main/libxp: fix CVE-2013-2062

ref #1931

1 files changed, 30 insertions, 5 deletions

diff --git a/main/libxp/APKBUILD b/main/libxp/APKBUILD
index 616e034f9..4bd21ace0 100644
--- a/main/libxp/APKBUILD
+++ b/main/libxp/APKBUILD
@@ -2,17 +2,23 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxp
 pkgver=1.0.1
-pkgrel=1
+pkgrel=2
 pkgdesc="X.Org X11 libXp runtime library"
 url="http://www.x.org"
 arch="all"
 license="MIT"
 depends=
-depends_dev="util-macros libx11-dev libxext-dev libxau-dev printproto"
-makedepends="$depends_dev"
+depends_dev="libx11-dev libxext-dev libxau-dev printproto"
+makedepends="$depends_dev libtool autoconf automake util-macros"
 install=""
 subpackages="$pkgname-dev $pkgname-doc"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXp-$pkgver.tar.bz2"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXp-$pkgver.tar.bz2
+	0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+	0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+	0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+	0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+	0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch
+	"
 
 _builddir="$srcdir"/libXp-$pkgver
 prepare() {
@@ -23,6 +29,8 @@ prepare() {
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
 		esac
 	done
+	libtoolize --force && aclocal && autoheader && autoconf \
+		&& automake --add-missing
 }
 
 build() {
@@ -42,4 +50,21 @@ package() {
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
 
-md5sums="7ae1d63748e79086bd51a633da1ff1a9  libXp-1.0.1.tar.bz2"
+md5sums="7ae1d63748e79086bd51a633da1ff1a9  libXp-1.0.1.tar.bz2
+dfc36d7aa39348115edbed43e7b3bacd  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+8d99d975ee248d292c57f0539a74f444  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+0affd2550812541d7c6e03b10a882a39  0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+74e9e315a2b7b714c2ebbc69e4478723  0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+59085b08c7ae142238ee20af93836926  0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch"
+sha256sums="71d1f260005616d646b8c8788365f2b7d93911dac57bb53b65753d9f9e6443d2  libXp-1.0.1.tar.bz2
+666273216e13b759e85cf84c345e9253771e729f605987e580ad55b0ad7651a3  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+f128151ebd1206d85c6ee55d1558fb1e3f446a7334466571818850096fec7a87  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+ad96f0031978dd8befa29bde872a8a9b40e4fbfccf42cd22e201f975564db3b6  0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+cbadbece5e73d568826b19b2f743860c8dfe47f4077accffa939cc51a79ead0c  0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+0a597afeab8bd76dcd72fec97efd0a8db12c1dd1d9f431085e061aa1b6ca1f3d  0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch"
+sha512sums="0707256ae344b847f1a5bbf85f9e6e6f926be3bee10858e3c92932ee02007fdb908cb64a6f2ce0de501f99117e4582c1bcf9bc6f921490d42cabbfb997d731bd  libXp-1.0.1.tar.bz2
+5a55658cedbf6ac8d410f19ceed0ef38d65a81ef54e9ffde86ac285c477669d760a1b5c2d9791aff50d48698298bcfdd3290e1b95321c62230809a8a65222127  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+9a94b99f96d03e436450daa40e54d3d091d362e76428a4bc0fdacb38b3582c1a18ad5b1824621282892bc3f9e0964bae2d8e15ccdfc5c27a426f118c7a7336c8  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+48d47a8878f2f3663c1e00091c6190ae9d4b0e08594cfb87d4810e726caf5a138100ef59d0fdb352cb5805ab3268bedde86f20d4637533f81d71451fc0989f20  0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+5b6e0c05209546c6ef29bc6ed9a24b4117d8a4983fc49abf554920d189fd73d97198c4428951177f7b21dcd968d786c98fa5b53d457946e9b79504fc6ed7c9f6  0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+8242840592974a57e98e9c6dfed73031f632dc26b88ba2bf40016c9778955476490eb14766de6a02429ad56066f228d23b3cd9c0772585c020be3b6dec32b522  0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch"