From 224c23005ed2ee468fa781b79943b9ac52257bc3f3fe915907f0ef9759b62a40 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Sat, 14 Apr 2012 09:35:50 +0000 Subject: [PATCH] Accepting request 113535 from home:vuntz:branches:X11:XOrg Split xrdb out of xorg-x11; no change to the content OBS-URL: https://build.opensuse.org/request/show/113535 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xrdb?expand=0&rev=1 --- .gitattributes | 23 +++ .gitignore | 1 + xrdb-1.0.7.tar.bz2 | 3 + ...pp-options-in-the-non-path-bnc674733.patch | 182 ++++++++++++++++++ xrdb-traditional-cpp.diff | 106 ++++++++++ xrdb.changes | 5 + xrdb.spec | 61 ++++++ 7 files changed, 381 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 xrdb-1.0.7.tar.bz2 create mode 100644 xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch create mode 100644 xrdb-traditional-cpp.diff create mode 100644 xrdb.changes create mode 100644 xrdb.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/xrdb-1.0.7.tar.bz2 b/xrdb-1.0.7.tar.bz2 new file mode 100644 index 0000000..e23cce2 --- /dev/null +++ b/xrdb-1.0.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0c70a433f78c1dd3bf02e44e03a7534f3fe3ff45643ecbd7844d0ca3c74157b1 +size 118037 diff --git a/xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch b/xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch new file mode 100644 index 0000000..496717d --- /dev/null +++ b/xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch @@ -0,0 +1,182 @@ +From 3d0c8e2cacf69723e7e8faf7ce441b9802e2d9a0 Mon Sep 17 00:00:00 2001 +From: Matthias Hopf +Date: Tue, 1 Mar 2011 19:37:34 +0100 +Subject: [PATCH] Create shell-escape-safe cpp options in the non-pathetic-cpp case. + +Fixes CVE-2011-0465. + +Signed-off-by: Matthias Hopf +Reviewed-by: Adam Jackson +--- + xrdb.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++------------- + 1 files changed, 63 insertions(+), 16 deletions(-) + +diff --git a/xrdb.c b/xrdb.c +index c3ef0fd..ea698b9 100644 +--- a/xrdb.c ++++ b/xrdb.c +@@ -142,6 +142,8 @@ static Entries newDB; + + static void fatal(char *, ...); + static void addstring ( String *arg, const char *s ); ++static void addescapedstring ( String *arg, const char *s ); ++static void addtokstring ( String *arg, const char *s ); + static void FormatEntries ( Buffer *buffer, Entries *entries ); + static void StoreProperty ( Display *dpy, Window root, Atom res_prop ); + static void Process ( int scrno, Bool doScreen, Bool execute ); +@@ -433,14 +435,20 @@ AddDef(String *buff, char *title, char *value) + addstring(buff, " -D"); + } else + addstring(buff, "-D"); +- addstring(buff, title); ++ addtokstring(buff, title); + if (value && (value[0] != '\0')) { + addstring(buff, "="); +- addstring(buff, value); ++ addescapedstring(buff, value); + } + } + + static void ++AddSimpleDef(String *buff, char *title) ++{ ++ AddDef(buff, title, (char *)NULL); ++} ++ ++static void + AddDefQ(String *buff, char *title, char *value) + { + #ifdef PATHETICCPP +@@ -449,8 +457,9 @@ AddDefQ(String *buff, char *title, char *value) + else + #endif + if (value && (value[0] != '\0')) { +- AddDef(buff, title, "\""); +- addstring(buff, value); ++ AddSimpleDef(buff, title); ++ addstring(buff, "=\""); ++ addescapedstring(buff, value); + addstring(buff, "\""); + } else + AddDef(buff, title, NULL); +@@ -465,24 +474,28 @@ AddNum(String *buff, char *title, int value) + } + + static void +-AddSimpleDef(String *buff, char *title) ++AddDefTok(String *buff, char *prefix, char *title) + { +- AddDef(buff, title, (char *)NULL); ++ char name[512]; ++ ++ snprintf(name, sizeof(name), "%s%s", prefix, title); ++ AddSimpleDef(buff, name); + } + + static void +-AddDefTok(String *buff, char *prefix, char *title) ++AddDefHostname(String *buff, char *title, char *value) + { + char *s; + char name[512]; + char c; + +- snprintf(name, sizeof(name), "%s%s", prefix, title); ++ strncpy (name, value, sizeof(name)-1); ++ name[sizeof(name)-1] = '\0'; + for (s = name; (c = *s); s++) { +- if (!isalpha(c) && !isdigit(c) && c != '_') ++ if (!isalpha(c) && !isdigit(c) && c != '_' && c != '.' && c != ':' && c != '-') + *s = '_'; + } +- AddSimpleDef(buff, name); ++ AddDef(buff, title, name); + } + + static void +@@ -502,7 +515,7 @@ AddUndef(String *buff, char *title) + addstring(buff, " -U"); + } else + addstring(buff, "-U"); +- addstring(buff, title); ++ addtokstring(buff, title); + } + + static void +@@ -565,11 +578,11 @@ DoDisplayDefines(Display *display, String *defs, char *host) + } + if (!*server || !strcmp(server, "unix") || !strcmp(server, "localhost")) + strcpy(server, client); +- AddDef(defs, "HOST", server); /* R3 compatibility */ +- AddDef(defs, "SERVERHOST", server); ++ AddDefHostname(defs, "HOST", server); /* R3 compatibility */ ++ AddDefHostname(defs, "SERVERHOST", server); + AddDefTok(defs, "SRVR_", server); + AddNum(defs, "DISPLAY_NUM", n); +- AddDef(defs, "CLIENTHOST", client); ++ AddDefHostname(defs, "CLIENTHOST", client); + AddDefTok(defs, "CLNT_", client); + AddNum(defs, "VERSION", ProtocolVersion(display)); + AddNum(defs, "REVISION", ProtocolRevision(display)); +@@ -612,7 +625,7 @@ DoScreenDefines(Display *display, int scrno, String *defs) + AddNum(defs, "Y_RESOLUTION", Resolution(screen->height,screen->mheight)); + AddNum(defs, "PLANES", DisplayPlanes(display, scrno)); + AddNum(defs, "BITS_PER_RGB", visual->bits_per_rgb); +- AddDef(defs, "CLASS", ClassNames[visual->class]); ++ AddDefQ(defs, "CLASS", ClassNames[visual->class]); + snprintf(name, sizeof(name), "CLASS_%s", ClassNames[visual->class]); + AddNum(defs, name, (int)visual->visualid); + switch(visual->class) { +@@ -780,6 +793,40 @@ addstring(String *arg, const char *s) + arg->used += strlen(s); + } + ++static void ++addescapedstring(String *arg, const char *s) ++{ ++ char copy[512], *c; ++ ++ for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { ++ switch (*s) { ++ case '"': case '\'': case '`': ++ case '$': case '\\': ++ *c++ = '_'; ++ break; ++ default: ++ *c++ = *s; ++ } ++ } ++ *c = 0; ++ addstring (arg, copy); ++} ++ ++static void ++addtokstring(String *arg, const char *s) ++{ ++ char copy[512], *c; ++ ++ for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { ++ if (!isalpha(*s) && !isdigit(*s) && *s != '_') ++ *c++ = '_'; ++ else ++ *c++ = *s; ++ } ++ *c = 0; ++ addstring (arg, copy); ++} ++ + + int + main(int argc, char *argv[]) +@@ -892,7 +939,7 @@ main(int argc, char *argv[]) + continue; + } else if (arg[1] == 'I') { + addstring(&includes, " "); +- addstring(&includes, arg); ++ addescapedstring(&includes, arg); + continue; + } else if (arg[1] == 'U' || arg[1] == 'D') { + if (num_cmd_defines < MAX_CMD_DEFINES) { +-- +1.7.1 + diff --git a/xrdb-traditional-cpp.diff b/xrdb-traditional-cpp.diff new file mode 100644 index 0000000..5f09119 --- /dev/null +++ b/xrdb-traditional-cpp.diff @@ -0,0 +1,106 @@ +--- xrdb.c.orig 2010-06-25 12:46:40.000000000 +0200 ++++ xrdb.c 2010-06-25 14:13:12.000000000 +0200 +@@ -142,6 +142,7 @@ + static Display *dpy; + static Buffer buffer; + static Entries newDB; ++static int cpp_option_in_use=0; + + static void fatal(char *, ...); + static void addstring ( String *arg, const char *s ); +@@ -807,6 +808,7 @@ + } else if (isabbreviation ("-cpp", arg, 2)) { + if (++i >= argc) Syntax (); + cpp_program = argv[i]; ++ cpp_option_in_use=1; + continue; + } else if (!strcmp ("-n", arg)) { + dont_execute = True; +@@ -1166,12 +1168,17 @@ + fclose(input); + (void) mktemp(tmpname3); + if((cmd = (char *) +- malloc(strlen(cpp_program) + strlen(includes.val) + ++ malloc(strlen(cpp_program) + strlen(includes.val) + strlen(" -traditional-cpp ") + + 1 + strlen(tmpname2) + 3 + strlen(tmpname3) + 1)) == + NULL) + fatal("%s: Out of memory\n", ProgramName); +- sprintf(cmd, "%s%s %s > %s", cpp_program, includes.val, ++ if (cpp_option_in_use)) { ++ sprintf(cmd, "%s%s %s > %s", cpp_program, includes.val, + tmpname2, tmpname3); ++ } else { ++ sprintf(cmd, "%s -traditional-cpp %s %s > %s", cpp_program, includes.val, ++ tmpname2, tmpname3); ++ } + if (system(cmd) < 0) + fatal("%s: cannot run '%s'\n", ProgramName, cmd); + free(cmd); +@@ -1185,10 +1192,14 @@ + fflush(stdin); + fseek(stdin, 0, 0); + if((cmd = (char *) +- malloc(strlen(cpp_program) + strlen(includes.val) + 1)) == ++ malloc(strlen(cpp_program) + strlen(" -traditional-cpp ") + strlen(includes.val) + 1)) == + NULL) + fatal("%s: Out of memory\n", ProgramName); +- sprintf(cmd, "%s%s", cpp_program, includes.val); ++ if (cpp_option_in_use) { ++ sprintf(cmd, "%s%s", cpp_program, includes.val); ++ } else { ++ sprintf(cmd, "%s -traditional-cpp %s", cpp_program, includes.val); ++ } + if (!(input = popen(cmd, "r"))) + fatal("%s: cannot run '%s'\n", ProgramName, cmd); + free(cmd); +@@ -1203,15 +1214,21 @@ + #ifdef WIN32 + (void) mktemp(tmpname3); + if((cmd = (char *) +- malloc(strlen(cpp_program) + strlen(includes.val) + ++ malloc(strlen(cpp_program) + strlen(" -traditional-cpp ") + strlen(includes.val) + + 1 + strlen(defines.val) + 1 + + strlen(filename ? filename : "") + 3 + + strlen(tmpname3) + 1)) == + NULL) + fatal("%s: Out of memory\n", ProgramName); +- sprintf(cmd, "%s%s %s %s > %s", cpp_program, +- includes.val, defines.val, +- filename ? filename : "", tmpname3); ++ if (cpp_option_in_use) { ++ sprintf(cmd, "%s%s %s %s > %s", cpp_program, ++ includes.val, defines.val, ++ filename ? filename : "", tmpname3); ++ } else { ++ sprintf(cmd, "%s -traditional-cpp %s %s %s > %s", cpp_program, ++ includes.val, defines.val, ++ filename ? filename : "", tmpname3); ++ } + if (system(cmd) < 0) + fatal("%s: cannot run '%s'\n", ProgramName, cmd); + free(cmd); +@@ -1219,14 +1236,20 @@ + fatal("%s: can't open file '%s'\n", ProgramName, tmpname3); + #else + if((cmd = (char *) +- malloc(strlen(cpp_program) + strlen(includes.val) + 1 + ++ malloc(strlen(cpp_program) + strlen(" -traditional-cpp ") + strlen(includes.val) + 1 + + strlen(defines.val) + 1 + + strlen(filename ? filename : "") + 1)) == + NULL) + fatal("%s: Out of memory\n", ProgramName); +- sprintf(cmd, "%s%s %s %s", cpp_program, +- includes.val, defines.val, +- filename ? filename : ""); ++ if (cpp_option_in_use) { ++ sprintf(cmd, "%s%s %s %s", cpp_program, ++ includes.val, defines.val, ++ filename ? filename : ""); ++ } else { ++ sprintf(cmd, "%s -traditional-cpp %s %s %s", cpp_program, ++ includes.val, defines.val, ++ filename ? filename : ""); ++ } + if (!(input = popen(cmd, "r"))) + fatal("%s: cannot run '%s'\n", ProgramName, cmd); + free(cmd); diff --git a/xrdb.changes b/xrdb.changes new file mode 100644 index 0000000..867547a --- /dev/null +++ b/xrdb.changes @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Fri Apr 13 08:46:08 UTC 2012 - vuntz@opensuse.org + +- Split xrdb from xorg-x11. Initial version: 1.0.7. + diff --git a/xrdb.spec b/xrdb.spec new file mode 100644 index 0000000..0697eed --- /dev/null +++ b/xrdb.spec @@ -0,0 +1,61 @@ +# +# spec file for package xrdb +# +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +Name: xrdb +Version: 1.0.7 +Release: 0 +License: MIT +Summary: X server resource database utility +Url: http://xorg.freedesktop.org/ +Group: System/X11/Utilities +Source0: http://xorg.freedesktop.org/releases/individual/app/%{name}-%{version}.tar.bz2 +Patch0: xrdb-traditional-cpp.diff +# PATCH-FIX-UPSTREAM xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch -- Create shell-escape-safe cpp options in the non-pathetic-cpp case, already upstream +Patch1: xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch +BuildRequires: pkg-config +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xmuu) +BuildRequires: pkgconfig(xorg-macros) >= 1.8 +Requires: cpp +# This was part of the xorg-x11 package up to version 7.6 +Conflicts: xorg-x11 <= 7.6 +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Xrdb is used to get or set the contents of the RESOURCE_MANAGER property +on the root window of screen 0, or the SCREEN_RESOURCES property on the +root window of any or all screens, or everything combined. + +%prep +%setup -q +%patch0 -p0 +%patch1 -p1 + +%build +%configure --with-cpp=%{_bindir}/cpp +make %{?_smp_mflags} + +%install +%make_install + +%files +%defattr(-,root,root) +%doc AUTHORS ChangeLog COPYING README +%{_bindir}/xrdb +%{_mandir}/man1/xrdb.1%{?ext_man} + +%changelog