2 files changed, 53 insertions, 5 deletions

diff --git a/main/libxvmc/APKBUILD b/main/libxvmc/APKBUILD
index b63902b08b..87407fadd3 100644
--- a/main/libxvmc/APKBUILD
+++ b/main/libxvmc/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxvmc
 pkgver=1.0.9
-pkgrel=0
+pkgrel=1
 pkgdesc="X11 Video Motion Compensation extension library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -10,9 +10,23 @@ subpackages="$pkgname-dev"
 depends=
 depends_dev="xproto videoproto libxv-dev libx11-dev libxext-dev"
 makedepends="$depends_dev libtool autoconf automake util-macros"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXvMC-$pkgver.tar.bz2"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXvMC-$pkgver.tar.bz2
+	CVE-2016-7953.patch
+	"
+
+# secfixes:
+#   1.0.9-r1:
+#   - CVE-2016-7953
 
 _builddir="$srcdir"/libXvMC-$pkgver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
 
 build() {
 	cd "$_builddir"
@@ -30,6 +44,9 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la
 }
-md5sums="eba6b738ed5fdcd8f4203d7c8a470c79  libXvMC-1.0.9.tar.bz2"
-sha256sums="0703d7dff6ffc184f1735ca5d4eb9dbb402b522e08e008f2f96aee16c40a5756  libXvMC-1.0.9.tar.bz2"
-sha512sums="658db91ae37cbad468a85301d77b6237674f91fad82679348c26a297bb8c1da81f6b7b13c4ff47a3d6c7f4f8fefdf270d0fde316ec14666fa4e2d1e2c4b337ca  libXvMC-1.0.9.tar.bz2"
+md5sums="eba6b738ed5fdcd8f4203d7c8a470c79  libXvMC-1.0.9.tar.bz2
+214b3716fc0efe08f9c29165e4419cc0  CVE-2016-7953.patch"
+sha256sums="0703d7dff6ffc184f1735ca5d4eb9dbb402b522e08e008f2f96aee16c40a5756  libXvMC-1.0.9.tar.bz2
+1a26c55e6c454fc64877c55b8e4650a04ad7b74d10d248c36247e1543550d5a5  CVE-2016-7953.patch"
+sha512sums="658db91ae37cbad468a85301d77b6237674f91fad82679348c26a297bb8c1da81f6b7b13c4ff47a3d6c7f4f8fefdf270d0fde316ec14666fa4e2d1e2c4b337ca  libXvMC-1.0.9.tar.bz2
+c5a6eef61ccffe6167b968e11b1b45d50007b9e2942f1374ff5a406064e08123f7994572a434c007c37dbd2dd47f9b8c9f611290aca7dd855d9bc678183cabc3  CVE-2016-7953.patch"
diff --git a/main/libxvmc/CVE-2016-7953.patch b/main/libxvmc/CVE-2016-7953.patch
new file mode 100644
index 0000000000..c57ab61b12
--- /dev/null
+++ b/main/libxvmc/CVE-2016-7953.patch
@@ -0,0 +1,31 @@
+From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sun, 25 Sep 2016 22:34:27 +0200
+Subject: Avoid buffer underflow on empty strings.
+
+If an empty string is received from an x-server, do not underrun the
+buffer by accessing "rep.nameLen - 1" unconditionally, which could end
+up being -1.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+diff --git a/src/XvMC.c b/src/XvMC.c
+index 7336760..3ee4212 100644
+--- a/src/XvMC.c
++++ b/src/XvMC.c
+@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
+ 	if (*name && *busID && tmpBuf) {
+ 	    _XRead(dpy, tmpBuf, realSize);
+ 	    strncpy(*name,tmpBuf,rep.nameLen);
+-	    (*name)[rep.nameLen - 1] = '\0';
++	    (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
+ 	    strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
+-	    (*busID)[rep.busIDLen - 1] = '\0';
++	    (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
+ 	    XFree(tmpBuf);
+ 	} else {
+ 	    XFree(*name);
+-- 
+cgit v0.10.2
+