Accepting request 113535 from home:vuntz:branches:X11:XOrg

Split xrdb out of xorg-x11; no change to the content

OBS-URL: https://build.opensuse.org/request/show/113535
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xrdb?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

xrdb-1.0.7.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0c70a433f78c1dd3bf02e44e03a7534f3fe3ff45643ecbd7844d0ca3c74157b1
+size 118037

xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch

@@ -0,0 +1,182 @@
+From 3d0c8e2cacf69723e7e8faf7ce441b9802e2d9a0 Mon Sep 17 00:00:00 2001
+From: Matthias Hopf <mhopf@suse.de>
+Date: Tue, 1 Mar 2011 19:37:34 +0100
+Subject: [PATCH] Create shell-escape-safe cpp options in the non-pathetic-cpp case.
+
+Fixes CVE-2011-0465.
+
+Signed-off-by: Matthias Hopf <mhopf@suse.de>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+---
+ xrdb.c |   79 +++++++++++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 files changed, 63 insertions(+), 16 deletions(-)
+
+diff --git a/xrdb.c b/xrdb.c
+index c3ef0fd..ea698b9 100644
+--- a/xrdb.c
++++ b/xrdb.c
+@@ -142,6 +142,8 @@ static Entries newDB;
+ 
+ static void fatal(char *, ...);
+ static void addstring ( String *arg, const char *s );
++static void addescapedstring ( String *arg, const char *s );
++static void addtokstring ( String *arg, const char *s );
+ static void FormatEntries ( Buffer *buffer, Entries *entries );
+ static void StoreProperty ( Display *dpy, Window root, Atom res_prop );
+ static void Process ( int scrno, Bool doScreen, Bool execute );
+@@ -433,14 +435,20 @@ AddDef(String *buff, char *title, char *value)
+ 	    addstring(buff, " -D");
+     } else
+ 	addstring(buff, "-D");
+-    addstring(buff, title);
++    addtokstring(buff, title);
+     if (value && (value[0] != '\0')) {
+ 	addstring(buff, "=");
+-	addstring(buff, value);
++	addescapedstring(buff, value);
+     }
+ }
+ 
+ static void
++AddSimpleDef(String *buff, char *title)
++{
++    AddDef(buff, title, (char *)NULL);
++}
++
++static void
+ AddDefQ(String *buff, char *title, char *value)
+ {
+ #ifdef PATHETICCPP
+@@ -449,8 +457,9 @@ AddDefQ(String *buff, char *title, char *value)
+     else
+ #endif
+     if (value && (value[0] != '\0')) {
+-	AddDef(buff, title, "\"");
+-	addstring(buff, value);
++	AddSimpleDef(buff, title);
++	addstring(buff, "=\"");
++	addescapedstring(buff, value);
+ 	addstring(buff, "\"");
+     } else
+ 	AddDef(buff, title, NULL);
+@@ -465,24 +474,28 @@ AddNum(String *buff, char *title, int value)
+ }
+ 
+ static void
+-AddSimpleDef(String *buff, char *title)
++AddDefTok(String *buff, char *prefix, char *title)
+ {
+-    AddDef(buff, title, (char *)NULL);
++    char name[512];
++
++    snprintf(name, sizeof(name), "%s%s", prefix, title);
++    AddSimpleDef(buff, name);
+ }
+ 
+ static void
+-AddDefTok(String *buff, char *prefix, char *title)
++AddDefHostname(String *buff, char *title, char *value)
+ {
+     char *s;
+     char name[512];
+     char c;
+ 
+-    snprintf(name, sizeof(name), "%s%s", prefix, title);
++    strncpy (name, value, sizeof(name)-1);
++    name[sizeof(name)-1] = '\0';
+     for (s = name; (c = *s); s++) {
+-	if (!isalpha(c) && !isdigit(c) && c != '_')
++	if (!isalpha(c) && !isdigit(c) && c != '_' && c != '.' && c != ':' && c != '-')
+ 	    *s = '_';
+     }
+-    AddSimpleDef(buff, name);
++    AddDef(buff, title, name);
+ }
+ 
+ static void
+@@ -502,7 +515,7 @@ AddUndef(String *buff, char *title)
+ 	    addstring(buff, " -U");
+     } else
+ 	addstring(buff, "-U");
+-    addstring(buff, title);
++    addtokstring(buff, title);
+ }
+ 
+ static void 
+@@ -565,11 +578,11 @@ DoDisplayDefines(Display *display, String *defs, char *host)
+     }
+     if (!*server || !strcmp(server, "unix") || !strcmp(server, "localhost"))
+ 	strcpy(server, client);
+-    AddDef(defs, "HOST", server); /* R3 compatibility */
+-    AddDef(defs, "SERVERHOST", server);
++    AddDefHostname(defs, "HOST", server); /* R3 compatibility */
++    AddDefHostname(defs, "SERVERHOST", server);
+     AddDefTok(defs, "SRVR_", server);
+     AddNum(defs, "DISPLAY_NUM", n);
+-    AddDef(defs, "CLIENTHOST", client);
++    AddDefHostname(defs, "CLIENTHOST", client);
+     AddDefTok(defs, "CLNT_", client);
+     AddNum(defs, "VERSION", ProtocolVersion(display));
+     AddNum(defs, "REVISION", ProtocolRevision(display));
+@@ -612,7 +625,7 @@ DoScreenDefines(Display *display, int scrno, String *defs)
+     AddNum(defs, "Y_RESOLUTION", Resolution(screen->height,screen->mheight));
+     AddNum(defs, "PLANES", DisplayPlanes(display, scrno));
+     AddNum(defs, "BITS_PER_RGB", visual->bits_per_rgb);
+-    AddDef(defs, "CLASS", ClassNames[visual->class]);
++    AddDefQ(defs, "CLASS", ClassNames[visual->class]);
+     snprintf(name, sizeof(name), "CLASS_%s", ClassNames[visual->class]);
+     AddNum(defs, name, (int)visual->visualid);
+     switch(visual->class) {
+@@ -780,6 +793,40 @@ addstring(String *arg, const char *s)
+     arg->used += strlen(s);
+ }   
+ 
++static void
++addescapedstring(String *arg, const char *s)
++{
++    char copy[512], *c;
++
++    for (c = copy; *s && c < &copy[sizeof(copy)-1]; s++) {
++	switch (*s) {
++	case '"':       case '\'':      case '`':
++	case '$':       case '\\':
++	    *c++ = '_';
++	    break;
++	default:
++	    *c++ = *s;
++	}
++    }
++    *c = 0;
++    addstring (arg, copy);
++}
++
++static void
++addtokstring(String *arg, const char *s)
++{
++    char copy[512], *c;
++
++    for (c = copy; *s && c < &copy[sizeof(copy)-1]; s++) {
++	if (!isalpha(*s) && !isdigit(*s) && *s != '_')
++	    *c++ = '_';
++	else
++	    *c++ = *s;
++    }
++    *c = 0;
++    addstring (arg, copy);
++}
++
+ 
+ int
+ main(int argc, char *argv[])
+@@ -892,7 +939,7 @@ main(int argc, char *argv[])
+ 		continue;
+ 	    } else if (arg[1] == 'I') {
+ 		addstring(&includes, " ");
+-		addstring(&includes, arg);
++		addescapedstring(&includes, arg);
+ 		continue;
+ 	    } else if (arg[1] == 'U' || arg[1] == 'D') {
+ 		if (num_cmd_defines < MAX_CMD_DEFINES) {
+-- 
+1.7.1
+

xrdb-traditional-cpp.diff

@@ -0,0 +1,106 @@
+--- xrdb.c.orig	2010-06-25 12:46:40.000000000 +0200
++++ xrdb.c	2010-06-25 14:13:12.000000000 +0200
+@@ -142,6 +142,7 @@
+ static Display *dpy;
+ static Buffer buffer;
+ static Entries newDB;
++static int cpp_option_in_use=0;
+ 
+ static void fatal(char *, ...);
+ static void addstring ( String *arg, const char *s );
+@@ -807,6 +808,7 @@
+ 	    } else if (isabbreviation ("-cpp", arg, 2)) {
+ 		if (++i >= argc) Syntax ();
+ 		cpp_program = argv[i];
++		cpp_option_in_use=1;
+ 		continue;
+ 	    } else if (!strcmp ("-n", arg)) {
+ 		dont_execute = True;
+@@ -1166,12 +1168,17 @@
+ 	    fclose(input);
+ 	    (void) mktemp(tmpname3);
+ 	    if((cmd = (char *)
+-		malloc(strlen(cpp_program) + strlen(includes.val) +
++		malloc(strlen(cpp_program) + strlen(includes.val) + strlen(" -traditional-cpp ") +
+ 		       1 + strlen(tmpname2) + 3 + strlen(tmpname3) + 1)) ==
+ 	       NULL)
+ 		fatal("%s: Out of memory\n", ProgramName);
+-	    sprintf(cmd, "%s%s %s > %s", cpp_program, includes.val,
++	    if (cpp_option_in_use)) {
++	        sprintf(cmd, "%s%s %s > %s", cpp_program, includes.val,
+ 		    tmpname2, tmpname3);
++	    } else {
++	        sprintf(cmd, "%s -traditional-cpp %s %s > %s", cpp_program, includes.val,
++		    tmpname2, tmpname3);
++	    }
+ 	    if (system(cmd) < 0)
+ 		fatal("%s: cannot run '%s'\n", ProgramName, cmd);
+ 	    free(cmd);
+@@ -1185,10 +1192,14 @@
+ 	    fflush(stdin);
+ 	    fseek(stdin, 0, 0);
+ 	    if((cmd = (char *)
+-		malloc(strlen(cpp_program) + strlen(includes.val) + 1)) ==
++		malloc(strlen(cpp_program) + strlen(" -traditional-cpp ") + strlen(includes.val) + 1)) ==
+ 	       NULL)
+ 		fatal("%s: Out of memory\n", ProgramName);
+-	    sprintf(cmd, "%s%s", cpp_program, includes.val);
++	    if (cpp_option_in_use) {
++	       sprintf(cmd, "%s%s", cpp_program, includes.val);
++	    } else {
++	       sprintf(cmd, "%s -traditional-cpp %s", cpp_program, includes.val);
++	    }
+ 	    if (!(input = popen(cmd, "r")))
+ 		fatal("%s: cannot run '%s'\n", ProgramName, cmd);
+ 	    free(cmd);
+@@ -1203,15 +1214,21 @@
+ #ifdef WIN32
+ 	    (void) mktemp(tmpname3);
+ 	    if((cmd = (char *)
+-		malloc(strlen(cpp_program) + strlen(includes.val) +
++		malloc(strlen(cpp_program) + strlen(" -traditional-cpp ") + strlen(includes.val) +
+ 		       1 + strlen(defines.val) + 1 +
+ 		       strlen(filename ? filename : "") + 3 +
+ 		       strlen(tmpname3) + 1)) ==
+ 	       NULL)
+ 		fatal("%s: Out of memory\n", ProgramName);
+-	    sprintf(cmd, "%s%s %s %s > %s", cpp_program,
+-		    includes.val, defines.val,
+-		    filename ? filename : "", tmpname3);
++	    if (cpp_option_in_use) {
++	       sprintf(cmd, "%s%s %s %s > %s", cpp_program,
++		       includes.val, defines.val,
++		       filename ? filename : "", tmpname3);
++	    } else {
++	       sprintf(cmd, "%s -traditional-cpp %s %s %s > %s", cpp_program,
++		       includes.val, defines.val,
++		       filename ? filename : "", tmpname3);
++	    }
+ 	    if (system(cmd) < 0)
+ 		fatal("%s: cannot run '%s'\n", ProgramName, cmd);
+ 	    free(cmd);
+@@ -1219,14 +1236,20 @@
+ 		fatal("%s: can't open file '%s'\n", ProgramName, tmpname3);
+ #else
+ 	    if((cmd = (char *)
+-		malloc(strlen(cpp_program) + strlen(includes.val) + 1 +
++		malloc(strlen(cpp_program) + strlen(" -traditional-cpp ") + strlen(includes.val) + 1 +
+ 		       strlen(defines.val) + 1 +
+ 		       strlen(filename ? filename : "") + 1)) ==
+ 	       NULL)
+ 		fatal("%s: Out of memory\n", ProgramName);
+-	    sprintf(cmd, "%s%s %s %s", cpp_program,
+-		    includes.val, defines.val,
+-		    filename ? filename : "");
++	    if (cpp_option_in_use) {
++	       sprintf(cmd, "%s%s %s %s", cpp_program,
++		       includes.val, defines.val,
++		       filename ? filename : "");
++	    } else {
++	       sprintf(cmd, "%s -traditional-cpp %s %s %s", cpp_program,
++		       includes.val, defines.val,
++		       filename ? filename : "");
++	    }
+ 	    if (!(input = popen(cmd, "r")))
+ 		fatal("%s: cannot run '%s'\n", ProgramName, cmd);
+ 	    free(cmd);

xrdb.changes

@@ -0,0 +1,5 @@
+-------------------------------------------------------------------
+Fri Apr 13 08:46:08 UTC 2012 - vuntz@opensuse.org
+
+- Split xrdb from xorg-x11. Initial version: 1.0.7.
+

xrdb.spec

@@ -0,0 +1,61 @@
+#
+# spec file for package xrdb
+#
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+Name:           xrdb
+Version:        1.0.7
+Release:        0
+License:        MIT
+Summary:        X server resource database utility
+Url:            http://xorg.freedesktop.org/
+Group:          System/X11/Utilities
+Source0:        http://xorg.freedesktop.org/releases/individual/app/%{name}-%{version}.tar.bz2
+Patch0:         xrdb-traditional-cpp.diff
+# PATCH-FIX-UPSTREAM xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch -- Create shell-escape-safe cpp options in the non-pathetic-cpp case, already upstream
+Patch1:         xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch
+BuildRequires:  pkg-config
+BuildRequires:  pkgconfig(x11)
+BuildRequires:  pkgconfig(xmuu)
+BuildRequires:  pkgconfig(xorg-macros) >= 1.8
+Requires:       cpp
+# This was part of the xorg-x11 package up to version 7.6
+Conflicts:      xorg-x11 <= 7.6
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+Xrdb is used to get or set the contents of the RESOURCE_MANAGER property
+on the root window of screen 0, or the SCREEN_RESOURCES property on the
+root window of any or all screens, or everything combined.
+
+%prep
+%setup -q
+%patch0 -p0
+%patch1 -p1
+
+%build
+%configure --with-cpp=%{_bindir}/cpp
+make %{?_smp_mflags}
+
+%install
+%make_install
+
+%files
+%defattr(-,root,root)
+%doc AUTHORS ChangeLog COPYING README
+%{_bindir}/xrdb
+%{_mandir}/man1/xrdb.1%{?ext_man}
+
+%changelog