main/xorg-server: security fix for CVE-2013-6424

fixes #2560

2 files changed, 35 insertions, 4 deletions

diff --git a/main/xorg-server/APKBUILD b/main/xorg-server/APKBUILD
index 369a9e4719..900482dc20 100644
--- a/main/xorg-server/APKBUILD
+++ b/main/xorg-server/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=xorg-server
 pkgver=1.14.4
-pkgrel=0
+pkgrel=1
 pkgdesc="X.Org X servers"
 url="http://xorg.freedesktop.org"
 arch="all"
@@ -68,6 +68,7 @@ source="http://xorg.freedesktop.org/releases/individual/xserver/$pkgname-$pkgver
 	autoconfig-nvidia.patch
 	autoconfig-sis.patch
 	fix-musl-arm.patch
+	CVE-2013-6424.patch
 	"
 
 
@@ -171,12 +172,15 @@ xnest() {
 md5sums="9d68a30258c67faa3c036a4a85e8bf97  xorg-server-1.14.4.tar.bz2
 ea4852dedbb89550f6bc113ca66348a2  autoconfig-nvidia.patch
 825ca99ea9348c66abdf2c479e0af485  autoconfig-sis.patch
-ccc57d75801b716a45ce6a67f4a9f163  fix-musl-arm.patch"
+ccc57d75801b716a45ce6a67f4a9f163  fix-musl-arm.patch
+89fe64e6bcdb7843866c793fe8445d8a  CVE-2013-6424.patch"
 sha256sums="608ccfaafb845f6e559884a30f946d365209172416710d687b190e9e1ff65dc3  xorg-server-1.14.4.tar.bz2
 66e25f76a7496c429e0aff4b0670f168719bb0ceaeb88c6f2272f2bf3ed21162  autoconfig-nvidia.patch
 7d5d36dd152eb0fab277a4aeba0a08ad77049e591a0dea92f565a4b62f0d0a50  autoconfig-sis.patch
-0cb8f7a5628037f24d05d86eed26ca0252c3ff95856367b606b64080da6db432  fix-musl-arm.patch"
+0cb8f7a5628037f24d05d86eed26ca0252c3ff95856367b606b64080da6db432  fix-musl-arm.patch
+839b5c4ac78fe9a81bc61d698e6184b8265e4ca6b05449728ff5d9cde4adbe78  CVE-2013-6424.patch"
 sha512sums="c288a9d38b08d675b90e860539c4cbd423be90fa27dd1a5fa443076475801bfa74b1f5a0dd6282cc1c9c8ff30bdff77c1eb587186479ebfcaf57185c2affba8a  xorg-server-1.14.4.tar.bz2
 4dcaa60fbfc61636e7220a24a72bba19984a6dc752061cb40b1bd566c0e614d08927b6c223ffaaaa05636765fddacdc3113fde55d25fd09cd0c786ff44f51447  autoconfig-nvidia.patch
 30a78f4278edd535c45ee3f80933427cb029a13abaa4b041f816515fdd8f64f00b9c6aef50d4eba2aaf0d4f333e730399864fd97fa18891273601c77a6637200  autoconfig-sis.patch
-fdb45ed50e5aeac1bc8d22f1377517c52235aea7d15bb4664a774aea5c2c4fbbc9654dce6e5b3fee15ec9eadb2f87f88ca7d62a36c458df8a0dfa5b431ab225a  fix-musl-arm.patch"
+fdb45ed50e5aeac1bc8d22f1377517c52235aea7d15bb4664a774aea5c2c4fbbc9654dce6e5b3fee15ec9eadb2f87f88ca7d62a36c458df8a0dfa5b431ab225a  fix-musl-arm.patch
+5cf48a5e1e4a51285622505928ddc2379482db7e0c65a74d67b4321ed8a45ba74695a69aab9c4a6b46b8e6ba5d947f9067b23d5aef98e439f849c9485ca8a869  CVE-2013-6424.patch"
diff --git a/main/xorg-server/CVE-2013-6424.patch b/main/xorg-server/CVE-2013-6424.patch
new file mode 100644
index 0000000000..512cec36cd
--- /dev/null
+++ b/main/xorg-server/CVE-2013-6424.patch
@@ -0,0 +1,27 @@
+diff --git a/exa/exa_render.c b/exa/exa_render.c
+index 172e2b5..807eeba 100644
+--- a/exa/exa_render.c
++++ b/exa/exa_render.c
+@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
+ 
+         exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+         for (; ntrap; ntrap--, traps++)
+-            (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
++            if (xTrapezoidValid(traps))
++                (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
+         exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ 
+         xRel = bounds.x1 + xSrc - xDst;
+diff --git a/render/picture.h b/render/picture.h
+index c85353a..fcd6401 100644
+--- a/render/picture.h
++++ b/render/picture.h
+@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
+ /* whether 't' is a well defined not obviously empty trapezoid */
+ #define xTrapezoidValid(t)  ((t)->left.p1.y != (t)->left.p2.y && \
+ 			     (t)->right.p1.y != (t)->right.p2.y && \
+-			     (int) ((t)->bottom - (t)->top) > 0)
++			     ((t)->bottom > (t)->top))
+ 
+ /*
+  * Standard NTSC luminance conversions: