From b38525cec841341dd78da55da2b6c973cef76263 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= Date: Fri, 31 May 2013 10:52:42 +0200 Subject: main/libxcursor: upgrade to 1.1.14 --- main/libxcursor/APKBUILD | 14 +++++--------- main/libxcursor/CVE-2013-2003.patch | 34 ---------------------------------- 2 files changed, 5 insertions(+), 43 deletions(-) delete mode 100644 main/libxcursor/CVE-2013-2003.patch (limited to 'main/libxcursor') diff --git a/main/libxcursor/APKBUILD b/main/libxcursor/APKBUILD index e769d48313..c1d14bcc6e 100644 --- a/main/libxcursor/APKBUILD +++ b/main/libxcursor/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa pkgname=libxcursor -pkgver=1.1.13 +pkgver=1.1.14 pkgrel=1 pkgdesc="X cursor management library" url="http://xorg.freedesktop.org/" @@ -10,8 +10,7 @@ subpackages="$pkgname-dev $pkgname-doc" depends= depends_dev="xproto libx11-dev libxrender-dev libxfixes-dev" makedepends="$depends_dev" -source="http://xorg.freedesktop.org/releases/individual/lib/libXcursor-$pkgver.tar.bz2 - CVE-2013-2003.patch" +source="http://xorg.freedesktop.org/releases/individual/lib/libXcursor-$pkgver.tar.bz2" _builddir="$srcdir"/libXcursor-$pkgver prepare() { @@ -36,9 +35,6 @@ package() { make DESTDIR="$pkgdir" install || return 1 rm "$pkgdir"/usr/lib/*.la || return 1 } -md5sums="52efa81b7f26c8eda13510a2fba98eea libXcursor-1.1.13.tar.bz2 -e604d93c5dfcc22078129959acc9a6d5 CVE-2013-2003.patch" -sha256sums="f78827de4a1b7ce8cceca24a9ab9d1b1d2f6a61362f505166ffc19b07c0bad8f libXcursor-1.1.13.tar.bz2 -9d7d03d476f92b3527daa825c7d7986f3048ced65cf548ab2667b3834b3560c8 CVE-2013-2003.patch" -sha512sums="81e9523c8181341b6607a97e493f065ac094638479a6094360d1adbccd637c9c7397c28b700e2abd568f42f4ba43a62153186371f6706b06959980b435bb45cc libXcursor-1.1.13.tar.bz2 -c471d5a3823d8206ee2dfe27482ed83559444a989aeeee49b67bf0d77c6a6dd6fb74d2708766b41c3e28cc89249c6ba5c41454aac2df3aeb57d2c1cc706effa0 CVE-2013-2003.patch" +md5sums="1e7c17afbbce83e2215917047c57d1b3 libXcursor-1.1.14.tar.bz2" +sha256sums="9bc6acb21ca14da51bda5bc912c8955bc6e5e433f0ab00c5e8bef842596c33df libXcursor-1.1.14.tar.bz2" +sha512sums="687963b54da66be25371f64a88f91812b38de4ffc3b806070f3aeb1da379df16ede819201a352b3fb66efc6b40a36a22770add3ae464f2008aff3e23cb60a8e6 libXcursor-1.1.14.tar.bz2" diff --git a/main/libxcursor/CVE-2013-2003.patch b/main/libxcursor/CVE-2013-2003.patch deleted file mode 100644 index a4f41e1453..0000000000 --- a/main/libxcursor/CVE-2013-2003.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8f677eaea05290531d007d1fec2768119926088d Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith -Date: Sat, 13 Apr 2013 04:17:28 +0000 -Subject: signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003] - -When parsing cursor files, a user defined (e.g. through environment -variables) cursor file is opened and parsed. - -The header is read in _XcursorReadFileHeader(), which reads an unsigned -int for the number of toc structures in the header, but it was being -passed to _XcursorFileHeaderCreate() as a signed int to allocate those -structures. If the number was negative, it would pass the bounds check -and could overflow the calculation for how much memory to allocate to -store the data being read, leading to overflowing the buffer with the -data read from the user controlled file. - -Reported-by: Ilja Van Sprundel -Signed-off-by: Alan Coopersmith ---- -diff --git a/src/file.c b/src/file.c -index efe6d4b..ce9de78 100644 ---- a/src/file.c -+++ b/src/file.c -@@ -205,7 +205,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader) - } - - static XcursorFileHeader * --_XcursorFileHeaderCreate (int ntoc) -+_XcursorFileHeaderCreate (XcursorUInt ntoc) - { - XcursorFileHeader *fileHeader; - --- -cgit v0.9.0.2-2-gbebe -- cgit v1.2.3