main/libxres: fix CVE-2013-1988

ref #1931

1 files changed, 39 insertions, 9 deletions

diff --git a/main/libxres/APKBUILD b/main/libxres/APKBUILD
index fc23b9d49e..705ca3e2dc 100644
--- a/main/libxres/APKBUILD
+++ b/main/libxres/APKBUILD
@@ -1,30 +1,60 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxres
 pkgver=1.0.6
-pkgrel=0
+pkgrel=1
 pkgdesc="X11 Resource extension library"
 url="http://xorg.freedesktop.org"
 arch="all"
 license="custom"
 subpackages="$pkgname-dev $pkgname-doc"
-makedepends="pkgconfig libxext-dev resourceproto"
 depends=
-source="http://xorg.freedesktop.org/releases/individual/lib/libXres-$pkgver.tar.bz2"
+depends_dev="xproto resourceproto libx11-dev libxext-dev"
+makedepends="$depends_dev libtool autoconf automake util-macros"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXres-$pkgver.tar.bz2
+	0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+	0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
+	0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
+	0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch
+	"
 
-depends_dev="xproto libx11-dev libxext-dev"
-build ()
-{
-	cd "$srcdir"/libXres-$pkgver
+_builddir="$srcdir"/libXres-$pkgver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+	libtoolize --force && aclocal && autoheader && autoconf \
+		&& automake --add-missing
+}
+
+build() {
+	cd "$_builddir"
 	./configure --prefix=/usr \
 		--sysconfdir=/etc 
 	make || return 1
 }
 
 package() {
-	cd "$srcdir"/libXres-$pkgver
+	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la
 	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
 }
 
-md5sums="80d0c6d8522fa7a645e4f522e9a9cd20  libXres-1.0.6.tar.bz2"
+md5sums="80d0c6d8522fa7a645e4f522e9a9cd20  libXres-1.0.6.tar.bz2
+1c9e87b0d44dd1e3630c2dace1885f5c  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+b846d11e2aded99e05b17f582704a2b8  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
+d30b38ef42f65a9409ff53df81257ca2  0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
+791bd7a8effc52ed2e5ae266729b317a  0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch"
+sha256sums="ff8661c925e8b182f98ae98f02bbd93c55259ef7f34a92c1a126b6074ebde890  libXres-1.0.6.tar.bz2
+6069a7690f226a98e5ca898e0213f96672ad47a3ce2fbd4079cce185bf7842e2  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+5ae734771ea853177771b7ef566c1ebc8a365c301353fc1883007d2c560df26e  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
+c40579e8ce20316710339fe1c497b3b75e641a1de66321892f40b71ca0e316db  0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
+4ce80a734022df47f5c6b6bbb984446c67ca2dff7231dee5c1686f496bf6ab30  0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch"
+sha512sums="ba884e32446946520d1ba81764fac64f5350fb109cff1846e839c2a9ef11708ebd39d4434525a373af0c10250fc5f508a34f965f9e2312d5bc50ccbefbafa65c  libXres-1.0.6.tar.bz2
+ffa4def53bd8e99120526e55d5eb025e135517e8d6d43fb6abd64ec9c3c4234d026bdb5d35477292aecb3a56f44041a2b1338909997bc671adca43f175d9f774  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+6a9d2e50b5bf128c5a9366b227b4d0649388aea5907e180346ac53ddb0685afad05d22d24b7953e7c323292153aa5867582adf9940420da69eef2b67ff0597d3  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
+ea313a26f8ffffcaa8de2a813e8df775b534895b0d8400640292e94465a80b20daf3ee45db25695e6ca867f298b6490beeb5b5bf67065b001e4a9f971534c474  0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
+d8b4be3b9a69f33c32254f23dfa51fd4154ea1afae498aea2ab841a7d98e526af666b4a3b9df8f011f04d440e6f20ea0e9c58627eb7030992a2e0897b8f02ad7  0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch"