aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch36
-rw-r--r--main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch75
-rw-r--r--main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch37
-rw-r--r--main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch37
-rw-r--r--main/libxres/APKBUILD30
5 files changed, 6 insertions, 209 deletions
diff --git a/main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch b/main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
deleted file mode 100644
index b8ef330d8d..0000000000
--- a/main/libxres/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 83e7693515369d57dcd11c2bb1f03563f51bc500 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 18 Jan 2013 23:06:20 -0800
-Subject: [PATCH 1/4] Replace deprecated Automake INCLUDES variable with
- AM_CPPFLAGS
-
-Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
-
- - Support for the long-deprecated INCLUDES variable will be removed
- altogether in Automake 1.14. The AM_CPPFLAGS variable should be
- used instead.
-
-This variable was deprecated in Automake releases prior to 1.10, which is
-the current minimum level required to build X.
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index fd508da..bf66d68 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -10,7 +10,7 @@ AM_CFLAGS = \
- $(XRES_CFLAGS) \
- $(MALLOC_ZERO_CFLAGS)
-
--INCLUDES = -I$(top_srcdir)/include
-+AM_CPPFLAGS = -I$(top_srcdir)/include
-
- libXRes_la_LDFLAGS = -version-number 1:0:0 -no-undefined
-
---
-1.8.2.3
-
diff --git a/main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch b/main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
deleted file mode 100644
index 9f22c4fa5b..0000000000
--- a/main/libxres/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 69457711050ac3a53859ef11790a7ac815cd7d94 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 13 Apr 2013 10:34:22 -0700
-Subject: [PATCH 2/4] Use _XEatDataWords to avoid overflow of rep.length
- shifting
-
-rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- configure.ac | 6 ++++++
- src/XRes.c | 16 ++++++++++++++--
- 2 files changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 90205cc..f68b689 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -50,6 +50,12 @@ XORG_CHECK_MALLOC_ZERO
- # Obtain compiler/linker options for depedencies
- PKG_CHECK_MODULES(XRES, x11 xext xextproto [resourceproto >= 1.2.0])
-
-+# Check for _XEatDataWords function that may be patched into older Xlib release
-+SAVE_LIBS="$LIBS"
-+LIBS="$XRES_LIBS"
-+AC_CHECK_FUNCS([_XEatDataWords])
-+LIBS="$SAVE_LIBS"
-+
- AC_CONFIG_FILES([Makefile
- src/Makefile
- man/Makefile
-diff --git a/src/XRes.c b/src/XRes.c
-index 1744196..1ab1db8 100644
---- a/src/XRes.c
-+++ b/src/XRes.c
-@@ -13,6 +13,18 @@
- #include <X11/extensions/XResproto.h>
- #include <X11/extensions/XRes.h>
-
-+#include <limits.h>
-+
-+#ifndef HAVE__XEATDATAWORDS
-+static inline void _XEatDataWords(Display *dpy, unsigned long n)
-+{
-+# ifndef LONG64
-+ if (n >= (ULONG_MAX >> 2))
-+ _XIOError(dpy);
-+# endif
-+ _XEatData (dpy, n << 2);
-+}
-+#endif
-
- static XExtensionInfo _xres_ext_info_data;
- static XExtensionInfo *xres_ext_info = &_xres_ext_info_data;
-@@ -131,7 +143,7 @@ Status XResQueryClients (
- *num_clients = rep.num_clients;
- result = 1;
- } else {
-- _XEatData(dpy, rep.length << 2);
-+ _XEatDataWords(dpy, rep.length);
- }
- }
-
-@@ -183,7 +195,7 @@ Status XResQueryClientResources (
- *num_types = rep.num_types;
- result = 1;
- } else {
-- _XEatData(dpy, rep.length << 2);
-+ _XEatDataWords(dpy, rep.length);
- }
- }
-
---
-1.8.2.3
-
diff --git a/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch b/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
deleted file mode 100644
index e851c092f1..0000000000
--- a/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b053d215b80e721f9afdc5794e4f3f4f2aee0141 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 12 Apr 2013 23:36:13 -0700
-Subject: [PATCH 3/4] integer overflow in XResQueryClients() [CVE-2013-1988
- 1/2]
-
-The CARD32 rep.num_clients needs to be bounds checked before multiplying
-by sizeof(XResClient) to avoid integer overflow leading to underallocation
-and writing data from the network past the end of the allocated buffer.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XRes.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/XRes.c b/src/XRes.c
-index 1ab1db8..c989985 100644
---- a/src/XRes.c
-+++ b/src/XRes.c
-@@ -130,7 +130,12 @@ Status XResQueryClients (
- }
-
- if(rep.num_clients) {
-- if((clnts = Xmalloc(sizeof(XResClient) * rep.num_clients))) {
-+ if (rep.num_clients < (INT_MAX / sizeof(XResClient)))
-+ clnts = Xmalloc(sizeof(XResClient) * rep.num_clients);
-+ else
-+ clnts = NULL;
-+
-+ if (clnts != NULL) {
- xXResClient scratch;
- int i;
-
---
-1.8.2.3
-
diff --git a/main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch b/main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch
deleted file mode 100644
index bca2bb0260..0000000000
--- a/main/libxres/0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From f468184963e53feda848853c4aefd0197b2cc116 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 12 Apr 2013 23:36:13 -0700
-Subject: [PATCH 4/4] integer overflow in XResQueryClientResources()
- [CVE-2013-1988 2/2]
-
-The CARD32 rep.num_types needs to be bounds checked before multiplying
-by sizeof(XResType) to avoid integer overflow leading to underallocation
-and writing data from the network past the end of the allocated buffer.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XRes.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/XRes.c b/src/XRes.c
-index c989985..51e905f 100644
---- a/src/XRes.c
-+++ b/src/XRes.c
-@@ -187,7 +187,12 @@ Status XResQueryClientResources (
- }
-
- if(rep.num_types) {
-- if((typs = Xmalloc(sizeof(XResType) * rep.num_types))) {
-+ if (rep.num_types < (INT_MAX / sizeof(XResType)))
-+ typs = Xmalloc(sizeof(XResType) * rep.num_types);
-+ else
-+ typs = NULL;
-+
-+ if (typs != NULL) {
- xXResType scratch;
- int i;
-
---
-1.8.2.3
-
diff --git a/main/libxres/APKBUILD b/main/libxres/APKBUILD
index 705ca3e2dc..2abb57fed0 100644
--- a/main/libxres/APKBUILD
+++ b/main/libxres/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libxres
-pkgver=1.0.6
-pkgrel=1
+pkgver=1.0.7
+pkgrel=0
pkgdesc="X11 Resource extension library"
url="http://xorg.freedesktop.org"
arch="all"
@@ -9,12 +9,8 @@ license="custom"
subpackages="$pkgname-dev $pkgname-doc"
depends=
depends_dev="xproto resourceproto libx11-dev libxext-dev"
-makedepends="$depends_dev libtool autoconf automake util-macros"
+makedepends="$depends_dev"
source="http://xorg.freedesktop.org/releases/individual/lib/libXres-$pkgver.tar.bz2
- 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
- 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
- 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
- 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch
"
_builddir="$srcdir"/libXres-$pkgver
@@ -25,8 +21,6 @@ prepare() {
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
- libtoolize --force && aclocal && autoheader && autoconf \
- && automake --add-missing
}
build() {
@@ -43,18 +37,6 @@ package() {
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
-md5sums="80d0c6d8522fa7a645e4f522e9a9cd20 libXres-1.0.6.tar.bz2
-1c9e87b0d44dd1e3630c2dace1885f5c 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-b846d11e2aded99e05b17f582704a2b8 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
-d30b38ef42f65a9409ff53df81257ca2 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
-791bd7a8effc52ed2e5ae266729b317a 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch"
-sha256sums="ff8661c925e8b182f98ae98f02bbd93c55259ef7f34a92c1a126b6074ebde890 libXres-1.0.6.tar.bz2
-6069a7690f226a98e5ca898e0213f96672ad47a3ce2fbd4079cce185bf7842e2 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-5ae734771ea853177771b7ef566c1ebc8a365c301353fc1883007d2c560df26e 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
-c40579e8ce20316710339fe1c497b3b75e641a1de66321892f40b71ca0e316db 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
-4ce80a734022df47f5c6b6bbb984446c67ca2dff7231dee5c1686f496bf6ab30 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch"
-sha512sums="ba884e32446946520d1ba81764fac64f5350fb109cff1846e839c2a9ef11708ebd39d4434525a373af0c10250fc5f508a34f965f9e2312d5bc50ccbefbafa65c libXres-1.0.6.tar.bz2
-ffa4def53bd8e99120526e55d5eb025e135517e8d6d43fb6abd64ec9c3c4234d026bdb5d35477292aecb3a56f44041a2b1338909997bc671adca43f175d9f774 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
-6a9d2e50b5bf128c5a9366b227b4d0649388aea5907e180346ac53ddb0685afad05d22d24b7953e7c323292153aa5867582adf9940420da69eef2b67ff0597d3 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
-ea313a26f8ffffcaa8de2a813e8df775b534895b0d8400640292e94465a80b20daf3ee45db25695e6ca867f298b6490beeb5b5bf67065b001e4a9f971534c474 0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
-d8b4be3b9a69f33c32254f23dfa51fd4154ea1afae498aea2ab841a7d98e526af666b4a3b9df8f011f04d440e6f20ea0e9c58627eb7030992a2e0897b8f02ad7 0004-integer-overflow-in-XResQueryClientResources-CVE-201.patch"
+md5sums="45ef29206a6b58254c81bea28ec6c95f libXres-1.0.7.tar.bz2"
+sha256sums="26899054aa87f81b17becc68e8645b240f140464cf90c42616ebb263ec5fa0e5 libXres-1.0.7.tar.bz2"
+sha512sums="796a79ab694317910442cb10a936711df9dde95764eef11efb8dedc85114977e56409de2f640553f1ad492325df178b8cfbeaeec3f03bf084638c555e44292e0 libXres-1.0.7.tar.bz2"