From f227313aae602dec3a6c8c11123807028c9062d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Sun, 25 Oct 2015 16:03:24 +0200
Subject: main/at-spi2-core: fix buffer overrun

detected by fortify
---
 main/at-spi2-core/APKBUILD                 | 16 ++++++++++------
 main/at-spi2-core/fix-buffer-overrun.patch | 12 ++++++++++++
 2 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 main/at-spi2-core/fix-buffer-overrun.patch

diff --git a/main/at-spi2-core/APKBUILD b/main/at-spi2-core/APKBUILD
index 560f1e6c9d..fb0d83c3fb 100644
--- a/main/at-spi2-core/APKBUILD
+++ b/main/at-spi2-core/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=at-spi2-core
 pkgver=2.16.0
-pkgrel=0
+pkgrel=1
 pkgdesc="Protocol definitions and daemon for D-Bus at-spi"
 url="http://www.linuxfoundation.org/en/AT-SPI_on_D-Bus"
 arch="all"
@@ -11,8 +11,9 @@ depends=""
 depends_dev="dbus-dev glib-dev libxtst-dev"
 makedepends="$depends_dev intltool gobject-introspection-dev"
 install=""
-subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
-source="http://download.gnome.org/sources/at-spi2-core/${pkgver%.*}/at-spi2-core-$pkgver.tar.xz"
+subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-lang"
+source="http://download.gnome.org/sources/at-spi2-core/${pkgver%.*}/at-spi2-core-$pkgver.tar.xz
+	fix-buffer-overrun.patch"
 
 _builddir="$srcdir"/at-spi2-core-$pkgver
 prepare() {
@@ -42,6 +43,9 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-md5sums="be6eeea370f913b7639b609913b2cf02  at-spi2-core-2.16.0.tar.xz"
-sha256sums="1c0b77fb8ce81abbf1d80c0afee9858b3f9229f673b7881995fe0fc16b1a74d0  at-spi2-core-2.16.0.tar.xz"
-sha512sums="b61cb6dad15e2a6f6cd4788e6b63fed37d0098a56d1417b43aed2ba111a7dd7fccbe7c393f0be794bcaf900f38decbd3974c36e395548000d429086f8717df57  at-spi2-core-2.16.0.tar.xz"
+md5sums="be6eeea370f913b7639b609913b2cf02  at-spi2-core-2.16.0.tar.xz
+76658345b466f67cae3458b4693550af  fix-buffer-overrun.patch"
+sha256sums="1c0b77fb8ce81abbf1d80c0afee9858b3f9229f673b7881995fe0fc16b1a74d0  at-spi2-core-2.16.0.tar.xz
+730de56e9273cba256013ebb8e97904df8e345b3f30440f9fe71ecaa7984d27d  fix-buffer-overrun.patch"
+sha512sums="b61cb6dad15e2a6f6cd4788e6b63fed37d0098a56d1417b43aed2ba111a7dd7fccbe7c393f0be794bcaf900f38decbd3974c36e395548000d429086f8717df57  at-spi2-core-2.16.0.tar.xz
+91065867443172454c02a1246f034f22faeae3c3eef89615fee227a51feb02133496e539c9b25c2b1b5f3fcd9ff960f8c29a64b7b7dee89bf0a3febc9bc40d9d  fix-buffer-overrun.patch"
diff --git a/main/at-spi2-core/fix-buffer-overrun.patch b/main/at-spi2-core/fix-buffer-overrun.patch
new file mode 100644
index 0000000000..9c434eace7
--- /dev/null
+++ b/main/at-spi2-core/fix-buffer-overrun.patch
@@ -0,0 +1,12 @@
+diff -ru at-spi2-core-2.16.0.orig/bus/at-spi-bus-launcher.c at-spi2-core-2.16.0/bus/at-spi-bus-launcher.c
+--- at-spi2-core-2.16.0.orig/bus/at-spi-bus-launcher.c	2015-03-05 06:04:20.000000000 +0200
++++ at-spi2-core-2.16.0/bus/at-spi-bus-launcher.c	2015-10-25 16:00:32.158127066 +0200
+@@ -104,7 +104,7 @@
+ {
+   ssize_t bytes_read;
+ 
+-  while (max_bytes > 1 && (bytes_read = read (fd, buf, MAX (4096, max_bytes - 1))))
++  while (max_bytes > 1 && (bytes_read = read (fd, buf, max_bytes - 1)))
+     {
+       if (bytes_read < 0)
+         return FALSE;
-- 
cgit v1.2.3