubuntu0.1) precise-proposed; urgency=low
 
   * New upstream stable release. (LP: #1019444)
diff --git a/debian/patches/50-CVE-2012-2864.patch 
b/debian/patches/50-CVE-2012-2864.patch
new file mode 100644
index 0000000..5fc3999
--- /dev/null
+++ b/debian/patches/50-CVE-2012-2864.patch
@@ -0,0 +1,33 @@
+Origin: 
http://cgit.freedesktop.org/mesa/mesa/commit/src/glsl/link_uniforms.cpp?id=ff996cafce511dd8a6c4e066e409c23e147a670c
+From ff996cafce511dd8a6c4e066e409c23e147a670c Mon Sep 17 00:00:00 2001
+From: Stéphane Marchesin <marc...@chromium.org>
+Date: Wed, 15 Aug 2012 00:15:54 +0000
+Subject: glsl/linker: Avoid buffer over-run in 
parcel_out_uniform_storage::visit_field
+
+When too may uniforms are used, the error will be caught in
+check_resources (src/glsl/linker.cpp).
+
+NOTE: This is a candidate for the 8.0 branch.
+
+Signed-off-by: Stéphane Marchesin <marc...@chromium.org>
+Reviewed-by: Ian Romanick <ian.d.roman...@intel.com>
+Tested-by: Benoit Jacob <bja...@mozilla.com>
+
+CVE-2012-2864
+
+---
+(limited to 'src/glsl/link_uniforms.cpp')
+
+Index: mesa-8.0.4/src/glsl/link_uniforms.cpp
+===================================================================
+--- mesa-8.0.4.orig/src/glsl/link_uniforms.cpp 2012-10-19 09:02:52.998649667 
-0400
++++ mesa-8.0.4/src/glsl/link_uniforms.cpp      2012-10-19 09:03:55.490649071 
-0400
+@@ -275,7 +275,7 @@
+        const gl_texture_index target = base_type->sampler_index();
+        const unsigned shadow = base_type->sampler_shadow;
+        for (unsigned i = this->uniforms[id].sampler
+-               ; i < this->next_sampler
++               ; i < MIN2(this->next_sampler, MAX_SAMPLERS)
+                ; i++) {
+           this->targets[i] = target;
+           this->shader_samplers_used |= 1U << i;
diff --git a/debian/patches/series b/debian/patches/series
index 593506e..9f3e365 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
 117_nullptr_check_in_query_version.patch
 118_glsl_initialize_samplers.patch
 119_reduce_wm_thread_count_on_ivb_gt1.diff
+50-CVE-2012-2864.patch


-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1tsu0j-0005bv...@vasks.debian.org

mesa: Changes to 'ubuntu-precise'

Reply via email to