From ca33affea49de655ea0a1aa27accea11f84df7c1 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 27 May 2013 14:31:43 +0000
Subject: main/libxtst: fix CVE-2013-2063

ref #1931
---
 main/libxtst/APKBUILD | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

(limited to 'main/libxtst/APKBUILD')

diff --git a/main/libxtst/APKBUILD b/main/libxtst/APKBUILD
index c4eb84bf9..c87af4a04 100644
--- a/main/libxtst/APKBUILD
+++ b/main/libxtst/APKBUILD
@@ -1,30 +1,52 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxtst
 pkgver=1.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="X11 Testing -- Resource extension library"
 url="http://xorg.freedesktop.org/"
 arch="all"
 license="custom"
 subpackages="$pkgname-dev $pkgname-doc"
 depends=
-makedepends="pkgconfig libxext-dev libxi-dev recordproto inputproto"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2"
 depends_dev="recordproto libx11-dev libxext-dev inputproto libxi-dev"
+makedepends="$depends_dev libtool autoconf automake util-macros"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2
+	0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+	0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
+	"
 
-build ()
-{
-	cd "$srcdir"/libXtst-$pkgver
+_builddir="$srcdir"/libXtst-$pkgver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+	libtoolize --force && aclocal && autoheader && autoconf \
+		&& automake --add-missing
+}
+
+build() {
+	cd "$_builddir"
 	./configure --prefix=/usr \
 		--build=${CHOST} --host=${CHOST}
 	make || return 1
 }
 
 package() {
-	cd "$srcdir"/libXtst-$pkgver
+	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
 }
 
-md5sums="e8abc5c00c666f551cf26aa53819d592  libXtst-1.2.1.tar.bz2"
+md5sums="e8abc5c00c666f551cf26aa53819d592  libXtst-1.2.1.tar.bz2
+ef5006c916511e087973d797a60aaee1  0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+641e6194973b4d324f8278faa821b87a  0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
+sha256sums="7eea3e66e392aca3f9dad6238198753c28e1c32fa4903cbb7739607a2504e5e0  libXtst-1.2.1.tar.bz2
+bba7db9220b8a91b5ca71133af55414851d350e81c6142e74e7c44a3fc57c052  0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+d67b95b9bf1587e48bc4009d1d100ed1ee3a611ed07869bb157290064986db6f  0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
+sha512sums="287c10a761d30acc988399e23de1ecb7c90d8bd4d363cd03cd0a02eb232e37b0943f359fae76a8e68504ccadc2b7c0117bfebee75e00a0b6f58397658f8ebe0d  libXtst-1.2.1.tar.bz2
+0144a420f78f5377acd2548355089596439437d1d19945532428a1cc5f263155f03ebfbba668f9c468525c579aa091d4ddf27006ec4d55246bd045a7e6ff9739  0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+730a9ad7c8aafd8f161bf7cbbd4bbd2c62d4fc6cf50a69f5575a4c52e9a2d712e36bb4e3b9325f628a2f71115ce8797ac93aa7bf023d0abe7ba3603f33f47e81  0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
-- 
cgit v1.2.3