From e6d9eccdf7eeb94ed8fdd2cd4e7ebd51ed7fb04a Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 24 May 2013 09:55:00 +0000
Subject: main/libxt: fix CVE-2013-2002,CVE-2013-2005

ref #1931
---
 main/libxt/APKBUILD | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

(limited to 'main/libxt/APKBUILD')

diff --git a/main/libxt/APKBUILD b/main/libxt/APKBUILD
index 3e5c6686e..c2b318a96 100644
--- a/main/libxt/APKBUILD
+++ b/main/libxt/APKBUILD
@@ -1,29 +1,50 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxt
 pkgver=1.1.3
-pkgrel=0
+pkgrel=1
 pkgdesc="X11 toolkit intrinsics library"
 url="http://xorg.freedesktop.org/"
 arch="all"
 license="custom"
 subpackages="$pkgname-dev $pkgname-doc"
 depends=
-makedepends="pkgconfig libsm-dev libice-dev libx11-dev e2fsprogs-dev"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXt-$pkgver.tar.bz2"
-
 depends_dev="xproto libx11-dev libsm-dev"
+makedepends="$depends_dev libice-dev e2fsprogs-dev"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXt-$pkgver.tar.bz2
+	0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
+	0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch
+	"
+
+_builddir="$srcdir"/libXt-$pkgver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
 
 build () {
-	cd "$srcdir"/libXt-$pkgver
+	cd "$_builddir"
 	./configure --prefix=/usr \
 		--sysconfdir=/etc \
-		--disable-install-makestrs
+		|| return 1
 	make || return 1
 }
 
 package() {
-	cd "$srcdir"/libXt-$pkgver
+	cd "$_builddir"
 	make -j1 DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
-md5sums="a6f137ae100e74ebe3b71eb4a38c40b3  libXt-1.1.3.tar.bz2"
+md5sums="a6f137ae100e74ebe3b71eb4a38c40b3  libXt-1.1.3.tar.bz2
+ddbc29bbc588eaeb01c01a94ddf8cdb8  0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
+4ffbba851dcb9031ec620e48d0acffe9  0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch"
+sha256sums="8db593c3fc5ffc4e9cd854ba50af1eac9b90d66521ba17802b8f1e0d2d7f05bd  libXt-1.1.3.tar.bz2
+84d0bc18fb74b4bbde40ec19e7745db1fc8cdc131a2578361005b289fa6dcb09  0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
+758c710f423e22d17b8938574bebf8dc5c8193ef8296f8c8fb974229f886420c  0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch"
+sha512sums="26d81ddb00f2d231afe37f0d55be9aaf95f0926086751d1816d02d15244e8ac7dc61e4e96e6ac33b2d22455aa7992c7b86e5bc9eada4ebcecaf6909dc0939416  libXt-1.1.3.tar.bz2
+b1e7040636ff0ab4d67c522c46aa72d134ca47bfb8553288a28e6e69e1aafcb9bce41e4a55b2356d7145fdacef72c5018ff96923bf46d7c21e15bf30d23d40e3  0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
+e43430f8b904bce0a6e171a6e24f7dc85bcfa9741d742c00d7f616744ae629b7ea3bdb32dd2b4c8f006880657f6ffc809966b69ce24bdf2343ecedf4fe579b1c  0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch"
-- 
cgit v1.2.3