diff options
Diffstat (limited to 'main/libxp')
7 files changed, 6 insertions, 445 deletions
diff --git a/main/libxp/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch b/main/libxp/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch deleted file mode 100644 index 410a7da03..000000000 --- a/main/libxp/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 41aab7d289aba2aaf3839e96d0c9e2f15ede4bd1 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 18 Jan 2013 23:03:57 -0800 -Subject: [PATCH 1/5] Replace deprecated Automake INCLUDES variable with - AM_CPPFLAGS - -Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html - - - Support for the long-deprecated INCLUDES variable will be removed - altogether in Automake 1.14. The AM_CPPFLAGS variable should be - used instead. - -This variable was deprecated in Automake releases prior to 1.10, which is -the current minimum level required to build X. - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 3ca2659..f42b633 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -24,7 +24,7 @@ libXp_la_LIBADD = $(XPRINT_LIBS) - - AM_CFLAGS = $(CWARNFLAGS) $(XPRINT_CFLAGS) $(MALLOC_ZERO_CFLAGS) - --INCLUDES = -I$(top_srcdir)/include/X11/extensions -+AM_CPPFLAGS = -I$(top_srcdir)/include/X11/extensions - - # - # Library version number. This must match old versions on --- -1.8.2.3 - diff --git a/main/libxp/0001-Stop-trying-to-use-NULL-for-Status-values.patch b/main/libxp/0001-Stop-trying-to-use-NULL-for-Status-values.patch deleted file mode 100644 index d8c6057f4..000000000 --- a/main/libxp/0001-Stop-trying-to-use-NULL-for-Status-values.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 776e739b1690c7de11e50e2ae2a77d98bd69a3d6 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Wed, 23 May 2012 21:48:59 -0700 -Subject: [PATCH] Stop trying to use NULL for Status values - -Fixes gcc errors in 64-bit builds: -XpNotifyPdm.c: In function 'XpGetPdmStartParams': -XpNotifyPdm.c:234:10: error: cast from pointer to integer of different size -XpNotifyPdm.c:271:10: error: cast from pointer to integer of different size -XpNotifyPdm.c:286:10: error: cast from pointer to integer of different size - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/XpNotifyPdm.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/XpNotifyPdm.c b/src/XpNotifyPdm.c -index c1ceb8e..579923c 100644 ---- a/src/XpNotifyPdm.c -+++ b/src/XpNotifyPdm.c -@@ -231,7 +231,7 @@ XpGetPdmStartParams ( - /* - * Error - cannot determine or establish a selection_display. - */ -- return( (Status) NULL ); -+ return( (Status) 0 ); - } - - /* -@@ -268,7 +268,7 @@ XpGetPdmStartParams ( - XCloseDisplay( *selection_display ); - *selection_display = (Display *) NULL; - } -- return( (Status) NULL ); -+ return( (Status) 0 ); - } - - status = XmbTextListToTextProperty( *selection_display, list, 6, -@@ -283,7 +283,7 @@ XpGetPdmStartParams ( - XCloseDisplay( *selection_display ); - *selection_display = (Display *) NULL; - } -- return( (Status) NULL ); -+ return( (Status) 0 ); - } - - *type = text_prop.encoding; --- -1.8.2.3 - diff --git a/main/libxp/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch b/main/libxp/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch deleted file mode 100644 index fa61ef587..000000000 --- a/main/libxp/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 15ec6d1d0bb8c4cb24a190ed34e63312a0623670 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 3 May 2013 22:30:36 -0700 -Subject: [PATCH 2/5] Use _XEatDataWords to avoid overflow of rep.length bit - shifting - -rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - configure.ac | 6 ++++++ - src/XpExtUtil.h | 14 ++++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 50b029c..16b966c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -45,6 +45,12 @@ AC_PROG_LIBTOOL - # Check for X and print proto - PKG_CHECK_MODULES(XPRINT, x11 xext xextproto xau printproto) - -+# Check for _XEatDataWords function that may be patched into older Xlib release -+SAVE_LIBS="$LIBS" -+LIBS="$XPRINT_LIBS" -+AC_CHECK_FUNCS([_XEatDataWords]) -+LIBS="$SAVE_LIBS" -+ - AC_CONFIG_FILES([Makefile - src/Makefile - man/Makefile -diff --git a/src/XpExtUtil.h b/src/XpExtUtil.h -index d479a95..1889825 100644 ---- a/src/XpExtUtil.h -+++ b/src/XpExtUtil.h -@@ -48,6 +48,20 @@ extern char *_xpstrdup( - const char * /* str */ - ); - -+#ifndef HAVE__XEATDATAWORDS -+#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */ -+#include <limits.h> -+ -+static inline void _XEatDataWords(Display *dpy, unsigned long n) -+{ -+# ifndef LONG64 -+ if (n >= (ULONG_MAX >> 2)) -+ _XIOError(dpy); -+# endif -+ _XEatData (dpy, n << 2); -+} -+#endif -+ - _XFUNCPROTOEND - - #endif /* _XPEXTUTIL_H */ --- -1.8.2.3 - diff --git a/main/libxp/0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch b/main/libxp/0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch deleted file mode 100644 index e510b705e..000000000 --- a/main/libxp/0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch +++ /dev/null @@ -1,86 +0,0 @@ -From babb1fc823ab3be192c48fe115feeb0d57f74d05 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 26 Apr 2013 23:59:25 -0700 -Subject: [PATCH 3/5] integer overflow in XpGetAttributes & XpGetOneAttribute - [CVE-2013-2062 1/3] - -stringLen & valueLen are CARD32s and need to be bounds checked before adding -one to them to come up with the total size to allocate, to avoid integer -overflow leading to underallocation and writing data from the network past -the end of the allocated buffer. - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/XpAttr.c | 36 +++++++++++++++++++----------------- - 1 file changed, 19 insertions(+), 17 deletions(-) - -diff --git a/src/XpAttr.c b/src/XpAttr.c -index 6818daf..665e2e8 100644 ---- a/src/XpAttr.c -+++ b/src/XpAttr.c -@@ -48,6 +48,7 @@ - - #include <stdio.h> - #include <sys/stat.h> -+#include <limits.h> - - char * - XpGetAttributes ( -@@ -83,17 +84,18 @@ XpGetAttributes ( - /* - * Read pool and return to caller. - */ -- buf = Xmalloc( (unsigned) rep.stringLen + 1 ); -+ if (rep.stringLen < INT_MAX) -+ buf = Xmalloc(rep.stringLen + 1); -+ else -+ buf = NULL; - - if (!buf) { -- UnlockDisplay(dpy); -- SyncHandle(); -- return( (char *) NULL ); /* malloc error */ -+ _XEatDataWords(dpy, rep.length); -+ } -+ else { -+ _XReadPad (dpy, (char *) buf, rep.stringLen ); -+ buf[rep.stringLen] = 0; - } -- -- _XReadPad (dpy, (char *) buf, (long) rep.stringLen ); -- -- buf[rep.stringLen] = 0; - - UnlockDisplay(dpy); - SyncHandle(); -@@ -144,18 +146,18 @@ XpGetOneAttribute ( - /* - * Read variable answer. - */ -- buf = Xmalloc( (unsigned) rep.valueLen + 1 ); -+ if (rep.valueLen < INT_MAX) -+ buf = Xmalloc(rep.valueLen + 1); -+ else -+ buf = NULL; - - if (!buf) { -- UnlockDisplay(dpy); -- SyncHandle(); -- return( (char *) NULL ); /* malloc error */ -+ _XEatDataWords(dpy, rep.length); -+ } -+ else { -+ _XReadPad (dpy, (char *) buf, rep.valueLen); -+ buf[rep.valueLen] = 0; - } -- -- buf[rep.valueLen] = 0; -- -- _XReadPad (dpy, (char *) buf, (long) rep.valueLen ); -- buf[rep.valueLen] = 0; - - UnlockDisplay(dpy); - SyncHandle(); --- -1.8.2.3 - diff --git a/main/libxp/0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch b/main/libxp/0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch deleted file mode 100644 index a528c59f5..000000000 --- a/main/libxp/0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch +++ /dev/null @@ -1,118 +0,0 @@ -From cc90f6be64bfd6973ae270b9bff494f577e1bda7 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 26 Apr 2013 23:59:25 -0700 -Subject: [PATCH 4/5] integer overflows in XpGetPrinterList() [CVE-2013-2062 - 2/3] - -listCount is a CARD32 that needs to be bounds checked before it is -multiplied by the size of the structs to allocate, and the string -lengths are CARD32s and need to be bounds checked before adding one -to them to come up with the total size to allocate, to avoid integer -overflow leading to underallocation and writing data from the network -past the end of the allocated buffer. - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/XpPrinter.c | 43 +++++++++++++++++++++++-------------------- - 1 file changed, 23 insertions(+), 20 deletions(-) - -diff --git a/src/XpPrinter.c b/src/XpPrinter.c -index bdc96e6..03b18c4 100644 ---- a/src/XpPrinter.c -+++ b/src/XpPrinter.c -@@ -42,6 +42,7 @@ - #include <X11/extensions/Printstr.h> - #include <X11/Xlibint.h> - #include "XpExtUtil.h" -+#include <limits.h> - - #define _XpPadOut(len) (((len) + 3) & ~3) - -@@ -62,7 +63,7 @@ XpGetPrinterList ( - long dataLenVR; - CARD8 *dataVR; /* aka STRING8 */ - -- XPPrinterList ptr_list; -+ XPPrinterList ptr_list = NULL; - - XExtDisplayInfo *info = (XExtDisplayInfo *) xp_find_display (dpy); - -@@ -128,13 +129,12 @@ XpGetPrinterList ( - *list_count = rep.listCount; - - if (*list_count) { -- ptr_list = (XPPrinterList) -- Xmalloc( (unsigned) (sizeof(XPPrinterRec) * (*list_count + 1))); -+ if (rep.listCount < (INT_MAX / sizeof(XPPrinterRec))) -+ ptr_list = Xmalloc(sizeof(XPPrinterRec) * (*list_count + 1)); - - if (!ptr_list) { -- UnlockDisplay(dpy); -- SyncHandle(); -- return ( (XPPrinterList) NULL ); /* malloc error */ -+ _XEatDataWords(dpy, rep.length); -+ goto out; - } - - /* -@@ -150,16 +150,17 @@ XpGetPrinterList ( - _XRead32 (dpy, &dataLenVR, (long) sizeof(CARD32) ); - - if (dataLenVR) { -- dataVR = (CARD8 *) Xmalloc( (unsigned) dataLenVR + 1 ); -+ if (dataLenVR < INT_MAX) -+ dataVR = Xmalloc(dataLenVR + 1); -+ else -+ dataVR = NULL; - - if (!dataVR) { -- UnlockDisplay(dpy); -- SyncHandle(); -- return ( (XPPrinterList) NULL ); /* malloc error */ -+ _XEatData(dpy, dataLenVR); -+ } else { -+ _XReadPad (dpy, (char *) dataVR, (long) dataLenVR); -+ dataVR[dataLenVR] = 0; - } -- -- _XReadPad (dpy, (char *) dataVR, (long) dataLenVR); -- dataVR[dataLenVR] = 0; - ptr_list[i].name = (char *) dataVR; - } - else { -@@ -172,16 +173,17 @@ XpGetPrinterList ( - _XRead32 (dpy, &dataLenVR, (long) sizeof(CARD32) ); - - if (dataLenVR) { -- dataVR = (CARD8 *) Xmalloc( (unsigned) dataLenVR + 1 ); -+ if (dataLenVR < INT_MAX) -+ dataVR = Xmalloc(dataLenVR + 1); -+ else -+ dataVR = NULL; - - if (!dataVR) { -- UnlockDisplay(dpy); -- SyncHandle(); -- return ( (XPPrinterList) NULL ); /* malloc error */ -+ _XEatData(dpy, dataLenVR); -+ } else { -+ _XReadPad (dpy, (char *) dataVR, (long) dataLenVR); -+ dataVR[dataLenVR] = 0; - } -- -- _XReadPad (dpy, (char *) dataVR, (long) dataLenVR); -- dataVR[dataLenVR] = 0; - ptr_list[i].desc = (char *) dataVR; - } - else { -@@ -193,6 +195,7 @@ XpGetPrinterList ( - ptr_list = (XPPrinterList) NULL; - } - -+ out: - UnlockDisplay(dpy); - SyncHandle(); - --- -1.8.2.3 - diff --git a/main/libxp/0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch b/main/libxp/0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch deleted file mode 100644 index c7e925e35..000000000 --- a/main/libxp/0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e111065f6dd790c820fa67ea31055b18c68481e3 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 26 Apr 2013 23:59:25 -0700 -Subject: [PATCH 5/5] integer overflows in XpQueryScreens() [CVE-2013-2062 3/3] - -listCount is a CARD32 that needs to be bounds checked before it is -multiplied by the size of the pointers to allocate, to avoid integer -overflow leading to underallocation and writing data from the network -past the end of the allocated buffer. - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/XpScreens.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/XpScreens.c b/src/XpScreens.c -index 815dfbf..b31e554 100644 ---- a/src/XpScreens.c -+++ b/src/XpScreens.c -@@ -42,6 +42,7 @@ - #include <X11/extensions/Printstr.h> - #include <X11/Xlibint.h> - #include "XpExtUtil.h" -+#include <limits.h> - - - Screen ** -@@ -82,19 +83,17 @@ XpQueryScreens ( - *list_count = rep.listCount; - - if (*list_count) { -- scr_list = (Screen **) -- Xmalloc( (unsigned) (sizeof(Screen *) * *list_count) ); -+ if (rep.listCount < (INT_MAX / sizeof(Screen *))) -+ scr_list = Xmalloc(sizeof(Screen *) * *list_count); -+ else -+ scr_list = NULL; - - if (!scr_list) { -- UnlockDisplay(dpy); -- SyncHandle(); -- return ( (Screen **) NULL ); /* malloc error */ -+ _XEatDataWords(dpy, rep.length); -+ goto out; - } - i = 0; - while(i < *list_count){ -- /* -- * Pull printer length and then name. -- */ - _XRead32 (dpy, &rootWindow, (long) sizeof(CARD32) ); - scr_list[i] = NULL; - for ( j = 0; j < XScreenCount(dpy); j++ ) { -@@ -118,6 +117,7 @@ XpQueryScreens ( - scr_list = (Screen **) NULL; - } - -+ out: - UnlockDisplay(dpy); - SyncHandle(); - --- -1.8.2.3 - diff --git a/main/libxp/APKBUILD b/main/libxp/APKBUILD index fe6d5c49b..c7a6acf77 100644 --- a/main/libxp/APKBUILD +++ b/main/libxp/APKBUILD @@ -1,24 +1,18 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libxp -pkgver=1.0.1 -pkgrel=3 +pkgver=1.0.2 +pkgrel=0 pkgdesc="X.Org X11 libXp runtime library" url="http://www.x.org" arch="all" license="MIT" depends= depends_dev="libx11-dev libxext-dev libxau-dev printproto" -makedepends="$depends_dev libtool autoconf automake util-macros" +makedepends="$depends_dev" install="" subpackages="$pkgname-dev $pkgname-doc" source="http://xorg.freedesktop.org/releases/individual/lib/libXp-$pkgver.tar.bz2 - 0001-Stop-trying-to-use-NULL-for-Status-values.patch - 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch - 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch - 0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch - 0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch - 0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch " _builddir="$srcdir"/libXp-$pkgver @@ -30,8 +24,6 @@ prepare() { *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; esac done - libtoolize --force && aclocal && autoheader && autoconf \ - && automake --add-missing } build() { @@ -51,24 +43,6 @@ package() { rm "$pkgdir"/usr/lib/*.la || return 1 } -md5sums="7ae1d63748e79086bd51a633da1ff1a9 libXp-1.0.1.tar.bz2 -b52d9e1211abece91ce91b96cbeec7da 0001-Stop-trying-to-use-NULL-for-Status-values.patch -dfc36d7aa39348115edbed43e7b3bacd 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch -8d99d975ee248d292c57f0539a74f444 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch -0affd2550812541d7c6e03b10a882a39 0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch -74e9e315a2b7b714c2ebbc69e4478723 0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch -59085b08c7ae142238ee20af93836926 0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch" -sha256sums="71d1f260005616d646b8c8788365f2b7d93911dac57bb53b65753d9f9e6443d2 libXp-1.0.1.tar.bz2 -6cd5d7b70861a35434f87c8494755ee125945b9bfb6189314c94edcf806aa104 0001-Stop-trying-to-use-NULL-for-Status-values.patch -666273216e13b759e85cf84c345e9253771e729f605987e580ad55b0ad7651a3 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch -f128151ebd1206d85c6ee55d1558fb1e3f446a7334466571818850096fec7a87 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch -ad96f0031978dd8befa29bde872a8a9b40e4fbfccf42cd22e201f975564db3b6 0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch -cbadbece5e73d568826b19b2f743860c8dfe47f4077accffa939cc51a79ead0c 0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch -0a597afeab8bd76dcd72fec97efd0a8db12c1dd1d9f431085e061aa1b6ca1f3d 0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch" -sha512sums="0707256ae344b847f1a5bbf85f9e6e6f926be3bee10858e3c92932ee02007fdb908cb64a6f2ce0de501f99117e4582c1bcf9bc6f921490d42cabbfb997d731bd libXp-1.0.1.tar.bz2 -ac9c215a03b6408c72bcd017d4059f09bc7e0345a90ee79a29476534316c57057a9ada717af4f3ec511cf19c57f4e98bee05856b8cbb6c14b83e1bf9349797f9 0001-Stop-trying-to-use-NULL-for-Status-values.patch -5a55658cedbf6ac8d410f19ceed0ef38d65a81ef54e9ffde86ac285c477669d760a1b5c2d9791aff50d48698298bcfdd3290e1b95321c62230809a8a65222127 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch -9a94b99f96d03e436450daa40e54d3d091d362e76428a4bc0fdacb38b3582c1a18ad5b1824621282892bc3f9e0964bae2d8e15ccdfc5c27a426f118c7a7336c8 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch -48d47a8878f2f3663c1e00091c6190ae9d4b0e08594cfb87d4810e726caf5a138100ef59d0fdb352cb5805ab3268bedde86f20d4637533f81d71451fc0989f20 0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch -5b6e0c05209546c6ef29bc6ed9a24b4117d8a4983fc49abf554920d189fd73d97198c4428951177f7b21dcd968d786c98fa5b53d457946e9b79504fc6ed7c9f6 0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch -8242840592974a57e98e9c6dfed73031f632dc26b88ba2bf40016c9778955476490eb14766de6a02429ad56066f228d23b3cd9c0772585c020be3b6dec32b522 0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch" +md5sums="bb038577c7f4e42a1b675fa6451bc4aa libXp-1.0.2.tar.bz2" +sha256sums="952fe5b5e90abd2cf04739aef3a9b63a253cd9309ed066a82bab7ca9112fd0b5 libXp-1.0.2.tar.bz2" +sha512sums="39670864e29db469060bdd66c7f4a64aadfd07506367617b8c2c91b91553b4e632ff70ebe59fc0198cdb7f12874e380a8bffcae7c192b0028bc5c52faf2bdc52 libXp-1.0.2.tar.bz2" |