aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch88
-rw-r--r--main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch81
-rw-r--r--main/libxtst/APKBUILD22
3 files changed, 6 insertions, 185 deletions
diff --git a/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch b/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
deleted file mode 100644
index 43fa1e0d76..0000000000
--- a/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 46ed6283034b5b7d14584009453f5d974cfacf1e Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 13 Apr 2013 11:05:27 -0700
-Subject: [PATCH 1/2] Use _XEatDataWords to eat data in error cases
-
-Avoids having to do calculcations based on response contents
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- configure.ac | 6 ++++++
- src/XRecord.c | 23 +++++++++++++++++------
- 2 files changed, 23 insertions(+), 6 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 7ef0153..d83d4d8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -47,6 +47,12 @@ XORG_CHECK_SGML_DOCTOOLS(1.8)
- # Obtain compiler/linker options for depedencies
- PKG_CHECK_MODULES(XTST, x11 [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto)
-
-+# Check for _XEatDataWords function that may be patched into older Xlib release
-+SAVE_LIBS="$LIBS"
-+LIBS="$XTST_LIBS"
-+AC_CHECK_FUNCS([_XEatDataWords])
-+LIBS="$SAVE_LIBS"
-+
- # Determine if the source for man pages is available
- # It may already be present (tarball) or can be generated using xmlto
- AM_CONDITIONAL([INSTALL_MANPAGES],
-diff --git a/src/XRecord.c b/src/XRecord.c
-index b65451c..ba628b6 100644
---- a/src/XRecord.c
-+++ b/src/XRecord.c
-@@ -49,6 +49,9 @@ from The Open Group.
- * By Stephen Gildea, X Consortium, and Martha Zimet, NCD.
- */
-
-+#ifdef HAVE_CONFIG_H
-+#include <config.h>
-+#endif
- #include <stdio.h>
- #include <assert.h>
- #include <X11/Xlibint.h>
-@@ -56,6 +59,18 @@ from The Open Group.
- #include <X11/extensions/extutil.h>
- #include <X11/extensions/recordproto.h>
- #include <X11/extensions/record.h>
-+#include <limits.h>
-+
-+#ifndef HAVE__XEATDATAWORDS
-+static inline void _XEatDataWords(Display *dpy, unsigned long n)
-+{
-+# ifndef LONG64
-+ if (n >= (ULONG_MAX >> 2))
-+ _XIOError(dpy);
-+# endif
-+ _XEatData (dpy, n << 2);
-+}
-+#endif
-
- static XExtensionInfo _xrecord_info_data;
- static XExtensionInfo *xrecord_info = &_xrecord_info_data;
-@@ -427,7 +442,7 @@ XRecordGetContext(Display *dpy, XRecordContext context,
-
- ret = (XRecordState*)Xmalloc(sizeof(XRecordState));
- if (!ret) {
-- /* XXX - eat data */
-+ _XEatDataWords (dpy, rep.length);
- UnlockDisplay(dpy);
- SyncHandle();
- return 0;
-@@ -446,11 +461,7 @@ XRecordGetContext(Display *dpy, XRecordContext context,
- }
- if (!client_inf || !client_inf_str)
- {
-- for(i = 0; i < count; i++)
-- {
-- _XEatData (dpy, sizeof(xRecordClientInfo));
-- _XEatData (dpy, SIZEOF(xRecordRange)); /* XXX - don't know how many */
-- }
-+ _XEatDataWords (dpy, rep.length);
- UnlockDisplay(dpy);
- XRecordFreeState(ret);
- SyncHandle();
---
-1.8.2.3
-
diff --git a/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch b/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
deleted file mode 100644
index 661a464fd0..0000000000
--- a/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From e7e04b7be3f018ad636aba3a36bfc1cd80b9906d Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 13 Apr 2013 11:27:26 -0700
-Subject: [PATCH 2/2] integer overflow in XRecordGetContext() [CVE-2013-2063]
-
-The nclients and nranges members of the reply are both CARD32 and need
-to be bounds checked before multiplying by the size of the structs to
-avoid integer overflow leading to underallocation and writing data from
-the network past the end of the allocated buffer.
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XRecord.c | 32 +++++++++++++++++++++-----------
- 1 file changed, 21 insertions(+), 11 deletions(-)
-
-diff --git a/src/XRecord.c b/src/XRecord.c
-index ba628b6..5bbd5ac 100644
---- a/src/XRecord.c
-+++ b/src/XRecord.c
-@@ -420,11 +420,9 @@ XRecordGetContext(Display *dpy, XRecordContext context,
- XExtDisplayInfo *info = find_display (dpy);
- register xRecordGetContextReq *req;
- xRecordGetContextReply rep;
-- int count, i, rn;
-+ unsigned int count, i, rn;
- xRecordRange xrange;
-- XRecordRange *ranges = NULL;
- xRecordClientInfo xclient_inf;
-- XRecordClientInfo **client_inf, *client_inf_str = NULL;
- XRecordState *ret;
-
- XRecordCheckExtension (dpy, info, 0);
-@@ -454,13 +452,18 @@ XRecordGetContext(Display *dpy, XRecordContext context,
-
- if (count)
- {
-- client_inf = (XRecordClientInfo **) Xcalloc(count, sizeof(XRecordClientInfo*));
-- ret->client_info = client_inf;
-- if (client_inf != NULL) {
-- client_inf_str = (XRecordClientInfo *) Xmalloc(count*sizeof(XRecordClientInfo));
-+ XRecordClientInfo **client_inf = NULL;
-+ XRecordClientInfo *client_inf_str = NULL;
-+
-+ if (count < (INT_MAX / sizeof(XRecordClientInfo))) {
-+ client_inf = Xcalloc(count, sizeof(XRecordClientInfo *));
-+ if (client_inf != NULL)
-+ client_inf_str = Xmalloc(count * sizeof(XRecordClientInfo));
- }
-+ ret->client_info = client_inf;
- if (!client_inf || !client_inf_str)
- {
-+ free(client_inf);
- _XEatDataWords (dpy, rep.length);
- UnlockDisplay(dpy);
- XRecordFreeState(ret);
-@@ -476,11 +479,18 @@ XRecordGetContext(Display *dpy, XRecordContext context,
-
- if (xclient_inf.nRanges)
- {
-- client_inf_str[i].ranges = (XRecordRange**) Xcalloc(xclient_inf.nRanges, sizeof(XRecordRange*));
-- if (client_inf_str[i].ranges != NULL) {
-- ranges = (XRecordRange*)
-- Xmalloc(xclient_inf.nRanges * sizeof(XRecordRange));
-+ XRecordRange *ranges = NULL;
-+
-+ if (xclient_inf.nRanges < (INT_MAX / sizeof(XRecordRange))) {
-+ client_inf_str[i].ranges =
-+ Xcalloc(xclient_inf.nRanges, sizeof(XRecordRange *));
-+ if (client_inf_str[i].ranges != NULL)
-+ ranges =
-+ Xmalloc(xclient_inf.nRanges * sizeof(XRecordRange));
- }
-+ else
-+ client_inf_str[i].ranges = NULL;
-+
- if (!client_inf_str[i].ranges || !ranges) {
- /* XXX eat data */
- UnlockDisplay(dpy);
---
-1.8.2.3
-
diff --git a/main/libxtst/APKBUILD b/main/libxtst/APKBUILD
index c87af4a041..30da3627f4 100644
--- a/main/libxtst/APKBUILD
+++ b/main/libxtst/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libxtst
-pkgver=1.2.1
-pkgrel=1
+pkgver=1.2.2
+pkgrel=0
pkgdesc="X11 Testing -- Resource extension library"
url="http://xorg.freedesktop.org/"
arch="all"
@@ -9,10 +9,8 @@ license="custom"
subpackages="$pkgname-dev $pkgname-doc"
depends=
depends_dev="recordproto libx11-dev libxext-dev inputproto libxi-dev"
-makedepends="$depends_dev libtool autoconf automake util-macros"
+makedepends="$depends_dev"
source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2
- 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
- 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
"
_builddir="$srcdir"/libXtst-$pkgver
@@ -23,8 +21,6 @@ prepare() {
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
- libtoolize --force && aclocal && autoheader && autoconf \
- && automake --add-missing
}
build() {
@@ -41,12 +37,6 @@ package() {
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
-md5sums="e8abc5c00c666f551cf26aa53819d592 libXtst-1.2.1.tar.bz2
-ef5006c916511e087973d797a60aaee1 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
-641e6194973b4d324f8278faa821b87a 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
-sha256sums="7eea3e66e392aca3f9dad6238198753c28e1c32fa4903cbb7739607a2504e5e0 libXtst-1.2.1.tar.bz2
-bba7db9220b8a91b5ca71133af55414851d350e81c6142e74e7c44a3fc57c052 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
-d67b95b9bf1587e48bc4009d1d100ed1ee3a611ed07869bb157290064986db6f 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
-sha512sums="287c10a761d30acc988399e23de1ecb7c90d8bd4d363cd03cd0a02eb232e37b0943f359fae76a8e68504ccadc2b7c0117bfebee75e00a0b6f58397658f8ebe0d libXtst-1.2.1.tar.bz2
-0144a420f78f5377acd2548355089596439437d1d19945532428a1cc5f263155f03ebfbba668f9c468525c579aa091d4ddf27006ec4d55246bd045a7e6ff9739 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
-730a9ad7c8aafd8f161bf7cbbd4bbd2c62d4fc6cf50a69f5575a4c52e9a2d712e36bb4e3b9325f628a2f71115ce8797ac93aa7bf023d0abe7ba3603f33f47e81 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
+md5sums="25c6b366ac3dc7a12c5d79816ce96a59 libXtst-1.2.2.tar.bz2"
+sha256sums="ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c8309f6d9 libXtst-1.2.2.tar.bz2"
+sha512sums="1cf040f16d426e6a6d1cf8c0f966c171418c082165ae6e9bed6285cd45f144e4ef58bf74c6d34fd81e6894534d21df55efe5d0bc0b2a28f9bb9d74e168dd7369 libXtst-1.2.2.tar.bz2"