main/libxinerama: upgrade to 1.1.3

author: Natanael Copa <ncopa@alpinelinux.org> 2013-06-06 16:09:21 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-06-06 16:09:21 +0000
commit: 61e1807d75995b90f2dea5e736b3ea225d87215b (patch)
tree: d4640dd63b3342089b7845dc152267cd67489c7d /main/libxinerama
parent: e04a6fa5ce24fe6a6c4d4e4b7e8bd864cc65f6cd (diff)
download: aports-61e1807d75995b90f2dea5e736b3ea225d87215b.tar.bz2
aports-61e1807d75995b90f2dea5e736b3ea225d87215b.tar.xz
3 files changed, 6 insertions, 170 deletions
diff --git a/main/libxinerama/0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch b/main/libxinerama/0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch
deleted file mode 100644
index eb7009594..000000000
--- a/main/libxinerama/0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 7ce3ce4be46087f9cc57cb415875abaaa961f734 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 4 May 2013 09:21:14 -0700
-Subject: [PATCH 1/2] Use _XEatDataWords to avoid overflow of _XEatData
- calculations
-
-rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- configure.ac   |  6 ++++++
- src/Xinerama.c | 19 ++++++++++++++++++-
- 2 files changed, 24 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index e335508..046a1aa 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -42,6 +42,12 @@ XORG_CHECK_MALLOC_ZERO
- # Obtain compiler/linker options for depedencies
- PKG_CHECK_MODULES(XINERAMA, x11 xext xextproto [xineramaproto >= 1.1.99.1])
- 
-+# Check for _XEatDataWords function that may be patched into older Xlib releases
-+SAVE_LIBS="$LIBS"
-+LIBS="$XINERAMA_LIBS"
-+AC_CHECK_FUNCS([_XEatDataWords])
-+LIBS="$SAVE_LIBS"
-+
- # Allow checking code with lint, sparse, etc.
- XORG_WITH_LINT
- LINT_FLAGS="${LINT_FLAGS} ${XINERAMA_CFLAGS}"
-diff --git a/src/Xinerama.c b/src/Xinerama.c
-index 7d7e4d8..04189b6 100644
---- a/src/Xinerama.c
-+++ b/src/Xinerama.c
-@@ -23,6 +23,10 @@ dealings in this Software without prior written authorization from Digital
- Equipment Corporation.
- ******************************************************************/
- 
-+#ifdef HAVE_CONFIG_H
-+# include "config.h"
-+#endif
-+
- #include <X11/Xlibint.h>
- #include <X11/Xutil.h>
- #include <X11/extensions/Xext.h>
-@@ -31,6 +35,19 @@ Equipment Corporation.
- #include <X11/extensions/panoramiXproto.h>
- #include <X11/extensions/Xinerama.h>
- 
-+#ifndef HAVE__XEATDATAWORDS
-+#include <X11/Xmd.h>  /* for LONG64 on 64-bit platforms */
-+#include <limits.h>
-+
-+static inline void _XEatDataWords(Display *dpy, unsigned long n)
-+{
-+# ifndef LONG64
-+    if (n >= (ULONG_MAX >> 2))
-+        _XIOError(dpy);
-+# endif
-+    _XEatData (dpy, n << 2);
-+}
-+#endif
- 
- static XExtensionInfo _panoramiX_ext_info_data;
- static XExtensionInfo *panoramiX_ext_info = &_panoramiX_ext_info_data;
-@@ -302,7 +319,7 @@ XineramaQueryScreens(
- 
- 	    *number = rep.number;
- 	} else
--	    _XEatData(dpy, rep.length << 2);
-+	    _XEatDataWords(dpy, rep.length);
-     } else {
- 	*number = 0;
-     }
--- 
-1.8.2.3
-
diff --git a/main/libxinerama/0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch b/main/libxinerama/0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch
deleted file mode 100644
index a0ce966b9..000000000
--- a/main/libxinerama/0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 99c644fc8488657bdd106717df7446d606f9ef22 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 8 Mar 2013 19:55:55 -0800
-Subject: [PATCH 2/2] integer overflow in XineramaQueryScreens()
- [CVE-2013-1985]
-
-If the reported number of screens is too large, the calculations to
-allocate memory for them may overflow, leaving us writing beyond the
-bounds of the allocation.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/Xinerama.c | 44 ++++++++++++++++++++++++++++----------------
- 1 file changed, 28 insertions(+), 16 deletions(-)
-
-diff --git a/src/Xinerama.c b/src/Xinerama.c
-index 04189b6..67a35b5 100644
---- a/src/Xinerama.c
-+++ b/src/Xinerama.c
-@@ -303,24 +303,36 @@ XineramaQueryScreens(
- 	return NULL;
-     }
- 
--    if(rep.number) {
--	if((scrnInfo = Xmalloc(sizeof(XineramaScreenInfo) * rep.number))) {
-+    /*
-+     * rep.number is a CARD32 so could be as large as 2^32
-+     * The X11 protocol limits the total screen size to 64k x 64k,
-+     * and no screen can be smaller than a pixel.  While technically
-+     * that means we could theoretically reach 2^32 screens, and that's
-+     * not even taking overlap into account, Xorg is currently limited
-+     * to 16 screens, and few known servers have a much higher limit,
-+     * so 1024 seems more than enough to prevent both integer overflow
-+     * and insane X server responses causing massive memory allocation.
-+     */
-+    if ((rep.number > 0) && (rep.number <= 1024))
-+	scrnInfo = Xmalloc(sizeof(XineramaScreenInfo) * rep.number);
-+    if (scrnInfo != NULL) {
-+	int i;
-+
-+	for (i = 0; i < rep.number; i++) {
- 	    xXineramaScreenInfo scratch;
--	    int i;
--
--	    for(i = 0; i < rep.number; i++) {
--		_XRead(dpy, (char*)(&scratch), sz_XineramaScreenInfo);
--		scrnInfo[i].screen_number = i;
--		scrnInfo[i].x_org 	  = scratch.x_org;
--		scrnInfo[i].y_org 	  = scratch.y_org;
--		scrnInfo[i].width 	  = scratch.width;
--		scrnInfo[i].height 	  = scratch.height;
--	    }
--
--	    *number = rep.number;
--	} else
--	    _XEatDataWords(dpy, rep.length);
-+
-+	    _XRead(dpy, (char*)(&scratch), sz_XineramaScreenInfo);
-+
-+	    scrnInfo[i].screen_number = i;
-+	    scrnInfo[i].x_org	= scratch.x_org;
-+	    scrnInfo[i].y_org	= scratch.y_org;
-+	    scrnInfo[i].width	= scratch.width;
-+	    scrnInfo[i].height	= scratch.height;
-+	}
-+
-+	*number = rep.number;
-     } else {
-+	_XEatDataWords(dpy, rep.length);
- 	*number = 0;
-     }
- 
--- 
-1.8.2.3
-
diff --git a/main/libxinerama/APKBUILD b/main/libxinerama/APKBUILD
index 36c75c940..2d5465f24 100644
--- a/main/libxinerama/APKBUILD
+++ b/main/libxinerama/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxinerama
-pkgver=1.1.2
-pkgrel=1
+pkgver=1.1.3
+pkgrel=0
 pkgdesc="X11 Xinerama extension library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -9,10 +9,8 @@ license="custom"
 subpackages="$pkgname-dev $pkgname-doc"
 depends=
 depends_dev="xineramaproto libx11-dev libxext-dev"
-makedepends="$depends_dev libtool automake autoconf util-macros"
+makedepends="$depends_dev"
 source="http://xorg.freedesktop.org/releases/individual/lib/libXinerama-$pkgver.tar.bz2
-	0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch
-	0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch
 	"
 
 _builddir="$srcdir"/libXinerama-$pkgver
@@ -23,8 +21,6 @@ prepare() {
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
 		esac
 	done
-	libtoolize --force && aclocal && autoheader && autoconf \
-		&& automake --add-missing
 }
 
 build() { 
@@ -38,12 +34,6 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
-md5sums="cb45d6672c93a608f003b6404f1dd462  libXinerama-1.1.2.tar.bz2
-a315f9665077ca4b845a7176a6a761e6  0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch
-0fccb7f32a31711cadf04d1f68326ea7  0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch"
-sha256sums="a4e77c2fd88372e4ae365f3ca0434a23613da96c5b359b1a64bf43614ec06aac  libXinerama-1.1.2.tar.bz2
-78201bfc1c9cafb0180373c0dc65edb0051f8ca541024effbfe1e146c71fb830  0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch
-21a7aeecf921b7cd237410458947c3fdcec45b9e4af4c94c603b1d22ee31bd0c  0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch"
-sha512sums="3bddf3daec22476e02bedaf3a995943c45810033dea022472130b05500985fc402e3d766c4d86acefc0237fc1b5d06ddb28377093097eeef0f9bfcbd7e2e84dc  libXinerama-1.1.2.tar.bz2
-270ac2ffef12bec7629041f3a89ea3dae11f186772a8abbdbee4d2331528f670d2920a7510fa957fc8596bd66ee93f6bb3df030be6de7fdbd71de3cba486fe9f  0001-Use-_XEatDataWords-to-avoid-overflow-of-_XEatData-ca.patch
-336e07a24379af596bb6ee7efa8adfe93109aa84fa5a3013edeebc2a6ecc4b88433ef60d3ffb4c71c02103b693bb5391bac7a45e177188e41139f5f4ae2c2f6b  0002-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch"
+md5sums="9336dc46ae3bf5f81c247f7131461efd  libXinerama-1.1.3.tar.bz2"
+sha256sums="7a45699f1773095a3f821e491cbd5e10c887c5a5fce5d8d3fced15c2ff7698e2  libXinerama-1.1.3.tar.bz2"
+sha512sums="c9f059697c04fdc600d9e63873e924032d6cff456674ee28a885270c54722d96df0ef7a78432c2bdc0844241f115e00ad730c29d84681efc1c45a2e1acb3288c  libXinerama-1.1.3.tar.bz2"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-06-06 16:09:21 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-06-06 16:09:21 +0000
commit	61e1807d75995b90f2dea5e736b3ea225d87215b (patch)
tree	d4640dd63b3342089b7845dc152267cd67489c7d /main/libxinerama
parent	e04a6fa5ce24fe6a6c4d4e4b7e8bd864cc65f6cd (diff)
download	aports-61e1807d75995b90f2dea5e736b3ea225d87215b.tar.bz2 aports-61e1807d75995b90f2dea5e736b3ea225d87215b.tar.xz