xorg-server: A few fixups

Add the CVE patch from portage for 1.13.4-r1 and also fix the append-cflags line from mr_science to append cflags correctly now.
author: Steev Klimaszewski <steev@gentoo.org> 2013-12-08 04:07:52 -0600
committer: Steev Klimaszewski <steev@gentoo.org> 2013-12-08 04:07:52 -0600
commit: e61da5d488417f1c8a47272ef7e33546ecebae6b (patch)
tree: 03cfe9e56a12d385ffde88b74e1e3a3f679160bf /x11-base
parent: Merge pull request #1 from sarnold/dev (diff)
download: arm-e61da5d488417f1c8a47272ef7e33546ecebae6b.tar.gz
arm-e61da5d488417f1c8a47272ef7e33546ecebae6b.tar.bz2
arm-e61da5d488417f1c8a47272ef7e33546ecebae6b.zip
3 files changed, 79 insertions, 2 deletions
diff --git a/x11-base/xorg-server/Manifest b/x11-base/xorg-server/Manifest
index 3902d03..4433ad4 100644
--- a/x11-base/xorg-server/Manifest
+++ b/x11-base/xorg-server/Manifest
@@ -3,9 +3,10 @@ AUX 1.11.99.902-xserver-bg-none-root.patch 3357 SHA256 2d538e698714c4c01e4d28a09
 AUX xdm-setup.initd-1 346 SHA256 942ce5e8d1a0770543b683dcc388bae7619a24eb9741c1cd678ed3df97c01406 SHA512 b12ef1a757213c2df2d4fb50691695fdaf00ee9edb7d4ec551980c48b6eb05598d3eda0db543719a11a82b019939fb4af82a19813d238a725dcc0d818379103e WHIRLPOOL 28a033355ec3871eba2dfdf45969e9ac354d8ae542dcb1449901af856b9c26314318f6a91cec81f2548caaede19d88e14eac2de0fd7dab8957a7358e94a594b2
 AUX xdm.confd-4 562 SHA256 9d26b72bb28611a60a6b9f942b8d8cfe47b59f926be89af9709b5912668344d8 SHA512 facfb91c0b4e0b1cae86b707d263523215633720e1e8f4595639411f936907b321643e8a06111dd3f7b74fa601476e4b0d09768edfdec762c73fa07cb227588b WHIRLPOOL d701fb5f40ecde2b2f2bb56970576c8abde1499916168fee4a6d27afbc1c0493eb17ddd1a8ee70bfbc77d553a47e219e538febada4946d19cccbdabc90f40e6f
 AUX xdm.initd-9 5700 SHA256 96b1fe826db2b46b08e055d57bffd9405616b7980d9e40e95f19e52bc49eef3f SHA512 a4f652aff6a03d902da7ce1c706396911e853e78031d3246b764cb67930f20935d5aa912834add9f839742e824c380d2793b6b62592a10ad1bde646623b419d3 WHIRLPOOL ebddb96a2552a76f1d2f13b25dd773c822e8a0a5135f950163426477c689d0c35a74946a3323103d604783244e3a2f0bee5f5009b50828c90227370b13c433a9
+AUX xorg-server-1.12-cve-2013-4396.patch 2807 SHA256 11707d59d550a9f0b04f0ca3dba1668c7f848a4e8a4cea7a6ae01c665bd11fe9 SHA512 9c8fea712e7ad727390052fd6a717c00e6d16eecaee23153b21870b82772a67c841d9ae48573cf4f8adfc101c948ed25e454ce420226ca991a3c671ecdefa209 WHIRLPOOL 932cba6b4641156de7a56fa977fd39dcf171015e21d196de588694e31cb0fa1d9928b17a3ac81568581c6f722be252ca09125eb08a9f088d5550e205dd09cb42
 AUX xorg-server-1.12-disable-acpi.patch 275 SHA256 1d3878d44e2b8690bb7d1595960d06acee7f86a6a4724236a09a74900404e953 SHA512 ca52ce0931819acf46a066116b8485c3a398a56d79826a5cdb2b3b8c7809e5163e17a5954de370805dc51a3be3c75a0333d5c17c30bf99139105d705de2fff95 WHIRLPOOL 048be09bad947a5ef02d5935534c47d08439f0ceccddcdb017908bf73aa0484a69b0e42e8e6630393323305b31a8008ef8a0f4655556082245bc5fcde254aa5b
 AUX xorg-server-1.13-arm32.patch 505 SHA256 65de94d463e2d6fc61486f747e94d0b4fa23e217f793389303c4f3c8ad7a68e2 SHA512 669dd457f0e127b188baa942991f22d1143c42b59ab4754770119e6a78561854aa42e952ac9cf51bf85e8151f22baf6f2938b25234057eb3c0079bb60aa57b33 WHIRLPOOL 20f4f7d38b9917ce3c0b47f3b3461c91850715e73079f6fcb5d9653b83b6344aff61426845db540ff059c8046ee4fe069af7c8ce2d830448fbb4c2f09093b305
 AUX xorg-server-1.13-ia64-asm.patch 1166 SHA256 525fc255734f062758877ad45a29862dfeb1fb8e7b3a476d9410a6f0d73420a2 SHA512 51b8695af30988f99a480d2ecadc6dbe7cb46d4d9461fa006d9001200dfc1bed7390025fd1ebbadc936aee90444bb5cfd892d41c5260d5c33347ee2bdc88e78e WHIRLPOOL 46d8b55b67c82118e2a36a01c739217c6e6dd02228b0a0e730b44372b77b476f4a76fcfa8a584550cdfc87db22c26839890b7719318678aaedba7db761a39c6c
 AUX xorg-sets.conf 199 SHA256 1201d0337ac69d9715f4454a86dfb8a7bd1ae6f4c2578042fc08f283a997597c SHA512 910fe28f20909243044f079ff35136942b8790f4f28ac42ffc64a76b7f03cd22057087fa5e4e01192080b52c0d89000ea96d5a807c6f11f680d3f43312c5be41 WHIRLPOOL 4acac88e1688ea71df59a86a8a188b5369ad05f61e1369cd620eecd754511578e961a537ff6d0b22156f671d3485289cbc941dfe83bea24a27329b7bebb46c7d
 DIST xorg-server-1.13.4.tar.bz2 5506293 SHA256 a2c969887f3c7b0f3f7d31e2ee8e91fa73ce81ba3c16d82da9150ffa302c98cf SHA512 600fe0fc77a9d6c242ec264f74624cddf5e3dd0e2eacaa65d475be638e2b4d9497bc555d753b43b24845bd6f446a811e387446f94fa98d3e75f664063a7a3d3d WHIRLPOOL 68ca7d6f121496d3a371fb4242c4e9c8fa77eae5c79a13dfec2cdbfd8f0ed82b9a97aa607923674f2e17f3380ec9a8c82d3aab9b2d8b829457a29b8330970f54
-EBUILD xorg-server-1.13.4-r1.ebuild 7207 SHA256 84f79b183a964ddee010e7255781b4208816d950e434b5a4195407aabd1ac98a SHA512 6777b26cafdd958ba254b66580b7d6b174e69bc798685b422045a89233e6f4ef1be3ef5b4afa365edfc7578840ea0a4e928a89941238f16bf95c3337fc062694 WHIRLPOOL 84d971a954950ccfb663067167d4b172b0de267a42ed2122db251037975e60b51448771b27299da9c11943206760c211cbce1ea56bb687b242c4b207f6862603
+EBUILD xorg-server-1.13.4-r1.ebuild 7251 SHA256 e576dad35350a559abbd02a6b940942f8f46f5c0ebe2e80a20ebebaf7cedc477 SHA512 445721c6661eab6eaa7cabe915f24f266fcc96bac25de210ff65a0afad12e82391a59f292165861bdfcf695a92ab2c72b06fbd5d8f5f498ca9c044911fd6f0aa WHIRLPOOL eaa2f10fde8ea6304ac6eefa77255f4943263f0ec9d1430e462b3067b4deeee0eba4741e883fe1195892b4a56a3ec11cf01534db427cc026700d96a6430dd800
diff --git a/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-4396.patch b/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-4396.patch
new file mode 100644
index 0000000..4b6727e
--- /dev/null
+++ b/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-4396.patch
@@ -0,0 +1,75 @@
+From 7bddc2ba16a2a15773c2ea8947059afa27727764 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Mon, 16 Sep 2013 21:47:16 -0700
+Subject: [PATCH] Avoid use-after-free in dix/dixfonts.c: doImageText()
+ [CVE-2013-4396]
+
+Save a pointer to the passed in closure structure before copying it
+and overwriting the *c pointer to point to our copy instead of the
+original.  If we hit an error, once we free(c), reset c to point to
+the original structure before jumping to the cleanup code that
+references *c.
+
+Since one of the errors being checked for is whether the server was
+able to malloc(c->nChars * itemSize), the client can potentially pass
+a number of characters chosen to cause the malloc to fail and the
+error path to be taken, resulting in the read from freed memory.
+
+Since the memory is accessed almost immediately afterwards, and the
+X server is mostly single threaded, the odds of the free memory having
+invalid contents are low with most malloc implementations when not using
+memory debugging features, but some allocators will definitely overwrite
+the memory there, leading to a likely crash.
+
+Reported-by: Pedro Ribeiro <pedrib@gmail.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Julien Cristau <jcristau@debian.org>
+---
+ dix/dixfonts.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/dix/dixfonts.c b/dix/dixfonts.c
+index feb765d..2e34d37 100644
+--- a/dix/dixfonts.c
++++ b/dix/dixfonts.c
+@@ -1425,6 +1425,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+             GC *pGC;
+             unsigned char *data;
+             ITclosurePtr new_closure;
++            ITclosurePtr old_closure;
+ 
+             /* We're putting the client to sleep.  We need to
+                save some state.  Similar problem to that handled
+@@ -1436,12 +1437,14 @@ doImageText(ClientPtr client, ITclosurePtr c)
+                 err = BadAlloc;
+                 goto bail;
+             }
++            old_closure = c;
+             *new_closure = *c;
+             c = new_closure;
+ 
+             data = malloc(c->nChars * itemSize);
+             if (!data) {
+                 free(c);
++                c = old_closure;
+                 err = BadAlloc;
+                 goto bail;
+             }
+@@ -1452,6 +1455,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+             if (!pGC) {
+                 free(c->data);
+                 free(c);
++                c = old_closure;
+                 err = BadAlloc;
+                 goto bail;
+             }
+@@ -1464,6 +1468,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+                 FreeScratchGC(pGC);
+                 free(c->data);
+                 free(c);
++                c = old_closure;
+                 err = BadAlloc;
+                 goto bail;
+             }
+-- 
+1.7.9.2
diff --git a/x11-base/xorg-server/xorg-server-1.13.4-r1.ebuild b/x11-base/xorg-server/xorg-server-1.13.4-r1.ebuild
index 7d1419d..a918571 100644
--- a/x11-base/xorg-server/xorg-server-1.13.4-r1.ebuild
+++ b/x11-base/xorg-server/xorg-server-1.13.4-r1.ebuild
@@ -118,6 +118,7 @@ PATCHES=(
 	"${FILESDIR}"/1.11.99.902-allow-root-none.patch
 	"${FILESDIR}"/1.11.99.902-xserver-bg-none-root.patch
 	"${FILESDIR}"/${PN}-1.13-arm32.patch
+	"${FILESDIR}"/${PN}-1.12-cve-2013-4396.patch
 )
 
 pkg_pretend() {
@@ -127,7 +128,7 @@ pkg_pretend() {
 }
 
 src_configure() {
-	append_cppflags = -D__arm32__
+	append-cppflags -D__arm32__
 
 	# localstatedir is used for the log location; we need to override the default
 	#	from ebuild.sh
author	Steev Klimaszewski <steev@gentoo.org>	2013-12-08 04:07:52 -0600
committer	Steev Klimaszewski <steev@gentoo.org>	2013-12-08 04:07:52 -0600
commit	e61da5d488417f1c8a47272ef7e33546ecebae6b (patch)
tree	03cfe9e56a12d385ffde88b74e1e3a3f679160bf /x11-base
parent	Merge pull request #1 from sarnold/dev (diff)
download	arm-e61da5d488417f1c8a47272ef7e33546ecebae6b.tar.gz arm-e61da5d488417f1c8a47272ef7e33546ecebae6b.tar.bz2 arm-e61da5d488417f1c8a47272ef7e33546ecebae6b.zip