Commit 1d7e3d39 authored by Natanael Copa's avatar Natanael Copa

main/libxrandr: upgrade to 1.4.1

parent 35abd83d
From 99a63d10cbbab7d69a52d25d78795a3278506ea9 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 18 Jan 2013 23:14:01 -0800
Subject: [PATCH 1/7] Replace deprecated Automake INCLUDES variable with
AM_CPPFLAGS
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
- Support for the long-deprecated INCLUDES variable will be removed
altogether in Automake 1.14. The AM_CPPFLAGS variable should be
used instead.
This variable was deprecated in Automake releases prior to 1.10, which is
the current minimum level required to build X.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 7a47b9c..2113846 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,7 +19,7 @@ AM_CFLAGS = \
$(MALLOC_ZERO_CFLAGS) \
$(CWARNFLAGS)
-INCLUDES = -I$(top_srcdir)/include/X11/extensions
+AM_CPPFLAGS = -I$(top_srcdir)/include/X11/extensions
libXrandr_la_LDFLAGS = -version-number 2:2:0 -no-undefined
--
1.8.2.3
From 1c7ad6773ce6be00dcd6e51e9be08f203abe5071 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 3 May 2013 23:29:22 -0700
Subject: [PATCH 2/7] Use _XEatDataWords to avoid overflow of rep.length bit
shifting
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
configure.ac | 6 ++++++
src/Xrandrint.h | 13 +++++++++++++
src/XrrCrtc.c | 6 +++---
src/XrrOutput.c | 2 +-
src/XrrProperty.c | 9 ++++-----
src/XrrProvider.c | 4 ++--
src/XrrProviderProperty.c | 9 ++++-----
src/XrrScreen.c | 2 +-
8 files changed, 34 insertions(+), 17 deletions(-)
diff --git a/configure.ac b/configure.ac
index 3f28bef..8466999 100644
--- a/configure.ac
+++ b/configure.ac
@@ -55,6 +55,12 @@ AC_SUBST(RANDR_VERSION)
# Obtain compiler/linker options for depedencies
PKG_CHECK_MODULES(RANDR, x11 randrproto >= $RANDR_VERSION xext xextproto xrender renderproto)
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$RANDR_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
AC_CONFIG_FILES([Makefile
src/Makefile
man/Makefile
diff --git a/src/Xrandrint.h b/src/Xrandrint.h
index aed10e4..1687c29 100644
--- a/src/Xrandrint.h
+++ b/src/Xrandrint.h
@@ -42,6 +42,19 @@ extern char XRRExtensionName[];
XExtDisplayInfo *XRRFindDisplay (Display *dpy);
+#ifndef HAVE__XEATDATAWORDS
+#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */
+#include <limits.h>
+
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+ if (n >= (ULONG_MAX >> 2))
+ _XIOError(dpy);
+# endif
+ _XEatData (dpy, n << 2);
+}
+#endif
/* deliberately opaque internal data structure; can be extended,
but not reordered */
diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
index 04087c5..a704a52 100644
--- a/src/XrrCrtc.c
+++ b/src/XrrCrtc.c
@@ -74,7 +74,7 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
xci = (XRRCrtcInfo *) Xmalloc(rbytes);
if (xci == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
@@ -203,7 +203,7 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
if (!crtc_gamma)
{
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords (dpy, rep.length);
goto out;
}
_XRead16 (dpy, crtc_gamma->red, rep.size * 2);
@@ -397,7 +397,7 @@ XRRGetCrtcTransform (Display *dpy,
int extraBytes = rep.length * 4 - CrtcTransformExtra;
extra = Xmalloc (extraBytes);
if (!extra) {
- _XEatData (dpy, extraBytes);
+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
UnlockDisplay (dpy);
SyncHandle ();
return False;
diff --git a/src/XrrOutput.c b/src/XrrOutput.c
index f13a932..4df894e 100644
--- a/src/XrrOutput.c
+++ b/src/XrrOutput.c
@@ -81,7 +81,7 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output)
xoi = (XRROutputInfo *) Xmalloc(rbytes);
if (xoi == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
diff --git a/src/XrrProperty.c b/src/XrrProperty.c
index 4c3fdb0..2b065b2 100644
--- a/src/XrrProperty.c
+++ b/src/XrrProperty.c
@@ -62,7 +62,7 @@ XRRListOutputProperties (Display *dpy, RROutput output, int *nprop)
props = (Atom *) Xmalloc (rbytes);
if (props == NULL) {
- _XEatData (dpy, nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
*nprop = 0;
@@ -107,7 +107,7 @@ XRRQueryOutputProperty (Display *dpy, RROutput output, Atom property)
prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
if (prop_info == NULL) {
- _XEatData (dpy, nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
@@ -313,14 +313,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
* This part of the code should never be reached. If it is,
* the server sent back a property with an invalid format.
*/
- nbytes = rep.length << 2;
- _XEatData(dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
return(BadImplementation);
}
if (! *prop) {
- _XEatData(dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
return(BadAlloc);
diff --git a/src/XrrProvider.c b/src/XrrProvider.c
index fcd06ff..309e321 100644
--- a/src/XrrProvider.c
+++ b/src/XrrProvider.c
@@ -67,7 +67,7 @@ XRRGetProviderResources(Display *dpy, Window window)
xrpr = (XRRProviderResources *) Xmalloc(rbytes);
if (xrpr == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
@@ -136,7 +136,7 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi
xpi = (XRRProviderInfo *)Xmalloc(rbytes);
if (xpi == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
index c8c08e9..2d90a0a 100644
--- a/src/XrrProviderProperty.c
+++ b/src/XrrProviderProperty.c
@@ -62,7 +62,7 @@ XRRListProviderProperties (Display *dpy, RRProvider provider, int *nprop)
props = (Atom *) Xmalloc (rbytes);
if (props == NULL) {
- _XEatData (dpy, nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
*nprop = 0;
@@ -107,7 +107,7 @@ XRRQueryProviderProperty (Display *dpy, RRProvider provider, Atom property)
prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
if (prop_info == NULL) {
- _XEatData (dpy, nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
@@ -313,14 +313,13 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
* This part of the code should never be reached. If it is,
* the server sent back a property with an invalid format.
*/
- nbytes = rep.length << 2;
- _XEatData(dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
return(BadImplementation);
}
if (! *prop) {
- _XEatData(dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
return(BadAlloc);
diff --git a/src/XrrScreen.c b/src/XrrScreen.c
index f830913..08710b6 100644
--- a/src/XrrScreen.c
+++ b/src/XrrScreen.c
@@ -129,7 +129,7 @@ doGetScreenResources (Display *dpy, Window window, int poll)
if (xrsr == NULL || wire_names == NULL) {
if (xrsr) Xfree (xrsr);
if (wire_names) Xfree (wire_names);
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
--
1.8.2.3
From 0e79d96c36aef5889ae2e2a3fc2e96e93f30dc21 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 12 Apr 2013 21:44:59 -0700
Subject: [PATCH 3/7] integer overflow in XRRQueryOutputProperty()
[CVE-2013-1986 1/4]
rep.length is a CARD32, while rbytes was a signed int, so
rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long);
could result in integer overflow, leading to an undersized malloc
and reading data off the connection and writing it past the end of
the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/XrrProperty.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/XrrProperty.c b/src/XrrProperty.c
index 2b065b2..50382bf 100644
--- a/src/XrrProperty.c
+++ b/src/XrrProperty.c
@@ -31,6 +31,7 @@
#include <X11/extensions/render.h>
#include <X11/extensions/Xrender.h>
#include "Xrandrint.h"
+#include <limits.h>
Atom *
XRRListOutputProperties (Display *dpy, RROutput output, int *nprop)
@@ -84,7 +85,7 @@ XRRQueryOutputProperty (Display *dpy, RROutput output, Atom property)
XExtDisplayInfo *info = XRRFindDisplay(dpy);
xRRQueryOutputPropertyReply rep;
xRRQueryOutputPropertyReq *req;
- int rbytes, nbytes;
+ unsigned int rbytes, nbytes;
XRRPropertyInfo *prop_info;
RRCheckExtension (dpy, info, NULL);
@@ -102,10 +103,14 @@ XRRQueryOutputProperty (Display *dpy, RROutput output, Atom property)
return NULL;
}
- rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long);
- nbytes = rep.length << 2;
+ if (rep.length < ((INT_MAX / sizeof(long)) - sizeof (XRRPropertyInfo))) {
+ rbytes = sizeof (XRRPropertyInfo) + (rep.length * sizeof (long));
+ nbytes = rep.length << 2;
+
+ prop_info = Xmalloc (rbytes);
+ } else
+ prop_info = NULL;
- prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
if (prop_info == NULL) {
_XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
--
1.8.2.3
From 1da5b838c2a8565d4d95a4e948f951ce6b466345 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 12 Apr 2013 21:44:59 -0700
Subject: [PATCH 4/7] integer overflow in XRRQueryProviderProperty()
[CVE-2013-1986 2/4]
Same problem as XRRQueryOutputProperty() that it was cloned from
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/XrrProviderProperty.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
index 2d90a0a..dc699f6 100644
--- a/src/XrrProviderProperty.c
+++ b/src/XrrProviderProperty.c
@@ -31,6 +31,7 @@
#include <X11/extensions/render.h>
#include <X11/extensions/Xrender.h>
#include "Xrandrint.h"
+#include <limits.h>
Atom *
XRRListProviderProperties (Display *dpy, RRProvider provider, int *nprop)
@@ -84,7 +85,7 @@ XRRQueryProviderProperty (Display *dpy, RRProvider provider, Atom property)
XExtDisplayInfo *info = XRRFindDisplay(dpy);
xRRQueryProviderPropertyReply rep;
xRRQueryProviderPropertyReq *req;
- int rbytes, nbytes;
+ unsigned int rbytes, nbytes;
XRRPropertyInfo *prop_info;
RRCheckExtension (dpy, info, NULL);
@@ -102,10 +103,14 @@ XRRQueryProviderProperty (Display *dpy, RRProvider provider, Atom property)
return NULL;
}
- rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long);
- nbytes = rep.length << 2;
+ if (rep.length < ((INT_MAX / sizeof(long)) - sizeof (XRRPropertyInfo))) {
+ rbytes = sizeof (XRRPropertyInfo) + (rep.length * sizeof (long));
+ nbytes = rep.length << 2;
+
+ prop_info = Xmalloc (rbytes);
+ } else
+ prop_info = NULL;
- prop_info = (XRRPropertyInfo *) Xmalloc (rbytes);
if (prop_info == NULL) {
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
--
1.8.2.3
From 289a1927949e6f278c18d115772e454837702e35 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 4 May 2013 21:37:49 -0700
Subject: [PATCH 5/7] integer overflow in XRRGetOutputProperty() [CVE-2013-1986
3/4]
If the reported number of properties is too large, the calculations
to allocate memory for them may overflow, leaving us returning less
memory to the caller than implied by the value written to *nitems.
(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/XrrProperty.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/XrrProperty.c b/src/XrrProperty.c
index 50382bf..707a28d 100644
--- a/src/XrrProperty.c
+++ b/src/XrrProperty.c
@@ -257,7 +257,7 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
XExtDisplayInfo *info = XRRFindDisplay(dpy);
xRRGetOutputPropertyReply rep;
xRRGetOutputPropertyReq *req;
- long nbytes, rbytes;
+ unsigned long nbytes, rbytes;
RRCheckExtension (dpy, info, 1);
@@ -282,34 +282,40 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
*prop = (unsigned char *) NULL;
if (rep.propertyType != None) {
+ int format = rep.format;
+
+ /*
+ * Protect against both integer overflow and just plain oversized
+ * memory allocation - no server should ever return this many props.
+ */
+ if (rep.nItems >= (INT_MAX >> 4))
+ format = -1; /* fall through to default error case */
+
/*
* One extra byte is malloced than is needed to contain the property
* data, but this last byte is null terminated and convenient for
* returning string properties, so the client doesn't then have to
* recopy the string to make it null terminated.
*/
- switch (rep.format) {
+ switch (format) {
case 8:
nbytes = rep.nItems;
rbytes = rep.nItems + 1;
- if (rbytes > 0 &&
- (*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
+ if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
_XReadPad (dpy, (char *) *prop, nbytes);
break;
case 16:
nbytes = rep.nItems << 1;
rbytes = rep.nItems * sizeof (short) + 1;
- if (rbytes > 0 &&
- (*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
+ if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
_XRead16Pad (dpy, (short *) *prop, nbytes);
break;
case 32:
nbytes = rep.nItems << 2;
rbytes = rep.nItems * sizeof (long) + 1;
- if (rbytes > 0 &&
- (*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
+ if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
_XRead32 (dpy, (long *) *prop, nbytes);
break;
--
1.8.2.3
From 4254bf0ee4c7a8f9d03841cf0d8e16cbb201dfbd Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 4 May 2013 21:37:49 -0700
Subject: [PATCH 6/7] integer overflow in XRRGetProviderProperty()
[CVE-2013-1986 4/4]
If the reported number of properties is too large, the calculations
to allocate memory for them may overflow, leaving us returning less
memory to the caller than implied by the value written to *nitems.
(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/XrrProviderProperty.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
index dc699f6..6989580 100644
--- a/src/XrrProviderProperty.c
+++ b/src/XrrProviderProperty.c
@@ -257,7 +257,7 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
XExtDisplayInfo *info = XRRFindDisplay(dpy);
xRRGetProviderPropertyReply rep;
xRRGetProviderPropertyReq *req;
- long nbytes, rbytes;
+ unsigned long nbytes, rbytes;
RRCheckExtension (dpy, info, 1);
@@ -282,34 +282,40 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
*prop = (unsigned char *) NULL;
if (rep.propertyType != None) {
+ int format = rep.format;
+
+ /*
+ * Protect against both integer overflow and just plain oversized
+ * memory allocation - no server should ever return this many props.
+ */
+ if (rep.nItems >= (INT_MAX >> 4))
+ format = -1; /* fall through to default error case */
+
/*
* One extra byte is malloced than is needed to contain the property
* data, but this last byte is null terminated and convenient for
* returning string properties, so the client doesn't then have to
* recopy the string to make it null terminated.
*/
- switch (rep.format) {
+ switch (format) {
case 8:
nbytes = rep.nItems;
rbytes = rep.nItems + 1;
- if (rbytes > 0 &&
- (*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
+ if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
_XReadPad (dpy, (char *) *prop, nbytes);
break;
case 16:
nbytes = rep.nItems << 1;
rbytes = rep.nItems * sizeof (short) + 1;
- if (rbytes > 0 &&
- (*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
+ if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
_XRead16Pad (dpy, (short *) *prop, nbytes);
break;
case 32:
nbytes = rep.nItems << 2;
rbytes = rep.nItems * sizeof (long) + 1;
- if (rbytes > 0 &&
- (*prop = (unsigned char *) Xmalloc ((unsigned)rbytes)))
+ if (rbytes > 0 && (*prop = Xmalloc (rbytes)))
_XRead32 (dpy, (long *) *prop, nbytes);
break;
--
1.8.2.3
From c90f74497dbcb96854346435349c6e2207b530c5 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 4 May 2013 21:47:50 -0700
Subject: [PATCH 7/7] Make XRRGet*Property() always initialize returned values
Avoids memory corruption and other errors when callers access them
without checking to see if the calls returned an error value.
Callers are still required to check for errors, this just reduces the
damage when they don't.
(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/XrrProperty.c | 8 +++++++-
src/XrrProviderProperty.c | 8 +++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/XrrProperty.c b/src/XrrProperty.c
index 707a28d..2096c56 100644
--- a/src/XrrProperty.c
+++ b/src/XrrProperty.c
@@ -259,6 +259,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
xRRGetOutputPropertyReq *req;
unsigned long nbytes, rbytes;
+ /* Always initialize return values, in case callers fail to initialize
+ them and fail to check the return code for an error. */
+ *actual_type = None;
+ *actual_format = 0;
+ *nitems = *bytes_after = 0L;
+ *prop = (unsigned char *) NULL;
+
RRCheckExtension (dpy, info, 1);
LockDisplay (dpy);
@@ -280,7 +287,6 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
return ((xError *)&rep)->errorCode;
}
- *prop = (unsigned char *) NULL;
if (rep.propertyType != None) {
int format = rep.format;
diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
index 6989580..34cc082 100644
--- a/src/XrrProviderProperty.c
+++ b/src/XrrProviderProperty.c
@@ -259,6 +259,13 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
xRRGetProviderPropertyReq *req;
unsigned long nbytes, rbytes;
+ /* Always initialize return values, in case callers fail to initialize
+ them and fail to check the return code for an error. */
+ *actual_type = None;
+ *actual_format = 0;
+ *nitems = *bytes_after = 0L;
+ *prop = (unsigned char *) NULL;
+
RRCheckExtension (dpy, info, 1);
LockDisplay (dpy);
@@ -280,7 +287,6 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
return ((xError *)&rep)->errorCode;
}
- *prop = (unsigned char *) NULL;
if (rep.propertyType != None) {
int format = rep.format;
--
1.8.2.3
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libxrandr
pkgver=1.4.0
pkgrel=1
pkgver=1.4.1
pkgrel=0
pkgdesc="X11 RandR extension library"
url="http://xorg.freedesktop.org/"
arch="all"
......@@ -9,15 +9,8 @@ license="custom"
subpackages="$pkgname-dev $pkgname-doc"
depends=
depends_dev="xproto randrproto libx11-dev libxext-dev libxrender-dev"
makedepends="$depends_dev libtool autoconf automake util-macros"
makedepends="$depends_dev"
source="http://xorg.freedesktop.org/releases/individual/lib/libXrandr-$pkgver.tar.bz2
0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
0007-Make-XRRGet-Property-always-initialize-returned-valu.patch
"
......@@ -29,8 +22,6 @@ prepare() {
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
libtoolize --force && aclocal && autoheader && autoconf \
&& automake --add-missing
}
build() {
......@@ -47,27 +38,6 @@ package() {
rm "$pkgdir"/usr/lib/*.la || return 1
install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
md5sums="0c843636124cc1494e3d87df16957672 libXrandr-1.4.0.tar.bz2
d40ab63148e3a7c31f3548097c48d507 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
f79a519bdf980c7ef92e18aa3a2c16ca 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
41e672b46e9e3d25c8eb2e86cea29ed1 0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
e2bb9968f01fc41f53e6457f60bdfae0 0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
7d65549f48058f8f9bf9e527d03bbb08 0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
486e84c4089b4f5120cbbc605e732f5b 0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
0883bd4a4e0360e54968f9e4887c03c8 0007-Make-XRRGet-Property-always-initialize-returned-valu.patch"
sha256sums="033ad0ac2f012afb05268660f6d78705c85f84689f92fa7b47ce12959b15f5c3 libXrandr-1.4.0.tar.bz2
fc55395c3a275b9c2bce1cd17caf3963b57afb424e95504cf84ed3ab3bf58e19 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
7ca77f1f0e5f7a1febc76e2957c3705d6378c1af6944616735bacc194bc81097 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
847f2b8da4e9d9346d273fd541830a0d6d457857cea576394c2117c5dcbcf356 0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
a537b5ca75a88c5b1ccc862775e4512fb57c4665eb6245c59b3160250ac02ba8 0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
2b84742ed038b96625cc0486e47e3b85e6bd9700a8095b7b65d9dc8a93087dfc 0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
8daabc77bfbcef87d7e52478306fd2774b0c3b59afc7d002d413c7fd6598b93c 0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
03b9c156b04cbe934978983e6a4fff427fd9230b39408b20bbdb4768a7a06bb4 0007-Make-XRRGet-Property-always-initialize-returned-valu.patch"
sha512sums="a97f2442c7f73786e5d3fae9a98b172ac1cb17b1584a7bad243128fc755b25a41cc7e32ceed10eb8eac733ff137b95504485967716f0122edf6682db6065a289 libXrandr-1.4.0.tar.bz2
11584e52674a6d1216d5586f578962464f8e6942653a3bce7ddf3af27ea28d604e9ce989635b1db051147f5046ed0593601d74277a86c2776e84ff1c5350a9df 0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
ce19127f19d5b932b68de1f336335587bdda4db791b20d26488dcba00a9e303832c679033e59d1f2602f24c8519fe909c24199226ab2b651863b60a7a1e2a5c6 0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
228c64d64c839682cb7523cd6dd9153d0acf76e7d9e88a7e73c24bc4536b9dcbf5a500d7fd33ba373f605a0e9d0a770899c1b44a25f9d7468db6de46d0702152 0003-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch
1784174229c46575431eb6a0e05ccac631c3d843ed2742cd89ec8f28866c0e10881ab1c1e30fab5831ba0cb066ece0debbbeb98c7bb4a528768dd8342f42f7b2 0004-integer-overflow-in-XRRQueryProviderProperty-CVE-201.patch
14d508d519ca972ee6e521597b16663e78b3f44bcbada97d6ba797cec2b09392daeaf673e02670af0d0f6f71ac5c8e8cb8aa75546ec46cb92ecb6f9190990bca 0005-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch
ec6996991010498de70ad69d55d8a7b2bb5f5f751af567d6be385166d485e145920356a9a3b87603be924121e0202251f6dca96c1af2bd6328961c5fa286d8d1 0006-integer-overflow-in-XRRGetProviderProperty-CVE-2013-.patch
0d7804c66749090a72bd52297948b7b27c51d77773e57d62e905a7b45d349a77c9857933d85a9e22ce9a2d249ed6ed492fc80040193652ddebe47bd7c558562e 0007-Make-XRRGet-Property-always-initialize-returned-valu.patch"
md5sums="8dbac4e972348dcbd3a0673ce2e37919 libXrandr-1.4.1.tar.bz2"
sha256sums="d914a0490fd0a2ea6c3194505b5b28c56e2a277d8f4648b0275ee0ee370fb905 libXrandr-1.4.1.tar.bz2"
sha512sums="73ceca5a1ff56e886a95fbfa250ccec49e5d847e3a6d1dd6bb38462ee30724e838706caa41caa536a87ed2811fdff8fa7d1120fde656a05699830ff978ebd1ad libXrandr-1.4.1.tar.bz2"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment