main/libxfont: security fixes for CVE-2014-0209, CVE-2014-0210, CVE-2014-0211

fixes #2884

1 files changed, 66 insertions, 7 deletions

diff --git a/main/libxfont/APKBUILD b/main/libxfont/APKBUILD
index f9a16bed4e..674de9991e 100644
--- a/main/libxfont/APKBUILD
+++ b/main/libxfont/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxfont
 pkgver=1.4.7
-pkgrel=0
+pkgrel=1
 pkgdesc="X11 font rasterisation library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -11,10 +11,33 @@ depends=
 install=
 depends_dev="xproto fontsproto libfontenc-dev freetype-dev"
 makedepends="$depends_dev xtrans zlib-dev"
-source="http://xorg.freedesktop.org/archive/individual/lib/libXfont-$pkgver.tar.bz2"
+source="http://xorg.freedesktop.org/archive/individual/lib/libXfont-$pkgver.tar.bz2
+	0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
+	0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
+	0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
+	0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
+	0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
+	0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
+	0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
+	0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
+	0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
+	0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
+	0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+	0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+	"
+
+_builddir="$srcdir"/libXfont-$pkgver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
 
 build() {
-	cd "$srcdir"/libXfont-$pkgver
+	cd "$_builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -25,11 +48,47 @@ build() {
 }
 
 package() {
-	cd "$srcdir"/libXfont-$pkgver
+	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
 }
-md5sums="b21ee5739d5d2e5028b302fbf9fe630b  libXfont-1.4.7.tar.bz2"
-sha256sums="d16ea3541835d296b19cfb05d7e64fc62173d8e7eb93284402ec761b951d1543  libXfont-1.4.7.tar.bz2"
-sha512sums="508e12fb5150b3a5c849b54e0ef9ece892c6c928a3dfd8e834e41c2475e5e14ce0d71dd507804abcb06349aa5e57c543791531fac3f82c54130da90c5fccdf99  libXfont-1.4.7.tar.bz2"
+md5sums="b21ee5739d5d2e5028b302fbf9fe630b  libXfont-1.4.7.tar.bz2
+668afc297c74ecf43181a4e74f809bb9  0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
+7937d8a986b630fe9644aaf54f5682a8  0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
+6f564f692b7e2c2be3b9c7401412ea8c  0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
+e4fd1232c4302c50713dbe50d36d4d89  0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
+cf0cb5b812e19fe51fa3fb2815809e57  0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
+01bab2b702009dbeeac8b606fddbd5f5  0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
+52837a81d1fc78e2e5b5d293f6232e40  0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
+83415b6f84483b0bc65bf240f207c8ed  0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
+105701747318cc10c53ada565789431b  0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
+0c82f29bc9ab1b979b26cc63a143a1aa  0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
+5124af8241ccfa9cf89d81d3ce03ca6d  0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+0174e6c3785aaa619ed0525988401628  0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch"
+sha256sums="d16ea3541835d296b19cfb05d7e64fc62173d8e7eb93284402ec761b951d1543  libXfont-1.4.7.tar.bz2
+93f9fa2a1a568c1d0b7180bfb33c56b5f59f3e8ab456105999903da358f1c6d3  0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
+b296e783fba96cefc762e461953df15a9f9810f7b5a5e2ef045230bdc98aa389  0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
+3a459adeca97e1c6737569dffeb172237f32a30e1ba4f5c5a71e0e568ad8508c  0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
+8a3271471f3537fef1f770968c290758f85df4eb30337df89f2b0b2484f717d3  0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
+77c6c2326d941ef883a3a637c492aad54847ca40dd274bb72ccb66a98d0b9b7b  0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
+28484e16edf30e8de3288636115227f4c3dff293291c06ca84a56b591c1faa67  0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
+3c0aa567a96560e2685313db9b0309d4f0fcd86589d558bd21d35ebfa9969196  0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
+3a029c190bca24edc3986d296a35424d4987927cbb846c7dad65d2c00966152f  0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
+11c5716b6de231269c66d3fdefd3b6e0e8806554d691d40c0b7959b7729f0434  0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
+d344e3dd1d10fea90f47e804238eb1f4a8ff0c72054d79472986114793064e3c  0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
+6d15c9adbcac3d3e699ccd6463d51fa77cea1c1786b71e2e44ad0271e6cd0f56  0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+4e89190f900e4e50097f530182f69b97af48968460817c9348d3cf3930fda9c9  0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch"
+sha512sums="508e12fb5150b3a5c849b54e0ef9ece892c6c928a3dfd8e834e41c2475e5e14ce0d71dd507804abcb06349aa5e57c543791531fac3f82c54130da90c5fccdf99  libXfont-1.4.7.tar.bz2
+a86f2ec600e469ad54e51b9ce1c6b1d0a3101608003feb27e23fc7e2260cbf37b050ac9d5db881f83642d0be5d1b2ff76015061d1d9214be52ad84cc6a5a7664  0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
+3a04b613bc8bdc27fb64583351d26781bd174434e561b6164f3b1d12db81dfd25ffa63151f743c2815d21c2c91d5c31ff837df86901446b43a82bf0088e25fde  0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
+06702b6d0a6f056f75c34712d2859f56b1befb83af44c3a097a65d89d19212ae42066162b2efc260e49b1cd69206157a29aaafba926392b5aa64b5b7e2a3fd1c  0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
+4e8a48685046f7a3e798c8266f2d90af2a3ae6374f32fe2a71f625d03bd76d11df9a9435a3e345ba8c3c99c9a767acdc32155861aef8ed0280c2ef2aca87e278  0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
+71a56adf04ffb9e1c66d83a7eb04d7975ab713e78aa874839e52669c2781a7428c7449a0c6369cce328e6f007a977f26754d0cfb9710ae891fadc09881933609  0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
+e0e7f95f37a3cae7d3aa3141cd1036dfa05d64f49e0c73c5c803ff85da41486bb3103bb219978a46515881eb9882439bd503cfa8ee046d78336194d186eca570  0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
+63bb4f3553dd8fc34ded4ccf804588a463d185477b0b6c5812d7a4a8a8c7760329901e217190433575238a46ea87fc50eb237de98a61c1f88f7379b8445bac51  0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
+6504a1a347000b2a1b289d31ef25d868745bee1ac4814caa2d18c8b3cef3c5f9ea0b0d5e87648609a52e2d19475e8f90ed689073bbd25ef5614a08a87c3f26b3  0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
+5d25ce9617e3b01a213c6fe9710af47b74106e843e4c25288e6e0879b0a62d97483deae332df9d3bf0c2e5fd5f0cd0b0410bd1f3def7cdd9d2e519991b0148fa  0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
+18deb576f49f165d53436429002a89fe49cd4eed1a0c4bd27aed46575463496b0e0715a990543ba87c6df732af8164851388951ad595ab3c4b44b853e313d3c3  0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
+a4bb8bf7777a3d2c9ca19e2d0452d52f117b6a5d40c6d58b4792358caa3c66dd0b0e71c2034d9c70f06e0663de950a1464167dc81d5f8a0bccd18e33318743b3  0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+80bcc61be9830b3d7427d9aba3eeec34c7583400c073d31fe54aff1f8b00811f9a3f8374696ca815b54bde1daf297e7b9a66a91b9aa1bed14cb48466703207d2  0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch"