main/libx11: security upgrade to 1.8.7

- CVE-2023-43785 - CVE-2023-43786 - CVE-2023-43787 ref: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15425 (cherry picked from commit 659ef3a25fa07768ad1cd89570951dee794fc8bf) (cherry picked from commit 746e74770ab323ae42ce36afc41c7a368a89b020)
author: Natanael Copa <ncopa@alpinelinux.org> 2023-11-01 08:50:11 +0100
committer: Natanael Copa <ncopa@alpinelinux.org> 2023-11-01 08:57:06 +0100
commit: 87597971a8202f7054a6b6de1bd2694f66e49157 (patch)
tree: 11447b155d7db71cb36c9b8c44d0ba80c893281c
parent: 0276255a68be6b154f7adb48b57f5bede26c167e (diff)
2 files changed, 8 insertions, 117 deletions
diff --git a/main/libx11/APKBUILD b/main/libx11/APKBUILD
index 9fc97e2f5d1..04b7ba2af4b 100644
--- a/main/libx11/APKBUILD
+++ b/main/libx11/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libx11
-pkgver=1.8
-pkgrel=1
+pkgver=1.8.7
+pkgrel=0
 pkgdesc="X11 client-side library"
 url="http://xorg.freedesktop.org/"
 arch="all"
@@ -9,12 +9,14 @@ license="custom:XFREE86"
 subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
 depends_dev="libxcb-dev xtrans"
 makedepends="$depends_dev xorgproto util-macros xmlto"
-source="https://www.x.org/releases/individual/lib/libX11-$pkgver.tar.xz
-	CVE-2023-3138.patch
-	"
+source="https://www.x.org/releases/individual/lib/libX11-$pkgver.tar.xz"
 builddir="$srcdir"/libX11-$pkgver
 
 # secfixes:
+#   1.8.7-r0:
+#     - CVE-2023-43785
+#     - CVE-2023-43786
+#     - CVE-2023-43787
 #   1.8-r1:
 #     - CVE-2023-3138
 #   1.7.1-r0:
@@ -50,6 +52,5 @@ package() {
 }
 
 sha512sums="
-64899ba9efbda00211daf08534a2a98eba86bb377980d21ce319106075cd36b511b17245d02e8ebd1045e7c2147f2c005004bcf579121138be7a7b879eeca83b  libX11-1.8.tar.xz
-6bd3cd9d50c9b7fc46c0ac769fe2b7a1b819ff828dda477368e07aa7bb6020c4efe75d8d63c4c9778879010add31e82fc0fe33d376e8cd6957ed097d77426e0f  CVE-2023-3138.patch
+d53bfc18f38d339a6a695b09835b2ae96b323881678bfe7ddca697605e3bdf4102ff49cc3078880a6c55b5977fcdd0aadaf5429086132de3a5bda302f79a2fa6  libX11-1.8.7.tar.xz
 "
diff --git a/main/libx11/CVE-2023-3138.patch b/main/libx11/CVE-2023-3138.patch
deleted file mode 100644
index 18a18653a87..00000000000
--- a/main/libx11/CVE-2023-3138.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Patch-Source: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
---
-From 304a654a0d57bf0f00d8998185f0360332cfa36c Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 10 Jun 2023 16:30:07 -0700
-Subject: [PATCH] InitExt.c: Add bounds checks for extension request, event, &
- error codes
-
-Fixes CVE-2023-3138: X servers could return values from XQueryExtension
-that would cause Xlib to write entries out-of-bounds of the arrays to
-store them, though this would only overwrite other parts of the Display
-struct, not outside the bounds allocated for that structure.
-
-Reported-by: Gregory James DUCK <gjduck@gmail.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/InitExt.c | 42 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 42 insertions(+)
-
-diff --git a/src/InitExt.c b/src/InitExt.c
-index 4de46f15..afc00a6b 100644
---- a/src/InitExt.c
-+++ b/src/InitExt.c
-@@ -33,6 +33,18 @@ from The Open Group.
- #include <X11/Xos.h>
- #include <stdio.h>
- 
-+/* The X11 protocol spec reserves events 64 through 127 for extensions */
-+#ifndef LastExtensionEvent
-+#define LastExtensionEvent 127
-+#endif
-+
-+/* The X11 protocol spec reserves requests 128 through 255 for extensions */
-+#ifndef LastExtensionRequest
-+#define FirstExtensionRequest 128
-+#define LastExtensionRequest 255
-+#endif
-+
-+
- /*
-  * This routine is used to link a extension in so it will be called
-  * at appropriate times.
-@@ -242,6 +254,12 @@ WireToEventType XESetWireToEvent(
- 	WireToEventType proc)	/* routine to call when converting event */
- {
- 	register WireToEventType oldproc;
-+	if (event_number < 0 ||
-+	    event_number > LastExtensionEvent) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
-+		    event_number);
-+	    return (WireToEventType)_XUnknownWireEvent;
-+	}
- 	if (proc == NULL) proc = (WireToEventType)_XUnknownWireEvent;
- 	LockDisplay (dpy);
- 	oldproc = dpy->event_vec[event_number];
-@@ -263,6 +281,12 @@ WireToEventCookieType XESetWireToEventCookie(
-     )
- {
- 	WireToEventCookieType oldproc;
-+	if (extension < FirstExtensionRequest ||
-+	    extension > LastExtensionRequest) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
-+		    extension);
-+	    return (WireToEventCookieType)_XUnknownWireEventCookie;
-+	}
- 	if (proc == NULL) proc = (WireToEventCookieType)_XUnknownWireEventCookie;
- 	LockDisplay (dpy);
- 	oldproc = dpy->generic_event_vec[extension & 0x7F];
-@@ -284,6 +308,12 @@ CopyEventCookieType XESetCopyEventCookie(
-     )
- {
- 	CopyEventCookieType oldproc;
-+	if (extension < FirstExtensionRequest ||
-+	    extension > LastExtensionRequest) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension opcode %d\n",
-+		    extension);
-+	    return (CopyEventCookieType)_XUnknownCopyEventCookie;
-+	}
- 	if (proc == NULL) proc = (CopyEventCookieType)_XUnknownCopyEventCookie;
- 	LockDisplay (dpy);
- 	oldproc = dpy->generic_event_copy_vec[extension & 0x7F];
-@@ -305,6 +335,12 @@ EventToWireType XESetEventToWire(
- 	EventToWireType proc)	/* routine to call when converting event */
- {
- 	register EventToWireType oldproc;
-+	if (event_number < 0 ||
-+	    event_number > LastExtensionEvent) {
-+	    fprintf(stderr, "Xlib: ignoring invalid extension event %d\n",
-+		    event_number);
-+	    return (EventToWireType)_XUnknownNativeEvent;
-+	}
- 	if (proc == NULL) proc = (EventToWireType) _XUnknownNativeEvent;
- 	LockDisplay (dpy);
- 	oldproc = dpy->wire_vec[event_number];
-@@ -325,6 +361,12 @@ WireToErrorType XESetWireToError(
- 	WireToErrorType proc)	/* routine to call when converting error */
- {
- 	register WireToErrorType oldproc = NULL;
-+	if (error_number < 0 ||
-+	    error_number > LastExtensionError) {
-+	   fprintf(stderr, "Xlib: ignoring invalid extension error %d\n",
-+		    error_number);
-+	   return (WireToErrorType)_XDefaultWireError;
-+	}
- 	if (proc == NULL) proc = (WireToErrorType)_XDefaultWireError;
- 	LockDisplay (dpy);
- 	if (!dpy->error_vec) {
--- 
-GitLab
-
author	Natanael Copa <ncopa@alpinelinux.org>	2023-11-01 08:50:11 +0100
committer	Natanael Copa <ncopa@alpinelinux.org>	2023-11-01 08:57:06 +0100
commit	87597971a8202f7054a6b6de1bd2694f66e49157 (patch)
tree	11447b155d7db71cb36c9b8c44d0ba80c893281c
parent	0276255a68be6b154f7adb48b57f5bede26c167e (diff)