diff options
5 files changed, 6 insertions, 209 deletions
diff --git a/main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch b/main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch deleted file mode 100644 index b8ef330d8d..0000000000 --- a/main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 83e7693515369d57dcd11c2bb1f03563f51bc500 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 18 Jan 2013 23:06:20 -0800 -Subject: [PATCH 1/4] Replace deprecated Automake INCLUDES variable with - AM_CPPFLAGS - -Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html - - - Support for the long-deprecated INCLUDES variable will be removed - altogether in Automake 1.14. The AM_CPPFLAGS variable should be - used instead. - -This variable was deprecated in Automake releases prior to 1.10, which is -the current minimum level required to build X. - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index fd508da..bf66d68 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -10,7 +10,7 @@ AM_CFLAGS = \ - $(XRES_CFLAGS) \ - $(MALLOC_ZERO_CFLAGS) - --INCLUDES = -I$(top_srcdir)/include -+AM_CPPFLAGS = -I$(top_srcdir)/include - - libXRes_la_LDFLAGS = -version-number 1:0:0 -no-undefined - --- -1.8.2.3 - diff --git a/main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch b/main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch deleted file mode 100644 index 9f22c4fa5b..0000000000 --- a/main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 69457711050ac3a53859ef11790a7ac815cd7d94 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Sat, 13 Apr 2013 10:34:22 -0700 -Subject: [PATCH 2/4] Use _XEatDataWords to avoid overflow of rep.length - shifting - -rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds - -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - configure.ac | 6 ++++++ - src/XRes.c | 16 ++++++++++++++-- - 2 files changed, 20 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 90205cc..f68b689 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -50,6 +50,12 @@ XORG_CHECK_MALLOC_ZERO - # Obtain compiler/linker options for depedencies - PKG_CHECK_MODULES(XRES, x11 xext xextproto [resourceproto >= 1.2.0]) - -+# Check for _XEatDataWords function that may be patched into older Xlib release -+SAVE_LIBS="$LIBS" -+LIBS="$XRES_LIBS" -+AC_CHECK_FUNCS([_XEatDataWords]) -+LIBS="$SAVE_LIBS" -+ - AC_CONFIG_FILES([Makefile - src/Makefile - man/Makefile -diff --git a/src/XRes.c b/src/XRes.c -index 1744196..1ab1db8 100644 ---- a/src/XRes.c -+++ b/src/XRes.c -@@ -13,6 +13,18 @@ - #include <X11/extensions/XResproto.h> - #include <X11/extensions/XRes.h> - -+#include <limits.h> -+ -+#ifndef HAVE__XEATDATAWORDS -+static inline void _XEatDataWords(Display *dpy, unsigned long n) -+{ -+# ifndef LONG64 -+ if (n >= (ULONG_MAX >> 2)) -+ _XIOError(dpy); -+# endif -+ _XEatData (dpy, n << 2); -+} -+#endif - - static XExtensionInfo _xres_ext_info_data; - static XExtensionInfo *xres_ext_info = &_xres_ext_info_data; -@@ -131,7 +143,7 @@ Status XResQueryClients ( - *num_clients = rep.num_clients; - result = 1; - } else { -- _XEatData(dpy, rep.length << 2); -+ _XEatDataWords(dpy, rep.length); - } - } - -@@ -183,7 +195,7 @@ Status XResQueryClientResources ( - *num_types = rep.num_types; - result = 1; - } else { -- _XEatData(dpy, rep.length << 2); -+ _XEatDataWords(dpy, rep.length); - } - } - --- -1.8.2.3 - diff --git a/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch b/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch deleted file mode 100644 index e851c092f1..0000000000 --- a/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b053d215b80e721f9afdc5794e4f3f4f2aee0141 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 12 Apr 2013 23:36:13 -0700 -Subject: [PATCH 3/4] integer overflow in XResQueryClients() [CVE-2013-1988 - 1/2] - -The CARD32 rep.num_clients needs to be bounds checked before multiplying -by sizeof(XResClient) to avoid integer overflow leading to underallocation -and writing data from the network past the end of the allocated buffer. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/XRes.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/XRes.c b/src/XRes.c -index 1ab1db8..c989985 100644 ---- a/src/XRes.c -+++ b/src/XRes.c -@@ -130,7 +130,12 @@ Status XResQueryClients ( - } - - if(rep.num_clients) { -- if((clnts = Xmalloc(sizeof(XResClient) * rep.num_clients))) { -+ if (rep.num_clients < (INT_MAX / sizeof(XResClient))) -+ clnts = Xmalloc(sizeof(XResClient) * rep.num_clients); -+ else -+ clnts = NULL; -+ -+ if (clnts != NULL) { - xXResClient scratch; - int i; - --- -1.8.2.3 - diff --git a/main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch b/main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch deleted file mode 100644 index bca2bb0260..0000000000 --- a/main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f468184963e53feda848853c4aefd0197b2cc116 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Fri, 12 Apr 2013 23:36:13 -0700 -Subject: [PATCH 4/4] integer overflow in XResQueryClientResources() - [CVE-2013-1988 2/2] - -The CARD32 rep.num_types needs to be bounds checked before multiplying -by sizeof(XResType) to avoid integer overflow leading to underallocation -and writing data from the network past the end of the allocated buffer. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> ---- - src/XRes.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/XRes.c b/src/XRes.c -index c989985..51e905f 100644 ---- a/src/XRes.c -+++ b/src/XRes.c -@@ -187,7 +187,12 @@ Status XResQueryClientResources ( - } - - if(rep.num_types) { -- if((typs = Xmalloc(sizeof(XResType) * rep.num_types))) { -+ if (rep.num_types < (INT_MAX / sizeof(XResType))) -+ typs = Xmalloc(sizeof(XResType) * rep.num_types); -+ else -+ typs = NULL; -+ -+ if (typs != NULL) { - xXResType scratch; - int i; - --- -1.8.2.3 - diff --git a/main/libxres/APKBUILD b/main/libxres/APKBUILD index 705ca3e2dc..2abb57fed0 100644 --- a/main/libxres/APKBUILD +++ b/main/libxres/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libxres -pkgver=1.0.6 -pkgrel=1 +pkgver=1.0.7 +pkgrel=0 pkgdesc="X11 Resource extension library" url="http://xorg.freedesktop.org" arch="all" @@ -9,12 +9,8 @@ license="custom" subpackages="$pkgname-dev $pkgname-doc" depends= depends_dev="xproto resourceproto libx11-dev libxext-dev" -makedepends="$depends_dev libtool autoconf automake util-macros" +makedepends="$depends_dev" source="http://xorg.freedesktop.org/releases/individual/lib/libXres-$pkgver.tar.bz2 - 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch - 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch - 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch - 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch " _builddir="$srcdir"/libXres-$pkgver @@ -25,8 +21,6 @@ prepare() { *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; esac done - libtoolize --force && aclocal && autoheader && autoconf \ - && automake --add-missing } build() { @@ -43,18 +37,6 @@ package() { install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE } -md5sums="80d0c6d8522fa7a645e4f522e9a9cd20 libXres-1.0.6.tar.bz2 -1c9e87b0d44dd1e3630c2dace1885f5c 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch -b846d11e2aded99e05b17f582704a2b8 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch -d30b38ef42f65a9409ff53df81257ca2 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch -791bd7a8effc52ed2e5ae266729b317a 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch" -sha256sums="ff8661c925e8b182f98ae98f02bbd93c55259ef7f34a92c1a126b6074ebde890 libXres-1.0.6.tar.bz2 -6069a7690f226a98e5ca898e0213f96672ad47a3ce2fbd4079cce185bf7842e2 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch -5ae734771ea853177771b7ef566c1ebc8a365c301353fc1883007d2c560df26e 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch -c40579e8ce20316710339fe1c497b3b75e641a1de66321892f40b71ca0e316db 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch -4ce80a734022df47f5c6b6bbb984446c67ca2dff7231dee5c1686f496bf6ab30 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch" -sha512sums="ba884e32446946520d1ba81764fac64f5350fb109cff1846e839c2a9ef11708ebd39d4434525a373af0c10250fc5f508a34f965f9e2312d5bc50ccbefbafa65c libXres-1.0.6.tar.bz2 -ffa4def53bd8e99120526e55d5eb025e135517e8d6d43fb6abd64ec9c3c4234d026bdb5d35477292aecb3a56f44041a2b1338909997bc671adca43f175d9f774 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch -6a9d2e50b5bf128c5a9366b227b4d0649388aea5907e180346ac53ddb0685afad05d22d24b7953e7c323292153aa5867582adf9940420da69eef2b67ff0597d3 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch -ea313a26f8ffffcaa8de2a813e8df775b534895b0d8400640292e94465a80b20daf3ee45db25695e6ca867f298b6490beeb5b5bf67065b001e4a9f971534c474 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch -d8b4be3b9a69f33c32254f23dfa51fd4154ea1afae498aea2ab841a7d98e526af666b4a3b9df8f011f04d440e6f20ea0e9c58627eb7030992a2e0897b8f02ad7 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch" +md5sums="45ef29206a6b58254c81bea28ec6c95f libXres-1.0.7.tar.bz2" +sha256sums="26899054aa87f81b17becc68e8645b240f140464cf90c42616ebb263ec5fa0e5 libXres-1.0.7.tar.bz2" +sha512sums="796a79ab694317910442cb10a936711df9dde95764eef11efb8dedc85114977e56409de2f640553f1ad492325df178b8cfbeaeec3f03bf084638c555e44292e0 libXres-1.0.7.tar.bz2" |