aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2013-05-31 10:52:42 +0200
committerBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2013-05-31 10:58:49 +0200
commitb38525cec841341dd78da55da2b6c973cef76263 (patch)
tree51b88a23d516157c35d3e2d2aa13df95db3ef451 /main
parente0f8a9288a30bbe3e3be96f612b5e334bdeef337 (diff)
downloadaports-b38525cec841341dd78da55da2b6c973cef76263.tar.bz2
aports-b38525cec841341dd78da55da2b6c973cef76263.tar.xz
main/libxcursor: upgrade to 1.1.14
Diffstat (limited to 'main')
-rw-r--r--main/libxcursor/APKBUILD14
-rw-r--r--main/libxcursor/CVE-2013-2003.patch34
2 files changed, 5 insertions, 43 deletions
diff --git a/main/libxcursor/APKBUILD b/main/libxcursor/APKBUILD
index e769d48313..c1d14bcc6e 100644
--- a/main/libxcursor/APKBUILD
+++ b/main/libxcursor/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libxcursor
-pkgver=1.1.13
+pkgver=1.1.14
pkgrel=1
pkgdesc="X cursor management library"
url="http://xorg.freedesktop.org/"
@@ -10,8 +10,7 @@ subpackages="$pkgname-dev $pkgname-doc"
depends=
depends_dev="xproto libx11-dev libxrender-dev libxfixes-dev"
makedepends="$depends_dev"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXcursor-$pkgver.tar.bz2
- CVE-2013-2003.patch"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXcursor-$pkgver.tar.bz2"
_builddir="$srcdir"/libXcursor-$pkgver
prepare() {
@@ -36,9 +35,6 @@ package() {
make DESTDIR="$pkgdir" install || return 1
rm "$pkgdir"/usr/lib/*.la || return 1
}
-md5sums="52efa81b7f26c8eda13510a2fba98eea libXcursor-1.1.13.tar.bz2
-e604d93c5dfcc22078129959acc9a6d5 CVE-2013-2003.patch"
-sha256sums="f78827de4a1b7ce8cceca24a9ab9d1b1d2f6a61362f505166ffc19b07c0bad8f libXcursor-1.1.13.tar.bz2
-9d7d03d476f92b3527daa825c7d7986f3048ced65cf548ab2667b3834b3560c8 CVE-2013-2003.patch"
-sha512sums="81e9523c8181341b6607a97e493f065ac094638479a6094360d1adbccd637c9c7397c28b700e2abd568f42f4ba43a62153186371f6706b06959980b435bb45cc libXcursor-1.1.13.tar.bz2
-c471d5a3823d8206ee2dfe27482ed83559444a989aeeee49b67bf0d77c6a6dd6fb74d2708766b41c3e28cc89249c6ba5c41454aac2df3aeb57d2c1cc706effa0 CVE-2013-2003.patch"
+md5sums="1e7c17afbbce83e2215917047c57d1b3 libXcursor-1.1.14.tar.bz2"
+sha256sums="9bc6acb21ca14da51bda5bc912c8955bc6e5e433f0ab00c5e8bef842596c33df libXcursor-1.1.14.tar.bz2"
+sha512sums="687963b54da66be25371f64a88f91812b38de4ffc3b806070f3aeb1da379df16ede819201a352b3fb66efc6b40a36a22770add3ae464f2008aff3e23cb60a8e6 libXcursor-1.1.14.tar.bz2"
diff --git a/main/libxcursor/CVE-2013-2003.patch b/main/libxcursor/CVE-2013-2003.patch
deleted file mode 100644
index a4f41e1453..0000000000
--- a/main/libxcursor/CVE-2013-2003.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 8f677eaea05290531d007d1fec2768119926088d Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 13 Apr 2013 04:17:28 +0000
-Subject: signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003]
-
-When parsing cursor files, a user defined (e.g. through environment
-variables) cursor file is opened and parsed.
-
-The header is read in _XcursorReadFileHeader(), which reads an unsigned
-int for the number of toc structures in the header, but it was being
-passed to _XcursorFileHeaderCreate() as a signed int to allocate those
-structures. If the number was negative, it would pass the bounds check
-and could overflow the calculation for how much memory to allocate to
-store the data being read, leading to overflowing the buffer with the
-data read from the user controlled file.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
-diff --git a/src/file.c b/src/file.c
-index efe6d4b..ce9de78 100644
---- a/src/file.c
-+++ b/src/file.c
-@@ -205,7 +205,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
- }
-
- static XcursorFileHeader *
--_XcursorFileHeaderCreate (int ntoc)
-+_XcursorFileHeaderCreate (XcursorUInt ntoc)
- {
- XcursorFileHeader *fileHeader;
-
---
-cgit v0.9.0.2-2-gbebe