main/libxtst: fix CVE-2013-2063

ref #1931 fixes #1968 (cherry picked from commit ca33affea49de655ea0a1aa27accea11f84df7c1)
author: Natanael Copa <ncopa@alpinelinux.org> 2013-05-27 14:31:43 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-05-27 14:37:26 +0000
commit: 2f5911458fe8d62dab1d3f01e2140015ee63829a (patch)
tree: 8c8c7d910bc4920c6119607ef375c6df6dbd75d1
parent: d1476ec6f4aaced12fc3dc3a4620a0a44fc54fd6 (diff)
download: alpine_aports-2f5911458fe8d62dab1d3f01e2140015ee63829a.tar.bz2
alpine_aports-2f5911458fe8d62dab1d3f01e2140015ee63829a.tar.xz
alpine_aports-2f5911458fe8d62dab1d3f01e2140015ee63829a.zip
3 files changed, 199 insertions, 8 deletions
diff --git a/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch b/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
new file mode 100644
index 0000000000..43fa1e0d76
--- /dev/null
+++ b/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
@@ -0,0 +1,88 @@
+From 46ed6283034b5b7d14584009453f5d974cfacf1e Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 13 Apr 2013 11:05:27 -0700
+Subject: [PATCH 1/2] Use _XEatDataWords to eat data in error cases
+Avoids having to do calculcations based on response contents
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ configure.ac  |  6 ++++++
+ src/XRecord.c | 23 +++++++++++++++++------
+ 2 files changed, 23 insertions(+), 6 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index 7ef0153..d83d4d8 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -47,6 +47,12 @@ XORG_CHECK_SGML_DOCTOOLS(1.8)
+ # Obtain compiler/linker options for depedencies
+ PKG_CHECK_MODULES(XTST, x11 [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto)
+ 
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$XTST_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
+ # Determine if the source for man pages is available
+ # It may already be present (tarball) or can be generated using xmlto
+ AM_CONDITIONAL([INSTALL_MANPAGES],
+diff --git a/src/XRecord.c b/src/XRecord.c
+index b65451c..ba628b6 100644
+--- a/src/XRecord.c
+++ b/src/XRecord.c
+@@ -49,6 +49,9 @@ from The Open Group.
+  * By Stephen Gildea, X Consortium, and Martha Zimet, NCD.
+  */
+ 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+ #include <stdio.h>
+ #include <assert.h>
+ #include <X11/Xlibint.h>
+@@ -56,6 +59,18 @@ from The Open Group.
+ #include <X11/extensions/extutil.h>
+ #include <X11/extensions/recordproto.h>
+ #include <X11/extensions/record.h>
+#include <limits.h>
+
+#ifndef HAVE__XEATDATAWORDS
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+    if (n >= (ULONG_MAX >> 2))
+        _XIOError(dpy);
+# endif
+    _XEatData (dpy, n << 2);
+}
+#endif
+ 
+ static XExtensionInfo _xrecord_info_data;
+ static XExtensionInfo *xrecord_info = &_xrecord_info_data;
+@@ -427,7 +442,7 @@ XRecordGetContext(Display *dpy, XRecordContext context,
+ 
+     ret = (XRecordState*)Xmalloc(sizeof(XRecordState));
+     if (!ret) {
+-       /* XXX - eat data */
+       _XEatDataWords (dpy, rep.length);
+        UnlockDisplay(dpy);
+        SyncHandle();
+        return 0;
+@@ -446,11 +461,7 @@ XRecordGetContext(Display *dpy, XRecordContext context,
+        }
+         if (!client_inf || !client_inf_str)
+         {
+-           for(i = 0; i < count; i++)
+-           {
+-               _XEatData (dpy, sizeof(xRecordClientInfo));
+-                _XEatData (dpy, SIZEOF(xRecordRange)); /* XXX - don't know how many */
+-           }
+          _XEatDataWords (dpy, rep.length);
+           UnlockDisplay(dpy);
+           XRecordFreeState(ret);
+           SyncHandle();
+-- 
+1.8.2.3
diff --git a/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch b/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
new file mode 100644
index 0000000000..661a464fd0
--- /dev/null
+++ b/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
@@ -0,0 +1,81 @@
+From e7e04b7be3f018ad636aba3a36bfc1cd80b9906d Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 13 Apr 2013 11:27:26 -0700
+Subject: [PATCH 2/2] integer overflow in XRecordGetContext() [CVE-2013-2063]
+The nclients and nranges members of the reply are both CARD32 and need
+to be bounds checked before multiplying by the size of the structs to
+avoid integer overflow leading to underallocation and writing data from
+the network past the end of the allocated buffer.
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/XRecord.c | 32 +++++++++++++++++++++-----------
+ 1 file changed, 21 insertions(+), 11 deletions(-)
+diff --git a/src/XRecord.c b/src/XRecord.c
+index ba628b6..5bbd5ac 100644
+--- a/src/XRecord.c
+++ b/src/XRecord.c
+@@ -420,11 +420,9 @@ XRecordGetContext(Display *dpy, XRecordContext context,
+     XExtDisplayInfo    *info = find_display (dpy);
+     register           xRecordGetContextReq    *req;
+     xRecordGetContextReply     rep;
+-    int                        count, i, rn;
+    unsigned int       count, i, rn;
+     xRecordRange       xrange;
+-    XRecordRange       *ranges = NULL;
+     xRecordClientInfo   xclient_inf;
+-    XRecordClientInfo  **client_inf, *client_inf_str = NULL;
+     XRecordState       *ret;
+ 
+     XRecordCheckExtension (dpy, info, 0);
+@@ -454,13 +452,18 @@ XRecordGetContext(Display *dpy, XRecordContext context,
+ 
+     if (count)
+     {
+-       client_inf = (XRecordClientInfo **) Xcalloc(count, sizeof(XRecordClientInfo*));
+-       ret->client_info = client_inf;
+-       if (client_inf != NULL) {
+-           client_inf_str = (XRecordClientInfo *) Xmalloc(count*sizeof(XRecordClientInfo));
+       XRecordClientInfo       **client_inf = NULL;
+       XRecordClientInfo       *client_inf_str = NULL;
+
+       if (count < (INT_MAX / sizeof(XRecordClientInfo))) {
+           client_inf = Xcalloc(count, sizeof(XRecordClientInfo *));
+           if (client_inf != NULL)
+               client_inf_str = Xmalloc(count * sizeof(XRecordClientInfo));
+        }
+       ret->client_info = client_inf;
+         if (!client_inf || !client_inf_str)
+         {
+          free(client_inf);
+           _XEatDataWords (dpy, rep.length);
+           UnlockDisplay(dpy);
+           XRecordFreeState(ret);
+@@ -476,11 +479,18 @@ XRecordGetContext(Display *dpy, XRecordContext context,
+ 
+            if (xclient_inf.nRanges)
+            {
+-               client_inf_str[i].ranges = (XRecordRange**) Xcalloc(xclient_inf.nRanges, sizeof(XRecordRange*));
+-               if (client_inf_str[i].ranges != NULL) {
+-                   ranges = (XRecordRange*)
+-                       Xmalloc(xclient_inf.nRanges * sizeof(XRecordRange));
+               XRecordRange    *ranges = NULL;
+
+               if (xclient_inf.nRanges < (INT_MAX / sizeof(XRecordRange))) {
+                   client_inf_str[i].ranges =
+                       Xcalloc(xclient_inf.nRanges, sizeof(XRecordRange *));
+                   if (client_inf_str[i].ranges != NULL)
+                       ranges =
+                           Xmalloc(xclient_inf.nRanges * sizeof(XRecordRange));
+                }
+               else
+                   client_inf_str[i].ranges = NULL;
+
+                if (!client_inf_str[i].ranges || !ranges) {
+                    /* XXX eat data */
+                    UnlockDisplay(dpy);
+-- 
+1.8.2.3
diff --git a/main/libxtst/APKBUILD b/main/libxtst/APKBUILD
index c4eb84bf9a..c87af4a041 100644
--- a/main/libxtst/APKBUILD
+++ b/main/libxtst/APKBUILD
@@ -1,30 +1,52 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxtst
 pkgver=1.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="X11 Testing -- Resource extension library"
 url="http://xorg.freedesktop.org/"
 arch="all"
 license="custom"
 subpackages="$pkgname-dev $pkgname-doc"
 depends=
-makedepends="pkgconfig libxext-dev libxi-dev recordproto inputproto"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2"
 depends_dev="recordproto libx11-dev libxext-dev inputproto libxi-dev"
+makedepends="$depends_dev libtool autoconf automake util-macros"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2
+        0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+        0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
+        "
-build ()
+_builddir="$srcdir"/libXtst-$pkgver
-{
+prepare() {
-        cd "$srcdir"/libXtst-$pkgver
+        cd "$_builddir"
+        for i in $source; do
+                case $i in
+                *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+                esac
+        done
+        libtoolize --force && aclocal && autoheader && autoconf \
+                && automake --add-missing
+}
+build() {
+        cd "$_builddir"
        ./configure --prefix=/usr \
                --build=${CHOST} --host=${CHOST}
        make || return 1
 }
 package() {
-        cd "$srcdir"/libXtst-$pkgver
+        cd "$_builddir"
        make DESTDIR="$pkgdir" install || return 1
        rm "$pkgdir"/usr/lib/*.la || return 1
        install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
 }
-md5sums="e8abc5c00c666f551cf26aa53819d592  libXtst-1.2.1.tar.bz2"
+md5sums="e8abc5c00c666f551cf26aa53819d592  libXtst-1.2.1.tar.bz2
+ef5006c916511e087973d797a60aaee1  0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+641e6194973b4d324f8278faa821b87a  0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
+sha256sums="7eea3e66e392aca3f9dad6238198753c28e1c32fa4903cbb7739607a2504e5e0  libXtst-1.2.1.tar.bz2
+bba7db9220b8a91b5ca71133af55414851d350e81c6142e74e7c44a3fc57c052  0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+d67b95b9bf1587e48bc4009d1d100ed1ee3a611ed07869bb157290064986db6f  0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
+sha512sums="287c10a761d30acc988399e23de1ecb7c90d8bd4d363cd03cd0a02eb232e37b0943f359fae76a8e68504ccadc2b7c0117bfebee75e00a0b6f58397658f8ebe0d  libXtst-1.2.1.tar.bz2
+0144a420f78f5377acd2548355089596439437d1d19945532428a1cc5f263155f03ebfbba668f9c468525c579aa091d4ddf27006ec4d55246bd045a7e6ff9739  0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
+730a9ad7c8aafd8f161bf7cbbd4bbd2c62d4fc6cf50a69f5575a4c52e9a2d712e36bb4e3b9325f628a2f71115ce8797ac93aa7bf023d0abe7ba3603f33f47e81  0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-05-27 14:31:43 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-05-27 14:37:26 +0000
commit	2f5911458fe8d62dab1d3f01e2140015ee63829a (patch)
tree	8c8c7d910bc4920c6119607ef375c6df6dbd75d1
parent	d1476ec6f4aaced12fc3dc3a4620a0a44fc54fd6 (diff)
download	alpine_aports-2f5911458fe8d62dab1d3f01e2140015ee63829a.tar.bz2 alpine_aports-2f5911458fe8d62dab1d3f01e2140015ee63829a.tar.xz alpine_aports-2f5911458fe8d62dab1d3f01e2140015ee63829a.zip

diff --git a/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch b/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch new file mode 100644 index 0000000000..43fa1e0d76 --- /dev/null +++ b/main/libxtst/0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
@@ -0,0 +1,88 @@
		1	From 46ed6283034b5b7d14584009453f5d974cfacf1e Mon Sep 17 00:00:00 2001
		2	From: Alan Coopersmith <alan.coopersmith@oracle.com>
		3	Date: Sat, 13 Apr 2013 11:05:27 -0700
		4	Subject: [PATCH 1/2] Use _XEatDataWords to eat data in error cases
		5
		6	Avoids having to do calculcations based on response contents
		7
		8	Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
		9	---
		10	configure.ac \| 6 ++++++
		11	src/XRecord.c \| 23 +++++++++++++++++------
		12	2 files changed, 23 insertions(+), 6 deletions(-)
		13
		14	diff --git a/configure.ac b/configure.ac
		15	index 7ef0153..d83d4d8 100644
		16	--- a/configure.ac
		17	+++ b/configure.ac
		18	@@ -47,6 +47,12 @@ XORG_CHECK_SGML_DOCTOOLS(1.8)
		19	# Obtain compiler/linker options for depedencies
		20	PKG_CHECK_MODULES(XTST, x11 [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto)
		21
		22	+# Check for _XEatDataWords function that may be patched into older Xlib release
		23	+SAVE_LIBS="$LIBS"
		24	+LIBS="$XTST_LIBS"
		25	+AC_CHECK_FUNCS([_XEatDataWords])
		26	+LIBS="$SAVE_LIBS"
		27	+
		28	# Determine if the source for man pages is available
		29	# It may already be present (tarball) or can be generated using xmlto
		30	AM_CONDITIONAL([INSTALL_MANPAGES],
		31	diff --git a/src/XRecord.c b/src/XRecord.c
		32	index b65451c..ba628b6 100644
		33	--- a/src/XRecord.c
		34	+++ b/src/XRecord.c
		35	@@ -49,6 +49,9 @@ from The Open Group.
		36	* By Stephen Gildea, X Consortium, and Martha Zimet, NCD.
		37	*/
		38
		39	+#ifdef HAVE_CONFIG_H
		40	+#include <config.h>
		41	+#endif
		42	#include <stdio.h>
		43	#include <assert.h>
		44	#include <X11/Xlibint.h>
		45	@@ -56,6 +59,18 @@ from The Open Group.
		46	#include <X11/extensions/extutil.h>
		47	#include <X11/extensions/recordproto.h>
		48	#include <X11/extensions/record.h>
		49	+#include <limits.h>
		50	+
		51	+#ifndef HAVE__XEATDATAWORDS
		52	+static inline void _XEatDataWords(Display *dpy, unsigned long n)
		53	+{
		54	+# ifndef LONG64
		55	+ if (n >= (ULONG_MAX >> 2))
		56	+ _XIOError(dpy);
		57	+# endif
		58	+ _XEatData (dpy, n << 2);
		59	+}
		60	+#endif
		61
		62	static XExtensionInfo _xrecord_info_data;
		63	static XExtensionInfo *xrecord_info = &_xrecord_info_data;
		64	@@ -427,7 +442,7 @@ XRecordGetContext(Display *dpy, XRecordContext context,
		65
		66	ret = (XRecordState*)Xmalloc(sizeof(XRecordState));
		67	if (!ret) {
		68	- /* XXX - eat data */
		69	+ _XEatDataWords (dpy, rep.length);
		70	UnlockDisplay(dpy);
		71	SyncHandle();
		72	return 0;
		73	@@ -446,11 +461,7 @@ XRecordGetContext(Display *dpy, XRecordContext context,
		74	}
		75	if (!client_inf \|\| !client_inf_str)
		76	{
		77	- for(i = 0; i < count; i++)
		78	- {
		79	- _XEatData (dpy, sizeof(xRecordClientInfo));
		80	- _XEatData (dpy, SIZEOF(xRecordRange)); /* XXX - don't know how many */
		81	- }
		82	+ _XEatDataWords (dpy, rep.length);
		83	UnlockDisplay(dpy);
		84	XRecordFreeState(ret);
		85	SyncHandle();
		86	--
		87	1.8.2.3
		88


diff --git a/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch b/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch new file mode 100644 index 0000000000..661a464fd0 --- /dev/null +++ b/main/libxtst/0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
@@ -0,0 +1,81 @@
		1	From e7e04b7be3f018ad636aba3a36bfc1cd80b9906d Mon Sep 17 00:00:00 2001
		2	From: Alan Coopersmith <alan.coopersmith@oracle.com>
		3	Date: Sat, 13 Apr 2013 11:27:26 -0700
		4	Subject: [PATCH 2/2] integer overflow in XRecordGetContext() [CVE-2013-2063]
		5
		6	The nclients and nranges members of the reply are both CARD32 and need
		7	to be bounds checked before multiplying by the size of the structs to
		8	avoid integer overflow leading to underallocation and writing data from
		9	the network past the end of the allocated buffer.
		10
		11	Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
		12	---
		13	src/XRecord.c \| 32 +++++++++++++++++++++-----------
		14	1 file changed, 21 insertions(+), 11 deletions(-)
		15
		16	diff --git a/src/XRecord.c b/src/XRecord.c
		17	index ba628b6..5bbd5ac 100644
		18	--- a/src/XRecord.c
		19	+++ b/src/XRecord.c
		20	@@ -420,11 +420,9 @@ XRecordGetContext(Display *dpy, XRecordContext context,
		21	XExtDisplayInfo *info = find_display (dpy);
		22	register xRecordGetContextReq *req;
		23	xRecordGetContextReply rep;
		24	- int count, i, rn;
		25	+ unsigned int count, i, rn;
		26	xRecordRange xrange;
		27	- XRecordRange *ranges = NULL;
		28	xRecordClientInfo xclient_inf;
		29	- XRecordClientInfo *client_inf, client_inf_str = NULL;
		30	XRecordState *ret;
		31
		32	XRecordCheckExtension (dpy, info, 0);
		33	@@ -454,13 +452,18 @@ XRecordGetContext(Display *dpy, XRecordContext context,
		34
		35	if (count)
		36	{
		37	- client_inf = (XRecordClientInfo *) Xcalloc(count, sizeof(XRecordClientInfo));
		38	- ret->client_info = client_inf;
		39	- if (client_inf != NULL) {
		40	- client_inf_str = (XRecordClientInfo ) Xmalloc(countsizeof(XRecordClientInfo));
		41	+ XRecordClientInfo **client_inf = NULL;
		42	+ XRecordClientInfo *client_inf_str = NULL;
		43	+
		44	+ if (count < (INT_MAX / sizeof(XRecordClientInfo))) {
		45	+ client_inf = Xcalloc(count, sizeof(XRecordClientInfo *));
		46	+ if (client_inf != NULL)
		47	+ client_inf_str = Xmalloc(count * sizeof(XRecordClientInfo));
		48	}
		49	+ ret->client_info = client_inf;
		50	if (!client_inf \|\| !client_inf_str)
		51	{
		52	+ free(client_inf);
		53	_XEatDataWords (dpy, rep.length);
		54	UnlockDisplay(dpy);
		55	XRecordFreeState(ret);
		56	@@ -476,11 +479,18 @@ XRecordGetContext(Display *dpy, XRecordContext context,
		57
		58	if (xclient_inf.nRanges)
		59	{
		60	- client_inf_str[i].ranges = (XRecordRange*) Xcalloc(xclient_inf.nRanges, sizeof(XRecordRange));
		61	- if (client_inf_str[i].ranges != NULL) {
		62	- ranges = (XRecordRange*)
		63	- Xmalloc(xclient_inf.nRanges * sizeof(XRecordRange));
		64	+ XRecordRange *ranges = NULL;
		65	+
		66	+ if (xclient_inf.nRanges < (INT_MAX / sizeof(XRecordRange))) {
		67	+ client_inf_str[i].ranges =
		68	+ Xcalloc(xclient_inf.nRanges, sizeof(XRecordRange *));
		69	+ if (client_inf_str[i].ranges != NULL)
		70	+ ranges =
		71	+ Xmalloc(xclient_inf.nRanges * sizeof(XRecordRange));
		72	}
		73	+ else
		74	+ client_inf_str[i].ranges = NULL;
		75	+
		76	if (!client_inf_str[i].ranges \|\| !ranges) {
		77	/* XXX eat data */
		78	UnlockDisplay(dpy);
		79	--
		80	1.8.2.3
		81


diff --git a/main/libxtst/APKBUILD b/main/libxtst/APKBUILD index c4eb84bf9a..c87af4a041 100644 --- a/main/libxtst/APKBUILD +++ b/main/libxtst/APKBUILD
@@ -1,30 +1,52 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=libxtst	2	pkgname=libxtst
3	pkgver=1.2.1	3	pkgver=1.2.1
4	pkgrel=0	4	pkgrel=1
5	pkgdesc="X11 Testing -- Resource extension library"	5	pkgdesc="X11 Testing -- Resource extension library"
6	url="http://xorg.freedesktop.org/"	6	url="http://xorg.freedesktop.org/"
7	arch="all"	7	arch="all"
8	license="custom"	8	license="custom"
9	subpackages="$pkgname-dev $pkgname-doc"	9	subpackages="$pkgname-dev $pkgname-doc"
10	depends=	10	depends=
11	makedepends="pkgconfig libxext-dev libxi-dev recordproto inputproto"
12	source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2"
13	depends_dev="recordproto libx11-dev libxext-dev inputproto libxi-dev"	11	depends_dev="recordproto libx11-dev libxext-dev inputproto libxi-dev"
		12	makedepends="$depends_dev libtool autoconf automake util-macros"
		13	source="http://xorg.freedesktop.org/releases/individual/lib/libXtst-$pkgver.tar.bz2
		14	0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
		15	0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch
		16	"
14		17
15	build ()	18	_builddir="$srcdir"/libXtst-$pkgver
16	{	19	prepare() {
17	cd "$srcdir"/libXtst-$pkgver	20	cd "$_builddir"
		21	for i in $source; do
		22	case $i in
		23	*.patch) msg $i; patch -p1 -i "$srcdir"/$i \|\| return 1;;
		24	esac
		25	done
		26	libtoolize --force && aclocal && autoheader && autoconf \
		27	&& automake --add-missing
		28	}
		29
		30	build() {
		31	cd "$_builddir"
18	./configure --prefix=/usr \	32	./configure --prefix=/usr \
19	--build=${CHOST} --host=${CHOST}	33	--build=${CHOST} --host=${CHOST}
20	make \|\| return 1	34	make \|\| return 1
21	}	35	}
22		36
23	package() {	37	package() {
24	cd "$srcdir"/libXtst-$pkgver	38	cd "$_builddir"
25	make DESTDIR="$pkgdir" install \|\| return 1	39	make DESTDIR="$pkgdir" install \|\| return 1
26	rm "$pkgdir"/usr/lib/*.la \|\| return 1	40	rm "$pkgdir"/usr/lib/*.la \|\| return 1
27	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE	41	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
28	}	42	}
29		43
30	md5sums="e8abc5c00c666f551cf26aa53819d592 libXtst-1.2.1.tar.bz2"	44	md5sums="e8abc5c00c666f551cf26aa53819d592 libXtst-1.2.1.tar.bz2
		45	ef5006c916511e087973d797a60aaee1 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
		46	641e6194973b4d324f8278faa821b87a 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
		47	sha256sums="7eea3e66e392aca3f9dad6238198753c28e1c32fa4903cbb7739607a2504e5e0 libXtst-1.2.1.tar.bz2
		48	bba7db9220b8a91b5ca71133af55414851d350e81c6142e74e7c44a3fc57c052 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
		49	d67b95b9bf1587e48bc4009d1d100ed1ee3a611ed07869bb157290064986db6f 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"
		50	sha512sums="287c10a761d30acc988399e23de1ecb7c90d8bd4d363cd03cd0a02eb232e37b0943f359fae76a8e68504ccadc2b7c0117bfebee75e00a0b6f58397658f8ebe0d libXtst-1.2.1.tar.bz2
		51	0144a420f78f5377acd2548355089596439437d1d19945532428a1cc5f263155f03ebfbba668f9c468525c579aa091d4ddf27006ec4d55246bd045a7e6ff9739 0001-Use-_XEatDataWords-to-eat-data-in-error-cases.patch
		52	730a9ad7c8aafd8f161bf7cbbd4bbd2c62d4fc6cf50a69f5575a4c52e9a2d712e36bb4e3b9325f628a2f71115ce8797ac93aa7bf023d0abe7ba3603f33f47e81 0002-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch"