main/libxt: upgrade to 1.1.4

author: Natanael Copa <ncopa@alpinelinux.org> 2013-06-06 16:13:40 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-06-06 16:13:40 +0000
commit: 292a8a8c7ac4aa1d7ef36c99880b46318b408aa5 (patch)
tree: c09191695187a17d04e8ec55fbaadc7d0e4e9600 /main/libxt
parent: 6dea6bb78cbf86815fa14f991ae0a68f8d9fb77e (diff)
download: aports-292a8a8c7ac4aa1d7ef36c99880b46318b408aa5.tar.bz2
aports-292a8a8c7ac4aa1d7ef36c99880b46318b408aa5.tar.xz
3 files changed, 5 insertions, 266 deletions
diff --git a/main/libxt/0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch b/main/libxt/0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
deleted file mode 100644
index f61180225..000000000
--- a/main/libxt/0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
+++ /dev/null
@@ -1,175 +0,0 @@
-From eae57493feec958bcf733ad0d334715107029f8b Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 9 Mar 2013 11:29:21 -0800
-Subject: [PATCH 1/2] Unchecked return values of XGetWindowProperty
- [CVE-2013-2005]
-
-Multiple functions in Selection.c assumed that XGetWindowProperty() would
-always set the pointer to the property, but before libX11 1.6, it could
-fail to do so in some cases, leading to libXt freeing or operating on an
-uninitialized pointer value, so libXt should always initialize the pointers
-and check for failure itself.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/Selection.c | 84 ++++++++++++++++++++++++++++++++-------------------------
- 1 file changed, 47 insertions(+), 37 deletions(-)
-
-diff --git a/src/Selection.c b/src/Selection.c
-index f35cb44..4f59d70 100644
---- a/src/Selection.c
-+++ b/src/Selection.c
-@@ -839,14 +839,16 @@ static void HandleSelectionEvents(
- 	      IndirectPair *p;
- 	      int format;
- 	      unsigned long bytesafter, length;
--	      unsigned char *value;
-+	      unsigned char *value = NULL;
- 	      ev.property = event->xselectionrequest.property;
- 	      StartProtectedSection(ev.display, ev.requestor);
--	      (void) XGetWindowProperty(ev.display, ev.requestor,
-+	      if (XGetWindowProperty(ev.display, ev.requestor,
- 			event->xselectionrequest.property, 0L, 1000000,
- 			False,(Atom)AnyPropertyType, &target, &format, &length,
--			&bytesafter, &value);
--	      count = BYTELENGTH(length, format) / sizeof(IndirectPair);
-+			&bytesafter, &value) == Success)
-+		  count = BYTELENGTH(length, format) / sizeof(IndirectPair);
-+	      else
-+		  count = 0;
- 	      for (p = (IndirectPair *)value; count; p++, count--) {
- 		  EndProtectedSection(ctx->dpy);
- 		  if (!GetConversion(ctx, (XSelectionRequestEvent*)event,
-@@ -1053,9 +1055,10 @@ static Boolean IsINCRtype(
- 
-     if (prop == None) return False;
- 
--    (void)XGetWindowProperty(XtDisplay(info->widget), window, prop, 0L, 0L,
--			     False, info->ctx->prop_list->incr_atom,
--			     &type, &format, &length, &bytesafter, &value);
-+    if (XGetWindowProperty(XtDisplay(info->widget), window, prop, 0L, 0L,
-+			   False, info->ctx->prop_list->incr_atom, &type,
-+			   &format, &length, &bytesafter, &value) != Success)
-+	return False;
- 
-     return (type == info->ctx->prop_list->incr_atom);
- }
-@@ -1069,7 +1072,6 @@ static void ReqCleanup(
- {
-     CallBackInfo info = (CallBackInfo)closure;
-     unsigned long bytesafter, length;
--    char *value;
-     int format;
-     Atom target;
- 
-@@ -1093,17 +1095,19 @@ static void ReqCleanup(
- 		(ev->xproperty.state == PropertyNewValue) &&
- 	        (ev->xproperty.atom == info->property)) {
- 	XPropertyEvent *event = (XPropertyEvent *) ev;
--        (void) XGetWindowProperty(event->display, XtWindow(widget),
--			   event->atom, 0L, 1000000, True, AnyPropertyType,
--			   &target, &format, &length, &bytesafter,
--			   (unsigned char **) &value);
--	XFree(value);
--	if (length == 0) {
--           XtRemoveEventHandler(widget, (EventMask) PropertyChangeMask, FALSE,
--			   ReqCleanup, (XtPointer) info );
--           FreeSelectionProperty(XtDisplay(widget), info->property);
--	   XtFree(info->value);	/* requestor never got this, so free now */
--	   FreeInfo(info);
-+	char *value = NULL;
-+	if (XGetWindowProperty(event->display, XtWindow(widget),
-+			       event->atom, 0L, 1000000, True, AnyPropertyType,
-+			       &target, &format, &length, &bytesafter,
-+			       (unsigned char **) &value) == Success) {
-+	    XFree(value);
-+	    if (length == 0) {
-+		XtRemoveEventHandler(widget, (EventMask) PropertyChangeMask,
-+				     FALSE, ReqCleanup, (XtPointer) info );
-+		FreeSelectionProperty(XtDisplay(widget), info->property);
-+		XtFree(info->value); /* requestor never got this, so free now */
-+		FreeInfo(info);
-+	    }
- 	}
-     }
- }
-@@ -1121,20 +1125,23 @@ static void ReqTimedOut(
-     unsigned long bytesafter;
-     unsigned long proplength;
-     Atom type;
--    IndirectPair *pairs;
-     XtPointer *c;
-     int i;
- 
-     if (*info->target == info->ctx->prop_list->indirect_atom) {
--        (void) XGetWindowProperty(XtDisplay(info->widget),
--			   XtWindow(info->widget), info->property, 0L,
--			   10000000, True, AnyPropertyType, &type, &format,
--			   &proplength, &bytesafter, (unsigned char **) &pairs);
--       XFree((char*)pairs);
--       for (proplength = proplength / IndirectPairWordSize, i = 0, c = info->req_closure;
--	           proplength; proplength--, c++, i++)
--	    (*info->callbacks[i])(info->widget, *c,
--   	          &info->ctx->selection, &resulttype, value, &length, &format);
-+	IndirectPair *pairs = NULL;
-+	if (XGetWindowProperty(XtDisplay(info->widget), XtWindow(info->widget),
-+			       info->property, 0L, 10000000, True,
-+			       AnyPropertyType, &type, &format, &proplength,
-+			       &bytesafter, (unsigned char **) &pairs)
-+	    == Success) {
-+	    XFree(pairs);
-+	    for (proplength = proplength / IndirectPairWordSize, i = 0,
-+		     c = info->req_closure;
-+		 proplength; proplength--, c++, i++)
-+		(*info->callbacks[i])(info->widget, *c, &info->ctx->selection,
-+				      &resulttype, value, &length, &format);
-+	}
-     } else {
- 	(*info->callbacks[0])(info->widget, *info->req_closure,
- 	    &info->ctx->selection, &resulttype, value, &length, &format);
-@@ -1280,12 +1287,13 @@ Boolean HandleNormal(
-     unsigned long length;
-     int format;
-     Atom type;
--    unsigned char *value;
-+    unsigned char *value = NULL;
-     int number = info->current;
- 
--    (void) XGetWindowProperty(dpy, XtWindow(widget), property, 0L,
--			      10000000, False, AnyPropertyType,
--			      &type, &format, &length, &bytesafter, &value);
-+    if (XGetWindowProperty(dpy, XtWindow(widget), property, 0L, 10000000,
-+			   False, AnyPropertyType, &type, &format, &length,
-+			   &bytesafter, &value) != Success)
-+	return FALSE;
- 
-     if (type == info->ctx->prop_list->incr_atom) {
- 	unsigned long size = IncrPropSize(widget, value, format, length);
-@@ -1370,7 +1378,6 @@ static void HandleSelectionReplies(
-     Display *dpy = event->display;
-     CallBackInfo info = (CallBackInfo) closure;
-     Select ctx = info->ctx;
--    IndirectPair *pairs, *p;
-     unsigned long bytesafter;
-     unsigned long length;
-     int format;
-@@ -1385,9 +1392,12 @@ static void HandleSelectionReplies(
-     XtRemoveEventHandler(widget, (EventMask)0, TRUE,
- 		HandleSelectionReplies, (XtPointer) info );
-     if (event->target == ctx->prop_list->indirect_atom) {
--        (void) XGetWindowProperty(dpy, XtWindow(widget), info->property, 0L,
--			   10000000, True, AnyPropertyType, &type, &format,
--			   &length, &bytesafter, (unsigned char **) &pairs);
-+       IndirectPair *pairs = NULL, *p;
-+       if (XGetWindowProperty(dpy, XtWindow(widget), info->property, 0L,
-+			      10000000, True, AnyPropertyType, &type, &format,
-+			      &length, &bytesafter, (unsigned char **) &pairs)
-+	   != Success)
-+	   length = 0;
-        for (length = length / IndirectPairWordSize, p = pairs,
- 	    c = info->req_closure;
- 	    length; length--, p++, c++, info->current++) {
--- 
-1.8.2.3
-
diff --git a/main/libxt/0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch b/main/libxt/0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch
deleted file mode 100644
index 05c77504e..000000000
--- a/main/libxt/0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 9264a21b688891dbdcee630ff72cf39aa75fc4e1 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 9 Mar 2013 11:44:14 -0800
-Subject: [PATCH 2/2] unvalidated length in _XtResourceConfigurationEH
- [CVE-2013-2002]
-
-The RCM_DATA property is expected to be in the format:
-    resource_length, resource, value
-
-If the property contains a resource_length thats results in a pointer
-outside the property string, memory corruption can occur.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/ResConfig.c | 41 ++++++++++++++++++++++++++---------------
- 1 file changed, 26 insertions(+), 15 deletions(-)
-
-diff --git a/src/ResConfig.c b/src/ResConfig.c
-index 68da536..1f3edbe 100644
---- a/src/ResConfig.c
-+++ b/src/ResConfig.c
-@@ -971,26 +971,37 @@ _XtResourceConfigurationEH (
- 	 *      resource and value fields.
- 	 */
- 		if (data) {
-+			char *data_end = data + nitems;
-+			char *data_value;
-+
- 			resource_len = Strtoul ((void *)data, &data_ptr, 10);
--			data_ptr++;
- 
--			data_ptr[resource_len] = '\0';
-+			if (data_ptr != (char *) data) {
-+				data_ptr++;
-+				data_value = data_ptr + resource_len;
-+			} else /* strtoul failed to convert a number */
-+				data_ptr = data_value = NULL;
-+
-+			if (data_value > data_ptr && data_value < data_end) {
-+				*data_value++ = '\0';
- 
--			resource = XtNewString (data_ptr);
--			value = XtNewString (&data_ptr[resource_len + 1]);
-+				resource = XtNewString (data_ptr);
-+				value = XtNewString (data_value);
- #ifdef DEBUG
--			fprintf (stderr, "resource_len=%d\n",resource_len);
--			fprintf (stderr, "resource = %s\t value = %s\n",
--					resource, value);
-+				fprintf (stderr, "resource_len=%d\n"
-+					 resource_len);
-+				fprintf (stderr, "resource = %s\t value = %s\n",
-+					 resource, value);
- #endif
--			/*
--			 * descend the application widget tree and
--			 * apply the value to the appropriate widgets
--			 */
--			_search_widget_tree (w, resource, value);
--
--			XtFree (resource);
--			XtFree (value);
-+				/*
-+				 * descend the application widget tree and
-+				 * apply the value to the appropriate widgets
-+				 */
-+				_search_widget_tree (w, resource, value);
-+
-+				XtFree (resource);
-+				XtFree (value);
-+			}
- 		}
- 	}
- 
--- 
-1.8.2.3
-
diff --git a/main/libxt/APKBUILD b/main/libxt/APKBUILD
index c2b318a96..613958d2a 100644
--- a/main/libxt/APKBUILD
+++ b/main/libxt/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxt
-pkgver=1.1.3
-pkgrel=1
+pkgver=1.1.4
+pkgrel=0
 pkgdesc="X11 toolkit intrinsics library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -11,8 +11,6 @@ depends=
 depends_dev="xproto libx11-dev libsm-dev"
 makedepends="$depends_dev libice-dev e2fsprogs-dev"
 source="http://xorg.freedesktop.org/releases/individual/lib/libXt-$pkgver.tar.bz2
-	0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
-	0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch
 	"
 
 _builddir="$srcdir"/libXt-$pkgver
@@ -39,12 +37,6 @@ package() {
 	make -j1 DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
-md5sums="a6f137ae100e74ebe3b71eb4a38c40b3  libXt-1.1.3.tar.bz2
-ddbc29bbc588eaeb01c01a94ddf8cdb8  0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
-4ffbba851dcb9031ec620e48d0acffe9  0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch"
-sha256sums="8db593c3fc5ffc4e9cd854ba50af1eac9b90d66521ba17802b8f1e0d2d7f05bd  libXt-1.1.3.tar.bz2
-84d0bc18fb74b4bbde40ec19e7745db1fc8cdc131a2578361005b289fa6dcb09  0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
-758c710f423e22d17b8938574bebf8dc5c8193ef8296f8c8fb974229f886420c  0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch"
-sha512sums="26d81ddb00f2d231afe37f0d55be9aaf95f0926086751d1816d02d15244e8ac7dc61e4e96e6ac33b2d22455aa7992c7b86e5bc9eada4ebcecaf6909dc0939416  libXt-1.1.3.tar.bz2
-b1e7040636ff0ab4d67c522c46aa72d134ca47bfb8553288a28e6e69e1aafcb9bce41e4a55b2356d7145fdacef72c5018ff96923bf46d7c21e15bf30d23d40e3  0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch
-e43430f8b904bce0a6e171a6e24f7dc85bcfa9741d742c00d7f616744ae629b7ea3bdb32dd2b4c8f006880657f6ffc809966b69ce24bdf2343ecedf4fe579b1c  0002-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch"
+md5sums="03149823ae57bb02d0cec90d5b97d56c  libXt-1.1.4.tar.bz2"
+sha256sums="843a97a988f5654872682a4120486d987d853a71651515472f55519ffae2dd57  libXt-1.1.4.tar.bz2"
+sha512sums="57721def16bf29e05deb746566400d71cf0cd5bf9b8b7ebed19abb7c6804e14073060b6cf94409903aa464d27acca2e91f55654b2d4770677b2b4b4dc78fd423  libXt-1.1.4.tar.bz2"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-06-06 16:13:40 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-06-06 16:13:40 +0000
commit	292a8a8c7ac4aa1d7ef36c99880b46318b408aa5 (patch)
tree	c09191695187a17d04e8ec55fbaadc7d0e4e9600 /main/libxt
parent	6dea6bb78cbf86815fa14f991ae0a68f8d9fb77e (diff)
download	aports-292a8a8c7ac4aa1d7ef36c99880b46318b408aa5.tar.bz2 aports-292a8a8c7ac4aa1d7ef36c99880b46318b408aa5.tar.xz