[libXcursor] Update to fix following CVEs:

Peter Hutterer whot at fedoraproject.org
Fri May 24 04:35:14 UTC 2013 

commit b88d86ffd83b9abd83a3ef1bd5eeb4217ef1d61e
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date:   Fri May 24 14:16:58 2013 +1000

    Update to fix following CVEs:
    
    - CVE-2013-2003

 .gitignore           |    1 +
 commitid             |    1 +
 libXcursor.spec      |   26 ++++++++++++++++++++------
 make-git-snapshot.sh |   17 +++++++++++++++++
 sources              |    2 +-
 5 files changed, 40 insertions(+), 7 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 58004dd..c0b1dda 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ libXcursor-1.1.10.tar.bz2
 /libXcursor-1.1.11.tar.bz2
 /libXcursor-1.1.12.tar.bz2
 /libXcursor-1.1.13.tar.bz2
+/libXcursor-20130524.tar.bz2
diff --git a/commitid b/commitid
new file mode 100644
index 0000000..95d4c70
--- /dev/null
+++ b/commitid
@@ -0,0 +1 @@
+8f677eaea05290531d007d1fec2768119926088d
diff --git a/libXcursor.spec b/libXcursor.spec
index d568111..e18c039 100644
--- a/libXcursor.spec
+++ b/libXcursor.spec
@@ -1,12 +1,22 @@
+%global tarball libXcursor
+%global gitdate 20130524
+%global gitversion 8f677eaea
+
 Summary: Cursor management library
 Name: libXcursor
 Version: 1.1.13
-Release: 4%{?dist}
+Release: 5%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://www.x.org
-#VCS: git:git://anongit.freedesktop.org/xorg/lib/libXcursor
-Source0: ftp://ftp.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
+
+%if 0%{?gitdate}
+Source0:    %{tarball}-%{gitdate}.tar.bz2
+Source2:    make-git-snapshot.sh
+Source3:    commitid
+%else
+Source0: http://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2
+%endif
 Source1: index.theme
 
 BuildRequires: autoconf automake libtool
@@ -15,7 +25,7 @@ BuildRequires: xorg-x11-proto-devel
 BuildRequires: libX11-devel
 BuildRequires: libXfixes-devel
 BuildRequires: libXrender-devel >= 0.8.2
-
+BuildRequires: autoconf automake libtool pkgconfig
 
 %description
 This is  a simple library designed to help locate and load cursors.
@@ -32,7 +42,7 @@ Requires: %{name} = %{version}-%{release}
 libXcursor development package.
 
 %prep
-%setup -q
+%setup -q -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}}
 iconv --from=ISO-8859-2 --to=UTF-8 COPYING > COPYING.new && \
 touch -r COPYING COPYING.new && \
 mv COPYING.new COPYING
@@ -68,7 +78,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root,-)
-%doc AUTHORS COPYING README ChangeLog
+%doc AUTHORS COPYING README
 %{_libdir}/libXcursor.so.1
 %{_libdir}/libXcursor.so.1.0.2
 %dir %{_datadir}/icons/default
@@ -87,6 +97,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/Xcursor*.3*
 
 %changelog
+* Fri May 24 2013 Peter Hutterer <peter.hutterer at redhat.com> 1.1.13-3.20130524git8f677eaea
+- Update to fix following CVEs:
+- CVE-2013-2003
+
 * Thu Mar 07 2013 Peter Hutterer <peter.hutterer at redhat.com> - 1.1.13-4
 - autoreconf for aarch64
 
diff --git a/make-git-snapshot.sh b/make-git-snapshot.sh
new file mode 100755
index 0000000..1b3d8d3
--- /dev/null
+++ b/make-git-snapshot.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+DIRNAME=libXcursor-$( date +%Y%m%d )
+
+rm -rf $DIRNAME
+git clone git://git.freedesktop.org/git/xorg/lib/libXcursor $DIRNAME
+cd $DIRNAME
+if [ -z "$1" ]; then
+    git log | head -1
+else
+    git checkout $1
+fi
+git log | head -1 | awk '{ print $2 }' > ../commitid
+git repack -a -d
+cd ..
+tar jcf $DIRNAME.tar.bz2 $DIRNAME
+rm -rf $DIRNAME
diff --git a/sources b/sources
index 162ea3f..8775ed4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-52efa81b7f26c8eda13510a2fba98eea  libXcursor-1.1.13.tar.bz2
+083cc22002078442e508dde7aa647dff  libXcursor-20130524.tar.bz2

More information about the scm-commits mailing list