main/libxrandr: upgrade to 1.4.1

author: Natanael Copa <ncopa@alpinelinux.org> 2013-06-06 16:11:30 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-06-06 16:11:30 +0000
commit: 1d7e3d391539e3d00b567b40ae2e6f66a96d4301 (patch)
tree: b5c963e015e0c46a55181be9928c06be976c880a /main/libxrandr
parent: 35abd83d4097101fbeeb4a212526848d22ecfa55 (diff)
download: aports-1d7e3d391539e3d00b567b40ae2e6f66a96d4301.tar.bz2
aports-1d7e3d391539e3d00b567b40ae2e6f66a96d4301.tar.xz
8 files changed, 6 insertions, 644 deletions
diff --git a/main/libxrandr/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch b/main/libxrandr/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
deleted file mode 100644
index 8c5eccb9f..000000000
--- a/main/libxrandr/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 99a63d10cbbab7d69a52d25d78795a3278506ea9 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 18 Jan 2013 23:14:01 -0800
-Subject: [PATCH 1/7] Replace deprecated Automake INCLUDES variable with
- AM_CPPFLAGS
-
-Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
-
-  - Support for the long-deprecated INCLUDES variable will be removed
-    altogether in Automake 1.14.  The AM_CPPFLAGS variable should be
-    used instead.
-
-This variable was deprecated in Automake releases prior to 1.10, which is
-the current minimum level required to build X.
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 7a47b9c..2113846 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -19,7 +19,7 @@ AM_CFLAGS = \
- 	$(MALLOC_ZERO_CFLAGS) \
- 	$(CWARNFLAGS)
- 
--INCLUDES = -I$(top_srcdir)/include/X11/extensions
-+AM_CPPFLAGS = -I$(top_srcdir)/include/X11/extensions
- 
- libXrandr_la_LDFLAGS = -version-number 2:2:0 -no-undefined
- 
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch b/main/libxrandr/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
deleted file mode 100644
index 4104b444e..000000000
--- a/main/libxrandr/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-From 1c7ad6773ce6be00dcd6e51e9be08f203abe5071 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 3 May 2013 23:29:22 -0700
-Subject: [PATCH 2/7] Use _XEatDataWords to avoid overflow of rep.length bit
- shifting
-
-rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- configure.ac              |  6 ++++++
- src/Xrandrint.h           | 13 +++++++++++++
- src/XrrCrtc.c             |  6 +++---
- src/XrrOutput.c           |  2 +-
- src/XrrProperty.c         |  9 ++++-----
- src/XrrProvider.c         |  4 ++--
- src/XrrProviderProperty.c |  9 ++++-----
- src/XrrScreen.c           |  2 +-
- 8 files changed, 34 insertions(+), 17 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 3f28bef..8466999 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -55,6 +55,12 @@ AC_SUBST(RANDR_VERSION)
- # Obtain compiler/linker options for depedencies
- PKG_CHECK_MODULES(RANDR, x11 randrproto >= $RANDR_VERSION xext xextproto xrender renderproto)
- 
-+# Check for _XEatDataWords function that may be patched into older Xlib release
-+SAVE_LIBS="$LIBS"
-+LIBS="$RANDR_LIBS"
-+AC_CHECK_FUNCS([_XEatDataWords])
-+LIBS="$SAVE_LIBS"
-+
- AC_CONFIG_FILES([Makefile
- 		src/Makefile
- 		man/Makefile
-diff --git a/src/Xrandrint.h b/src/Xrandrint.h
-index aed10e4..1687c29 100644
---- a/src/Xrandrint.h
-+++ b/src/Xrandrint.h
-@@ -42,6 +42,19 @@ extern char XRRExtensionName[];
- 
- XExtDisplayInfo *XRRFindDisplay (Display *dpy);
- 
-+#ifndef HAVE__XEATDATAWORDS
-+#include <X11/Xmd.h>  /* for LONG64 on 64-bit platforms */
-+#include <limits.h>
-+
-+static inline void _XEatDataWords(Display *dpy, unsigned long n)
-+{
-+# ifndef LONG64
-+    if (n >= (ULONG_MAX >> 2))
-+        _XIOError(dpy);
-+# endif
-+    _XEatData (dpy, n << 2);
-+}
-+#endif
- 
- /* deliberately opaque internal data structure; can be extended,
-    but not reordered */
-diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
-index 04087c5..a704a52 100644
---- a/src/XrrCrtc.c
-+++ b/src/XrrCrtc.c
-@@ -74,7 +74,7 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
- 
-     xci = (XRRCrtcInfo *) Xmalloc(rbytes);
-     if (xci == NULL) {
--	_XEatData (dpy, (unsigned long) nbytes);
-+	_XEatDataWords (dpy, rep.length);
- 	UnlockDisplay (dpy);
- 	SyncHandle ();
- 	return NULL;
-@@ -203,7 +203,7 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
- 
-     if (!crtc_gamma)
-     {
--	_XEatData (dpy, (unsigned long) nbytes);
-+	_XEatDataWords (dpy, rep.length);
- 	goto out;
-     }
-     _XRead16 (dpy, crtc_gamma->red, rep.size * 2);
-@@ -397,7 +397,7 @@ XRRGetCrtcTransform (Display	*dpy,
- 	    int extraBytes = rep.length * 4 - CrtcTransformExtra;
- 	    extra = Xmalloc (extraBytes);
- 	    if (!extra) {
--		_XEatData (dpy, extraBytes);
-+		_XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
- 		UnlockDisplay (dpy);
- 		SyncHandle ();
- 		return False;
-diff --git a/src/XrrOutput.c b/src/XrrOutput.c
-index f13a932..4df894e 100644
---- a/src/XrrOutput.c
-+++ b/src/XrrOutput.c
-@@ -81,7 +81,7 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output)
- 
-     xoi = (XRROutputInfo *) Xmalloc(rbytes);
-     if (xoi == NULL) {
--	_XEatData (dpy, (unsigned long) nbytes);
-+	_XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
- 	UnlockDisplay (dpy);
- 	SyncHandle ();
- 	return NULL;
-diff --git a/src/XrrProperty.c b/src/XrrProperty.c
-index 4c3fdb0..2b065b2 100644
---- a/src/XrrProperty.c
-+++ b/src/XrrProperty.c
-@@ -62,7 +62,7 @@ XRRListOutputProperties (Display *dpy, RROutput output, int *nprop)
- 
- 	props = (Atom *) Xmalloc (rbytes);
- 	if (props == NULL) {
--	    _XEatData (dpy, nbytes);
-+	    _XEatDataWords (dpy, rep.length);
- 	    UnlockDisplay (dpy);
- 	    SyncHandle ();
- 	    *nprop = 0;
-@@ -107,7 +107,7 @@ XRRQueryOutputProperty (Display *dpy, RROutput output, Atom property)
- 
-     prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
-     if (prop_info == NULL) {
--	_XEatData (dpy, nbytes);
-+	_XEatDataWords(dpy, rep.length);
- 	UnlockDisplay (dpy);
- 	SyncHandle ();
- 	return NULL;
-@@ -313,14 +313,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
- 	     * This part of the code should never be reached.  If it is,
- 	     * the server sent back a property with an invalid format.
- 	     */
--	    nbytes = rep.length << 2;
--	    _XEatData(dpy, (unsigned long) nbytes);
-+	    _XEatDataWords(dpy, rep.length);
- 	    UnlockDisplay(dpy);
- 	    SyncHandle();
- 	    return(BadImplementation);
- 	}
- 	if (! *prop) {
--	    _XEatData(dpy, (unsigned long) nbytes);
-+	    _XEatDataWords(dpy, rep.length);
- 	    UnlockDisplay(dpy);
- 	    SyncHandle();
- 	    return(BadAlloc);
-diff --git a/src/XrrProvider.c b/src/XrrProvider.c
-index fcd06ff..309e321 100644
---- a/src/XrrProvider.c
-+++ b/src/XrrProvider.c
-@@ -67,7 +67,7 @@ XRRGetProviderResources(Display *dpy, Window window)
-     xrpr = (XRRProviderResources *) Xmalloc(rbytes);
- 
-     if (xrpr == NULL) {
--       _XEatData (dpy, (unsigned long) nbytes);
-+       _XEatDataWords (dpy, rep.length);
-        UnlockDisplay (dpy);
-        SyncHandle ();
-        return NULL;
-@@ -136,7 +136,7 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi
- 
-     xpi = (XRRProviderInfo *)Xmalloc(rbytes);
-     if (xpi == NULL) {
--	_XEatData (dpy, (unsigned long) nbytes);
-+	_XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
- 	UnlockDisplay (dpy);
- 	SyncHandle ();
- 	return NULL;
-diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
-index c8c08e9..2d90a0a 100644
---- a/src/XrrProviderProperty.c
-+++ b/src/XrrProviderProperty.c
-@@ -62,7 +62,7 @@ XRRListProviderProperties (Display *dpy, RRProvider provider, int *nprop)
- 
- 	props = (Atom *) Xmalloc (rbytes);
- 	if (props == NULL) {
--	    _XEatData (dpy, nbytes);
-+	    _XEatDataWords (dpy, rep.length);
- 	    UnlockDisplay (dpy);
- 	    SyncHandle ();
- 	    *nprop = 0;
-@@ -107,7 +107,7 @@ XRRQueryProviderProperty (Display *dpy, RRProvider provider, Atom property)
- 
-     prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
-     if (prop_info == NULL) {
--	_XEatData (dpy, nbytes);
-+	_XEatDataWords (dpy, rep.length);
- 	UnlockDisplay (dpy);
- 	SyncHandle ();
- 	return NULL;
-@@ -313,14 +313,13 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
- 	     * This part of the code should never be reached.  If it is,
- 	     * the server sent back a property with an invalid format.
- 	     */
--	    nbytes = rep.length << 2;
--	    _XEatData(dpy, (unsigned long) nbytes);
-+	    _XEatDataWords(dpy, rep.length);
- 	    UnlockDisplay(dpy);
- 	    SyncHandle();
- 	    return(BadImplementation);
- 	}
- 	if (! *prop) {
--	    _XEatData(dpy, (unsigned long) nbytes);
-+	    _XEatDataWords(dpy, rep.length);
- 	    UnlockDisplay(dpy);
- 	    SyncHandle();
- 	    return(BadAlloc);
-diff --git a/src/XrrScreen.c b/src/XrrScreen.c
-index f830913..08710b6 100644
---- a/src/XrrScreen.c
-+++ b/src/XrrScreen.c
-@@ -129,7 +129,7 @@ doGetScreenResources (Display *dpy, Window window, int poll)
-     if (xrsr == NULL || wire_names == NULL) {
- 	if (xrsr) Xfree (xrsr);
- 	if (wire_names) Xfree (wire_names);
--	_XEatData (dpy, (unsigned long) nbytes);
-+	_XEatDataWords (dpy, rep.length);
- 	UnlockDisplay (dpy);
- 	SyncHandle ();
- 	return NULL;
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch b/main/libxrandr/0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
deleted file mode 100644
index 0d07f5459..000000000
--- a/main/libxrandr/0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 0e79d96c36aef5889ae2e2a3fc2e96e93f30dc21 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 12 Apr 2013 21:44:59 -0700
-Subject: [PATCH 3/7] integer overflow in XRRQueryOutputProperty()
- [CVE-2013-1986 1/4]
-
-rep.length is a CARD32, while rbytes was a signed int, so
-   rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long);
-could result in integer overflow, leading to an undersized malloc
-and reading data off the connection and writing it past the end of
-the allocated buffer.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XrrProperty.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/XrrProperty.c b/src/XrrProperty.c
-index 2b065b2..50382bf 100644
---- a/src/XrrProperty.c
-+++ b/src/XrrProperty.c
-@@ -31,6 +31,7 @@
- #include <X11/extensions/render.h>
- #include <X11/extensions/Xrender.h>
- #include "Xrandrint.h"
-+#include <limits.h>
- 
- Atom *
- XRRListOutputProperties (Display *dpy, RROutput output, int *nprop)
-@@ -84,7 +85,7 @@ XRRQueryOutputProperty (Display *dpy, RROutput output, Atom property)
-     XExtDisplayInfo		*info = XRRFindDisplay(dpy);
-     xRRQueryOutputPropertyReply rep;
-     xRRQueryOutputPropertyReq	*req;
--    int				rbytes, nbytes;
-+    unsigned int		rbytes, nbytes;
-     XRRPropertyInfo		*prop_info;
- 
-     RRCheckExtension (dpy, info, NULL);
-@@ -102,10 +103,14 @@ XRRQueryOutputProperty (Display *dpy, RROutput output, Atom property)
- 	return NULL;
-     }
- 
--    rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long);
--    nbytes = rep.length << 2;
-+    if (rep.length < ((INT_MAX / sizeof(long)) - sizeof (XRRPropertyInfo))) {
-+        rbytes = sizeof (XRRPropertyInfo) + (rep.length * sizeof (long));
-+        nbytes = rep.length << 2;
-+
-+        prop_info = Xmalloc (rbytes);
-+    } else
-+        prop_info = NULL;
- 
--    prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
-     if (prop_info == NULL) {
- 	_XEatDataWords(dpy, rep.length);
- 	UnlockDisplay (dpy);
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch b/main/libxrandr/0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
deleted file mode 100644
index d55f91def..000000000
--- a/main/libxrandr/0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 1da5b838c2a8565d4d95a4e948f951ce6b466345 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 12 Apr 2013 21:44:59 -0700
-Subject: [PATCH 4/7] integer overflow in XRRQueryProviderProperty()
- [CVE-2013-1986 2/4]
-
-Same problem as XRRQueryOutputProperty() that it was cloned from
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XrrProviderProperty.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
-index 2d90a0a..dc699f6 100644
---- a/src/XrrProviderProperty.c
-+++ b/src/XrrProviderProperty.c
-@@ -31,6 +31,7 @@
- #include <X11/extensions/render.h>
- #include <X11/extensions/Xrender.h>
- #include "Xrandrint.h"
-+#include <limits.h>
- 
- Atom *
- XRRListProviderProperties (Display *dpy, RRProvider provider, int *nprop)
-@@ -84,7 +85,7 @@ XRRQueryProviderProperty (Display *dpy, RRProvider provider, Atom property)
-     XExtDisplayInfo		*info = XRRFindDisplay(dpy);
-     xRRQueryProviderPropertyReply rep;
-     xRRQueryProviderPropertyReq	*req;
--    int				rbytes, nbytes;
-+    unsigned int		rbytes, nbytes;
-     XRRPropertyInfo		*prop_info;
- 
-     RRCheckExtension (dpy, info, NULL);
-@@ -102,10 +103,14 @@ XRRQueryProviderProperty (Display *dpy, RRProvider provider, Atom property)
- 	return NULL;
-     }
- 
--    rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long);
--    nbytes = rep.length << 2;
-+    if (rep.length < ((INT_MAX / sizeof(long)) - sizeof (XRRPropertyInfo))) {
-+        rbytes = sizeof (XRRPropertyInfo) + (rep.length * sizeof (long));
-+        nbytes = rep.length << 2;
-+
-+        prop_info = Xmalloc (rbytes);
-+    } else
-+        prop_info = NULL;
- 
--    prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
-     if (prop_info == NULL) {
- 	_XEatDataWords (dpy, rep.length);
- 	UnlockDisplay (dpy);
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch b/main/libxrandr/0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
deleted file mode 100644
index 225924c63..000000000
--- a/main/libxrandr/0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 289a1927949e6f278c18d115772e454837702e35 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 4 May 2013 21:37:49 -0700
-Subject: [PATCH 5/7] integer overflow in XRRGetOutputProperty() [CVE-2013-1986
- 3/4]
-
-If the reported number of properties is too large, the calculations
-to allocate memory for them may overflow, leaving us returning less
-memory to the caller than implied by the value written to *nitems.
-
-(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XrrProperty.c | 22 ++++++++++++++--------
- 1 file changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/src/XrrProperty.c b/src/XrrProperty.c
-index 50382bf..707a28d 100644
---- a/src/XrrProperty.c
-+++ b/src/XrrProperty.c
-@@ -257,7 +257,7 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
-     XExtDisplayInfo		*info = XRRFindDisplay(dpy);
-     xRRGetOutputPropertyReply	rep;
-     xRRGetOutputPropertyReq	*req;
--    long    			nbytes, rbytes;
-+    unsigned long		nbytes, rbytes;
- 
-     RRCheckExtension (dpy, info, 1);
- 
-@@ -282,34 +282,40 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
- 
-     *prop = (unsigned char *) NULL;
-     if (rep.propertyType != None) {
-+	int format = rep.format;
-+
-+	/*
-+	 * Protect against both integer overflow and just plain oversized
-+	 * memory allocation - no server should ever return this many props.
-+	 */
-+	if (rep.nItems >= (INT_MAX >> 4))
-+	    format = -1;        /* fall through to default error case */
-+
- 	/*
- 	 * One extra byte is malloced than is needed to contain the property
- 	 * data, but this last byte is null terminated and convenient for
- 	 * returning string properties, so the client doesn't then have to
- 	 * recopy the string to make it null terminated.
- 	 */
--	switch (rep.format) {
-+	switch (format) {
- 	case 8:
- 	    nbytes = rep.nItems;
- 	    rbytes = rep.nItems + 1;
--	    if (rbytes > 0 &&
--		(*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
-+	    if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
- 		_XReadPad (dpy, (char *) *prop, nbytes);
- 	    break;
- 
- 	case 16:
- 	    nbytes = rep.nItems << 1;
- 	    rbytes = rep.nItems * sizeof (short) + 1;
--	    if (rbytes > 0 &&
--		(*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
-+	    if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
- 		_XRead16Pad (dpy, (short *) *prop, nbytes);
- 	    break;
- 
- 	case 32:
- 	    nbytes = rep.nItems << 2;
- 	    rbytes = rep.nItems * sizeof (long) + 1;
--	    if (rbytes > 0 &&
--		(*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
-+	    if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
- 		_XRead32 (dpy, (long *) *prop, nbytes);
- 	    break;
- 
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch b/main/libxrandr/0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
deleted file mode 100644
index cdc616a31..000000000
--- a/main/libxrandr/0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 4254bf0ee4c7a8f9d03841cf0d8e16cbb201dfbd Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 4 May 2013 21:37:49 -0700
-Subject: [PATCH 6/7] integer overflow in XRRGetProviderProperty()
- [CVE-2013-1986 4/4]
-
-If the reported number of properties is too large, the calculations
-to allocate memory for them may overflow, leaving us returning less
-memory to the caller than implied by the value written to *nitems.
-
-(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XrrProviderProperty.c | 22 ++++++++++++++--------
- 1 file changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
-index dc699f6..6989580 100644
---- a/src/XrrProviderProperty.c
-+++ b/src/XrrProviderProperty.c
-@@ -257,7 +257,7 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
-     XExtDisplayInfo		*info = XRRFindDisplay(dpy);
-     xRRGetProviderPropertyReply	rep;
-     xRRGetProviderPropertyReq	*req;
--    long    			nbytes, rbytes;
-+    unsigned long		nbytes, rbytes;
- 
-     RRCheckExtension (dpy, info, 1);
- 
-@@ -282,34 +282,40 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
- 
-     *prop = (unsigned char *) NULL;
-     if (rep.propertyType != None) {
-+	int format = rep.format;
-+
-+	/*
-+	 * Protect against both integer overflow and just plain oversized
-+	 * memory allocation - no server should ever return this many props.
-+	 */
-+	if (rep.nItems >= (INT_MAX >> 4))
-+	    format = -1;        /* fall through to default error case */
-+
- 	/*
- 	 * One extra byte is malloced than is needed to contain the property
- 	 * data, but this last byte is null terminated and convenient for
- 	 * returning string properties, so the client doesn't then have to
- 	 * recopy the string to make it null terminated.
- 	 */
--	switch (rep.format) {
-+	switch (format) {
- 	case 8:
- 	    nbytes = rep.nItems;
- 	    rbytes = rep.nItems + 1;
--	    if (rbytes > 0 &&
--		(*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
-+	    if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
- 		_XReadPad (dpy, (char *) *prop, nbytes);
- 	    break;
- 
- 	case 16:
- 	    nbytes = rep.nItems << 1;
- 	    rbytes = rep.nItems * sizeof (short) + 1;
--	    if (rbytes > 0 &&
--		(*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
-+	    if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
- 		_XRead16Pad (dpy, (short *) *prop, nbytes);
- 	    break;
- 
- 	case 32:
- 	    nbytes = rep.nItems << 2;
- 	    rbytes = rep.nItems * sizeof (long) + 1;
--	    if (rbytes > 0 &&
--		(*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
-+	    if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
- 		_XRead32 (dpy, (long *) *prop, nbytes);
- 	    break;
- 
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/0007-Make-XRRGet-Property-always-initialize-returned-valu.patch b/main/libxrandr/0007-Make-XRRGet-Property-always-initialize-returned-valu.patch
deleted file mode 100644
index 659b9c175..000000000
--- a/main/libxrandr/0007-Make-XRRGet-Property-always-initialize-returned-valu.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From c90f74497dbcb96854346435349c6e2207b530c5 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 4 May 2013 21:47:50 -0700
-Subject: [PATCH 7/7] Make XRRGet*Property() always initialize returned values
-
-Avoids memory corruption and other errors when callers access them
-without checking to see if the calls returned an error value.
-
-Callers are still required to check for errors, this just reduces the
-damage when they don't.
-
-(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XrrProperty.c         | 8 +++++++-
- src/XrrProviderProperty.c | 8 +++++++-
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/src/XrrProperty.c b/src/XrrProperty.c
-index 707a28d..2096c56 100644
---- a/src/XrrProperty.c
-+++ b/src/XrrProperty.c
-@@ -259,6 +259,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
-     xRRGetOutputPropertyReq	*req;
-     unsigned long		nbytes, rbytes;
- 
-+    /* Always initialize return values, in case callers fail to initialize
-+       them and fail to check the return code for an error. */
-+    *actual_type = None;
-+    *actual_format = 0;
-+    *nitems = *bytes_after = 0L;
-+    *prop = (unsigned char *) NULL;
-+
-     RRCheckExtension (dpy, info, 1);
- 
-     LockDisplay (dpy);
-@@ -280,7 +287,6 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
- 	return ((xError *)&rep)->errorCode;
-     }
- 
--    *prop = (unsigned char *) NULL;
-     if (rep.propertyType != None) {
- 	int format = rep.format;
- 
-diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
-index 6989580..34cc082 100644
---- a/src/XrrProviderProperty.c
-+++ b/src/XrrProviderProperty.c
-@@ -259,6 +259,13 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
-     xRRGetProviderPropertyReq	*req;
-     unsigned long		nbytes, rbytes;
- 
-+    /* Always initialize return values, in case callers fail to initialize
-+       them and fail to check the return code for an error. */
-+    *actual_type = None;
-+    *actual_format = 0;
-+    *nitems = *bytes_after = 0L;
-+    *prop = (unsigned char *) NULL;
-+
-     RRCheckExtension (dpy, info, 1);
- 
-     LockDisplay (dpy);
-@@ -280,7 +287,6 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
- 	return ((xError *)&rep)->errorCode;
-     }
- 
--    *prop = (unsigned char *) NULL;
-     if (rep.propertyType != None) {
- 	int format = rep.format;
- 
--- 
-1.8.2.3
-
diff --git a/main/libxrandr/APKBUILD b/main/libxrandr/APKBUILD
index e4228018d..84d96a634 100644
--- a/main/libxrandr/APKBUILD
+++ b/main/libxrandr/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxrandr
-pkgver=1.4.0
-pkgrel=1
+pkgver=1.4.1
+pkgrel=0
 pkgdesc="X11 RandR extension library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -9,15 +9,8 @@ license="custom"
 subpackages="$pkgname-dev $pkgname-doc"
 depends=
 depends_dev="xproto randrproto libx11-dev libxext-dev libxrender-dev"
-makedepends="$depends_dev libtool autoconf automake util-macros"
+makedepends="$depends_dev"
 source="http://xorg.freedesktop.org/releases/individual/lib/libXrandr-$pkgver.tar.bz2
-	0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-	0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
-	0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
-	0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
-	0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
-	0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
-	0007-Make-XRRGet-Property-always-initialize-returned-valu.patch
 	"
 
 
@@ -29,8 +22,6 @@ prepare() {
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
 		esac
 	done
-	libtoolize --force && aclocal && autoheader && autoconf \
-		&& automake --add-missing
 }
 
 build() {
@@ -47,27 +38,6 @@ package() {
 	rm "$pkgdir"/usr/lib/*.la || return 1
 	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
 }
-md5sums="0c843636124cc1494e3d87df16957672  libXrandr-1.4.0.tar.bz2
-d40ab63148e3a7c31f3548097c48d507  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-f79a519bdf980c7ef92e18aa3a2c16ca  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
-41e672b46e9e3d25c8eb2e86cea29ed1  0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
-e2bb9968f01fc41f53e6457f60bdfae0  0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
-7d65549f48058f8f9bf9e527d03bbb08  0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
-486e84c4089b4f5120cbbc605e732f5b  0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
-0883bd4a4e0360e54968f9e4887c03c8  0007-Make-XRRGet-Property-always-initialize-returned-valu.patch"
-sha256sums="033ad0ac2f012afb05268660f6d78705c85f84689f92fa7b47ce12959b15f5c3  libXrandr-1.4.0.tar.bz2
-fc55395c3a275b9c2bce1cd17caf3963b57afb424e95504cf84ed3ab3bf58e19  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-7ca77f1f0e5f7a1febc76e2957c3705d6378c1af6944616735bacc194bc81097  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
-847f2b8da4e9d9346d273fd541830a0d6d457857cea576394c2117c5dcbcf356  0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
-a537b5ca75a88c5b1ccc862775e4512fb57c4665eb6245c59b3160250ac02ba8  0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
-2b84742ed038b96625cc0486e47e3b85e6bd9700a8095b7b65d9dc8a93087dfc  0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
-8daabc77bfbcef87d7e52478306fd2774b0c3b59afc7d002d413c7fd6598b93c  0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
-03b9c156b04cbe934978983e6a4fff427fd9230b39408b20bbdb4768a7a06bb4  0007-Make-XRRGet-Property-always-initialize-returned-valu.patch"
-sha512sums="a97f2442c7f73786e5d3fae9a98b172ac1cb17b1584a7bad243128fc755b25a41cc7e32ceed10eb8eac733ff137b95504485967716f0122edf6682db6065a289  libXrandr-1.4.0.tar.bz2
-11584e52674a6d1216d5586f578962464f8e6942653a3bce7ddf3af27ea28d604e9ce989635b1db051147f5046ed0593601d74277a86c2776e84ff1c5350a9df  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-ce19127f19d5b932b68de1f336335587bdda4db791b20d26488dcba00a9e303832c679033e59d1f2602f24c8519fe909c24199226ab2b651863b60a7a1e2a5c6  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
-228c64d64c839682cb7523cd6dd9153d0acf76e7d9e88a7e73c24bc4536b9dcbf5a500d7fd33ba373f605a0e9d0a770899c1b44a25f9d7468db6de46d0702152  0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
-1784174229c46575431eb6a0e05ccac631c3d843ed2742cd89ec8f28866c0e10881ab1c1e30fab5831ba0cb066ece0debbbeb98c7bb4a528768dd8342f42f7b2  0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
-14d508d519ca972ee6e521597b16663e78b3f44bcbada97d6ba797cec2b09392daeaf673e02670af0d0f6f71ac5c8e8cb8aa75546ec46cb92ecb6f9190990bca  0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
-ec6996991010498de70ad69d55d8a7b2bb5f5f751af567d6be385166d485e145920356a9a3b87603be924121e0202251f6dca96c1af2bd6328961c5fa286d8d1  0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
-0d7804c66749090a72bd52297948b7b27c51d77773e57d62e905a7b45d349a77c9857933d85a9e22ce9a2d249ed6ed492fc80040193652ddebe47bd7c558562e  0007-Make-XRRGet-Property-always-initialize-returned-valu.patch"
+md5sums="8dbac4e972348dcbd3a0673ce2e37919  libXrandr-1.4.1.tar.bz2"
+sha256sums="d914a0490fd0a2ea6c3194505b5b28c56e2a277d8f4648b0275ee0ee370fb905  libXrandr-1.4.1.tar.bz2"
+sha512sums="73ceca5a1ff56e886a95fbfa250ccec49e5d847e3a6d1dd6bb38462ee30724e838706caa41caa536a87ed2811fdff8fa7d1120fde656a05699830ff978ebd1ad  libXrandr-1.4.1.tar.bz2"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-06-06 16:11:30 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-06-06 16:11:30 +0000
commit	1d7e3d391539e3d00b567b40ae2e6f66a96d4301 (patch)
tree	b5c963e015e0c46a55181be9928c06be976c880a /main/libxrandr
parent	35abd83d4097101fbeeb4a212526848d22ecfa55 (diff)
download	aports-1d7e3d391539e3d00b567b40ae2e6f66a96d4301.tar.bz2 aports-1d7e3d391539e3d00b567b40ae2e6f66a96d4301.tar.xz