debian/changelog | 8
debian/patches/001_integer_overflows.diff | 66 ++
debian/patches/series | 1
debian/xsfbs/xsfbs-autoreconf.mk | 150 ++++
debian/xsfbs/xsfbs.mk | 359 +++++++++++
debian/xsfbs/xsfbs.sh | 907 ++++++++++++++++++++++++++++++
6 files changed, 1491 insertions(+)
New commits:
commit 8b2a6af425211e57b980636fc3db3393171eaac5
Author: Julien Cristau <[EMAIL PROTECTED]>
Date: Tue Apr 3 19:46:57 2007 +0200
Grab patch from upstream git to fix security issues
+ CVE-2007-1351: BDFFont Parsing Integer Overflow
+ CVE-2007-1352: fonts.dir File Parsing Integer Overflow
diff --git a/debian/changelog b/debian/changelog
index b1cb663..8a6e7d9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libxfont (1:1.2.2-2) unstable; urgency=high
+
+ * Grab patch from upstream git to fix security issues:
+ + CVE-2007-1351: BDFFont Parsing Integer Overflow
+ + CVE-2007-1352: fonts.dir File Parsing Integer Overflow
+
+ -- Julien Cristau <[EMAIL PROTECTED]> Tue, 03 Apr 2007 19:31:24 +0200
+
libxfont (1:1.2.2-1) unstable; urgency=high
* New upstream version.
diff --git a/debian/patches/001_integer_overflows.diff
b/debian/patches/001_integer_overflows.diff
new file mode 100644
index 0000000..dcf7b04
--- /dev/null
+++ b/debian/patches/001_integer_overflows.diff
@@ -0,0 +1,66 @@
+From e7a59cfb5d442d2965cfcffeff405a4b05591190 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <[EMAIL PROTECTED](none)>
+Date: Tue, 3 Apr 2007 15:45:21 +0200
+Subject: [PATCH] Integer overflow vulnerabilities
+
+CVE-2007-1351: BDFFont Parsing Integer Overflow
+CVE-2007-1352: fonts.dir File Parsing Integer Overflow
+---
+ src/bitmap/bdfread.c | 11 +++++++++++
+ src/fontfile/fontdir.c | 8 ++++++++
+ 2 files changed, 19 insertions(+), 0 deletions(-)
+
+diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
+index acb77e9..a6f0c1e 100644
+--- a/src/bitmap/bdfread.c
++++ b/src/bitmap/bdfread.c
+@@ -65,6 +65,12 @@ from The Open Group.
+ #include <X11/fonts/bitmap.h>
+ #include <X11/fonts/bdfint.h>
+
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(INT32_MAX)
++#define INT32_MAX 0x7fffffff
++#endif
++
+ #define INDICES 256
+ #define MAXENCODING 0xFFFF
+ #define BDFLINELEN 1024
+@@ -288,6 +294,11 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont,
bdfFileState *pState,
+ bdfError("invalid number of CHARS in BDF file\n");
+ return (FALSE);
+ }
++ if (nchars > INT32_MAX / sizeof(CharInfoRec)) {
++ bdfError("Couldn't allocate pCI (%d*%d)\n", nchars,
++ sizeof(CharInfoRec));
++ goto BAILOUT;
++ }
+ ci = (CharInfoPtr) xalloc(nchars * sizeof(CharInfoRec));
+ if (!ci) {
+ bdfError("Couldn't allocate pCI (%d*%d)\n", nchars,
+diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c
+index aae1f2e..cf68a54 100644
+--- a/src/fontfile/fontdir.c
++++ b/src/fontfile/fontdir.c
+@@ -38,9 +38,17 @@ in this Software without prior written authorization from
The Open Group.
+ #include <X11/fonts/fntfilst.h>
+ #include <X11/keysym.h>
+
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(INT32_MAX)
++#define INT32_MAX 0x7fffffff
++#endif
++
+ Bool
+ FontFileInitTable (FontTablePtr table, int size)
+ {
++ if (size < 0 || (size > INT32_MAX/sizeof(FontEntryRec)))
++ return FALSE;
+ if (size)
+ {
+ table->entries = (FontEntryPtr) xalloc(sizeof(FontEntryRec) * size);
+--
+1.5.0.3
+
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..ee01337 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+001_integer_overflows.diff
commit a7a9196ecdf29b49fabd2515608822197e9f0528
Author: Julien Cristau <[EMAIL PROTECTED]>
Date: Tue Apr 3 19:37:24 2007 +0200
Add copy of xsfbs from earlier (pre-git) package.
diff --git a/debian/xsfbs/xsfbs-autoreconf.mk b/debian/xsfbs/xsfbs-autoreconf.mk
new file mode 100644
index 0000000..fc2fe62
--- /dev/null
+++ b/debian/xsfbs/xsfbs-autoreconf.mk
@@ -0,0 +1,150 @@
+#!/usr/bin/make -f
+# $Id: xsfbs-autoreconf.mk 2284 2006-06-06 18:02:50Z branden $
+
+# Automagical conversion of autoreconf results into quilt patches.
+
+# Copyright 2006 Eugene Konev
+#
+# Licensed under the GNU General Public License, version 2. See the file
+# /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>.
+
+# The idea behind this is storing changes produced by autoreconf as a
+# separate patch on quilt stack (on top of stack actually).
+# The only usable target here is 'autoreconf`. Other targets are not
+# supposed to be called directly. DO NOT invoke them, unless you know what
+# you are doing.
+# The autoreconf target will check if files with names in $(RECONF_CHECKFILES)
+# were changed during patching (from upstream version or from previously
+# autoreconfed version) and call actual autoreconfing if they were.
+# The actual autoreconfing target (doautoreconf) WILL FAIL after
+# calling autoreconf and pushing changes into quilt stack by design. It
+# should never be invoked by automatic build process.
+# The proposed use is adding autoreconf into clean's prerequisites before
+# xsfclean like:
+# - clean: xsfclean
+# + clean: autoreconf xsfclean
+# This will ensure it is called when you build package with dpkg-buildpackage.
+
+# This dir will be used for producing diff of autoreconfed tree
+RECONF_DIR := xsfautoreconf
+
+# This files will be checked for changes
+RECONF_CHECKFILES += configure.ac Makefile.am
+
+# This files will not be hardlinked but copied
+RECONF_NOLINKFILES += aclocal.m4
+
+# This files/dirs will be pruned after autoreconf run
+RECONF_PRUNEFILES += autom4te.cache config.h.in~ aclocal.m4~
+
+# Internal target. Never invoke directly.
+stampdir_target+=check.md5sum
+$(STAMP_DIR)/check.md5sum:
+ dh_testdir
+ $(MAKE) -f debian/rules prepare
+ for F in $(RECONF_CHECKFILES); do \
+ find . -wholename ./$(STAMP_DIR) -prune -o -name $$F -print | \
+ LC_ALL=C sort | xargs --no-run-if-empty md5sum >>$@; \
+ done
+
+# Internal target. Never invoke directly.
+$(STAMP_DIR)/clean.md5sum:
+ dh_testdir
+ $(MAKE) -f debian/rules unpatch
+ rm -f $(STAMP_DIR)/check.md5sum
+ $(MAKE) -f debian/rules $(STAMP_DIR)/check.md5sum
+ mv $(STAMP_DIR)/check.md5sum $@
+
+# Internal target. Never invoke directly.
+debian/patches/patched.md5sum:
+ dh_testdir
+ [ -f $(STAMP_DIR)/clean.md5sum ] || \
+ $(MAKE) -f debian/rules $(STAMP_DIR)/clean.md5sum
+
+ $(MAKE) -f debian/rules patch
+ rm -f $(STAMP_DIR)/check.md5sum
+ $(MAKE) -f debian/rules $(STAMP_DIR)/check.md5sum
+ if ! diff $(STAMP_DIR)/clean.md5sum \
+ $(STAMP_DIR)/check.md5sum > /dev/null; then \
+ $(MAKE) -f debian/rules doautoreconf; \
+ else \
+ mv $(STAMP_DIR)/check.md5sum $@; \
+ fi
+
+# Internal target. Never invoke directly.
+,PHONY: doautoreconf
+doautoreconf: patch
+ quilt push -a >>$(STAMP_DIR)/log/autoreconf 2>&1 || true
+ if quilt applied | grep ^autoreconf.diff$$ > /dev/null; then \
+ quilt pop -a >>$(STAMP_DIR)/log/autoreconf 2>&1; \
+ quilt rename -p autoreconf.diff autoreconf-old.diff \
+ >>$(STAMP_DIR)/log/autoreconf 2>&1; \
+ quilt delete autoreconf-old.diff >>$(STAMP_DIR)/log/autoreconf 2>&1; \
+ quilt push -a >>$(STAMP_DIR)/log/autoreconf 2>&1; \
+ fi
+
+ if [ -e $(RECONF_DIR) ]; then \
+ echo "ERROR: $(RECONF_DIR) already exists. Cleanup by hand"; \
+ exit 1; \
+ fi
+
+ mkdir -p $(RECONF_DIR)/before
+ find . -maxdepth 1 -mindepth 1 ! -wholename ./$(RECONF_DIR) \
+ -a ! -wholename ./debian -a ! -wholename ./patches \
+ -a ! -wholename ./.pc -a ! -wholename ./$(STAMP_DIR) | \
+ xargs -i{} cp -al {} $(RECONF_DIR)/before/
+
+ for F in $(RECONF_PRUNEFILES); do \
+ find $(RECONF_DIR)/before -name $$F -print | \
+ xargs --no-run-if-empty rm -r; \
+ done
+
+ cp -al $(RECONF_DIR)/before $(RECONF_DIR)/after
+
+ for F in $(RECONF_NOLINKFILES); do \
+ find . -wholename ./$(RECONF_DIR) -prune -o -wholename ./debian \
+ -prune -o -wholename ./$(STAMP_DIR) -prune -o -name $$F \
+ -print | \
+ xargs --no-run-if-empty -i{} cp --remove-destination {} \
+ $(RECONF_DIR)/after/{}; \
+ done
+
+ cd $(RECONF_DIR)/after && autoreconf -v --install && \
+ for F in $(RECONF_PRUNEFILES); do \
+ find . -name $$F -print | \
+ xargs --no-run-if-empty rm -r; \
+ done
+
+ cd $(RECONF_DIR) && diff -Nru before after > autoreconf.diff || true
+
+ quilt import $(RECONF_DIR)/autoreconf.diff \
+ >>$(STAMP_DIR)/log/autoreconf 2>&1
+
+ mv $(STAMP_DIR)/check.md5sum debian/patches/patched.md5sum
+
+ rm -r $(RECONF_DIR) && rm -f patches/autoreconf-old.diff
+
+ @echo
+ @echo "****************************************************************"
+ @echo " This target is made to fail INTENTIONALLY. It should NEVER "
+ @echo " be invoked during automatic builds. "
+ @echo
+ @echo " This target was invoked because you added/removed/changed "
+ @echo " patches which modify either configure.ac or Makefile.am and, "
+ @echo " thus, require autoreconf run. And all autoreconfing should "
+ @echo " happen before uploading. "
+ @echo
+ @echo " (See also debian/xsfbs/xsfbs-autoreconf.mk) "
+ @echo
+ @echo " If you see this message, autoreconfing actually SUCCEEDED, "
+ @echo " and your build should finish successfully, when rerun. "
+ @echo "****************************************************************"
+ @echo
+ exit 1;
+
+.PHONY: autoreconf
+autoreconf: debian/patches/patched.md5sum patch $(STAMP_DIR)/check.md5sum
+ if ! diff $(STAMP_DIR)/check.md5sum \
+ debian/patches/patched.md5sum > /dev/null; then \
+ $(MAKE) -f debian/rules doautoreconf; \
+ fi
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
new file mode 100644
index 0000000..09a5881
--- /dev/null
+++ b/debian/xsfbs/xsfbs.mk
@@ -0,0 +1,359 @@
+#!/usr/bin/make -f
+# $Id: xsfbs.mk 2284 2006-06-06 18:02:50Z branden $
+
+# Debian rules file for xorg-x11 source package
+
+# Copyright 1996 Stephen Early
+# Copyright 1997 Mark Eichin
+# Copyright 1998-2005 Branden Robinson
+# Copyright 2005 David Nusinow
+#
+# Licensed under the GNU General Public License, version 2. See the file
+# /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>.
+
+# Originally by Stephen Early <[EMAIL PROTECTED]>
+# Modified by Mark W. Eichin <[EMAIL PROTECTED]>
+# Modified by Adam Heath <[EMAIL PROTECTED]>
+# Modified by Branden Robinson <[EMAIL PROTECTED]>
+# Modified by Fabio Massimo Di Nitto <[EMAIL PROTECTED]>
+# Modified by David Nusinow <[EMAIL PROTECTED]>
+# Acknowledgements to Manoj Srivastava.
+
+# Pass $(DH_OPTIONS) into the environment for debhelper's benefit.
+export DH_OPTIONS
+
+# Set up parameters for the upstream build environment.
+
+# Determine (source) package name from Debian changelog.
+SOURCE_NAME:=$(shell dpkg-parsechangelog -ldebian/changelog \
+ | grep '^Source:' | awk '{print $$2}')
+
+# Determine package version from Debian changelog.
+SOURCE_VERSION:=$(shell dpkg-parsechangelog -ldebian/changelog \
+ | grep '^Version:' | awk '{print $$2}')
+
+# Determine upstream version number.
+UPSTREAM_VERSION:=$(shell echo $(SOURCE_VERSION) | sed 's/-.*//')
+
+# Determine the source version without the epoch for make-orig-tar-gz
+NO_EPOCH_VER:=$(shell echo $(UPSTREAM_VERSION) | sed 's/^.://')
+
+# Figure out who's building this package.
+BUILDER:=$(shell echo $${DEBEMAIL:-$${EMAIL:-$$(echo [EMAIL PROTECTED](cat
/etc/mailname 2>/dev/null))}})
+
+# Find out if this is an official build; an official build has nothing but
+# digits, dots, and/or the strings "woody" or "sarge" in the Debian part of the
+# version number. Anything else indicates an unofficial build.
+OFFICIAL_BUILD:=$(shell VERSION=$(SOURCE_VERSION); if ! expr "$$(echo
$${VERSION\#\#*-} | sed 's/\(woody\|sarge\)//g')" : ".*[^0-9.].*" >/dev/null
2>&1; then echo yes; fi)
+
+# Set up parameters for the Debian build environment.
+
+# Determine our architecture.
+BUILD_ARCH:=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
+# Work around some old-time dpkg braindamage.
+BUILD_ARCH:=$(subst i486,i386,$(BUILD_ARCH))
+# The DEB_HOST_ARCH variable may be set per the Debian cross-compilation
policy.
+ifdef DEB_HOST_ARCH
+ ARCH:=$(DEB_HOST_ARCH)
+else
+ # dpkg-cross sets the ARCH environment variable; if set, use it.
+ ifdef ARCH
+ ARCH:=$(ARCH)
+ else
+ ARCH:=$(BUILD_ARCH)
+ endif
+endif
+
+# $(STAMP_DIR) houses stamp files for complex targets.
+STAMP_DIR:=stampdir
+
+# $(SOURCE_DIR) houses one or more source trees.
+SOURCE_DIR:=build-tree
+
+# $(SOURCE_TREE) is the location of the source tree to be compiled. If there
+# is more than one, others are found using this name plus a suffix to indicate
+# the purpose of the additional tree (e.g., $(SOURCE_TREE)-custom). The
+# "setup" target is responsible for creating such trees.
+#SOURCE_TREE:=$(SOURCE_DIR)/xc
+#FIXME We need to define this in our debian/rules file
+
+# $(DEBTREEDIR) is where all install rules are told (via $(DESTDIR)) to place
+# their files.
+DEBTREEDIR:=$(CURDIR)/debian/tmp
+
+# All "important" targets have four lines:
+# 1) A target name that is invoked by a package-building tool or the user.
+# This consists of a dependency on a "$(STAMP_DIR)/"-prefixed counterpart.
+# 2) A line delcaring 1) as a phony target (".PHONY:").
+# 3) A "$(STAMP_DIR)/"-prefixed target which does the actual work, and may
+# depend on other targets.
+# 4) A line declaring 3) as a member of the $(stampdir_targets) variable; the
+# "$(STAMP_DIR)/" prefix is omitted.
+#
+# This indirection is needed so that the "stamp" files that signify when a rule
+# is done can be located in a separate "stampdir". Recall that make has no way
+# to know when a goal has been met for a phony target (like "build" or
+# "install").
+#
+# At the end of each "$(STAMP_DIR)/" target, be sure to run the command ">$@"
+# so that the target will not be run again. Removing the file will make Make
+# run the target over.
+
+# All phony targets should be declared as dependencies of .PHONY, even if they
+# do not have "($STAMP_DIR)/"-prefixed counterparts.
+
+# Define a harmless default rule to keep things from going nuts by accident.
+.PHONY: default
+default:
+
+# Set up the $(STAMP_DIR) directory.
+.PHONY: stampdir
+stampdir_targets+=stampdir
+stampdir: $(STAMP_DIR)/stampdir
+$(STAMP_DIR)/stampdir:
+ mkdir $(STAMP_DIR)
+ >$@
+
+# Set up the package build directory as quilt expects to find it.
+.PHONY: prepare
+stampdir_targets+=prepare
+prepare: $(STAMP_DIR)/genscripts $(STAMP_DIR)/prepare $(STAMP_DIR)/patches
$(STAMP_DIR)/log
+$(STAMP_DIR)/prepare: $(STAMP_DIR)/stampdir
+ if [ ! -e $(STAMP_DIR)/patches ]; then \
+ mkdir $(STAMP_DIR)/patches; \
+ ln -s $(STAMP_DIR)/patches .pc; \
+ echo 2 >$(STAMP_DIR)/patches/.version; \
+ fi; \
+ if [ ! -e $(STAMP_DIR)/log ]; then \
+ mkdir $(STAMP_DIR)/log; \
+ fi; \
+ if [ ! -e patches ]; then \
+ ln -s debian/patches patches; \
+ fi; \
+ >$@
+
+# Apply all patches to the upstream source.
+.PHONY: patch
+stampdir_targets+=patch
+patch: $(STAMP_DIR)/patch
+$(STAMP_DIR)/patch: $(STAMP_DIR)/prepare
+ if ! [ `which quilt` ]; then \
+ echo "Couldn't find quilt. Please install it or add it to the
build-depends for this package."; \
+ exit 1; \
+ fi; \
+ if quilt next; then \
+ echo -n "Applying patches..."; \
+ if quilt push -a -v >$(STAMP_DIR)/log/patch 2>&1; then \
+ echo "successful."; \
+ else \
+ echo "failed! (check $(STAMP_DIR)/log/patch for details)"; \
+ exit 1; \
+ fi; \
+ else \
+ echo "No patches to apply"; \
+ fi; \
+ >$@
+
+# Revert all patches to the upstream source.
+.PHONY: unpatch
+unpatch:
+ rm -f $(STAMP_DIR)/patch
+ @echo -n "Unapplying patches..."; \
+ if [ -e $(STAMP_DIR)/patches/applied-patches ]; then \
+ if quilt pop -a -v >$(STAMP_DIR)/log/unpatch 2>&1; then \
+ echo "successful."; \
+ else \
+ echo "failed! (check $(STAMP_DIR)/log/unpatch for details)"; \
+ exit 1; \
+ fi; \
+ else \
+ echo "nothing to do."; \
+ fi
+
+# Clean the generated maintainer scripts.
+.PHONY: cleanscripts
+cleanscripts:
+ rm -f $(STAMP_DIR)/genscripts
+ rm -f debian/*.config \
+ debian/*.postinst \
+ debian/*.postrm \
+ debian/*.preinst \
+ debian/*.prerm
+
+# Clean the package build tree.
+.PHONY: xsfclean
+xsfclean: cleanscripts unpatch
+ dh_testdir
+ rm -f .pc patches
+ rm -rf $(STAMP_DIR) $(SOURCE_DIR)
+ rm -rf imports
+ dh_clean debian/shlibs.local \
+ debian/MANIFEST.$(ARCH) debian/MANIFEST.$(ARCH).new \
+ debian/po/pothead
+
+# Generate the debconf templates POT file header.
+debian/po/pothead: debian/po/pothead.in
+ sed -e 's/SOURCE_VERSION/$(SOURCE_VERSION)/' \
+ -e 's/DATE/$(shell date "+%F %X%z"/)' <$< >$@
+
+# Update POT and PO files.
+.PHONY: updatepo
+updatepo: debian/po/pothead
+ debian/scripts/debconf-updatepo --pot-header=pothead --verbose
+
+# Use the MANIFEST files to determine whether we're shipping everything we
+# expect to ship, and not shipping anything we don't expect to ship.
+.PHONY: check-manifest
+stampdir_targets+=check-manifest
+check-manifest: $(STAMP_DIR)/check-manifest
+$(STAMP_DIR)/check-manifest: $(STAMP_DIR)/install
+ # Compare manifests.
+ (cd debian/tmp && find -type f | LC_ALL=C sort | cut -c3-) \
+ >debian/MANIFEST.$(ARCH).new
+ # Construct MANIFEST files from MANIFEST.$(ARCH).in and
+ # MANIFEST.$(ARCH).all or MANIFEST.all.
+ if expr "$(findstring -DBuildFonts=NO,$(IMAKE_DEFINES))" \
+ : "-DBuildFonts=NO" >/dev/null 2>&1; then \
+ LC_ALL=C sort -u debian/MANIFEST.$(ARCH).in >debian/MANIFEST.$(ARCH);
\
+ else \
+ if [ -e debian/MANIFEST.$(ARCH).all ]; then \
+ LC_ALL=C sort -u debian/MANIFEST.$(ARCH).in
debian/MANIFEST.$(ARCH).all >debian/MANIFEST.$(ARCH); \
+ else \
+ LC_ALL=C sort -u debian/MANIFEST.$(ARCH).in debian/MANIFEST.all
>debian/MANIFEST.$(ARCH); \
+ fi; \
+ fi
+ # Confirm that the installed file list has not changed.
+ if [ -e debian/MANIFEST.$(ARCH) ]; then \
+ if ! cmp -s debian/MANIFEST.$(ARCH) debian/MANIFEST.$(ARCH).new; then
\
+ diff -U 0 debian/MANIFEST.$(ARCH) debian/MANIFEST.$(ARCH).new ||
DIFFSTATUS=$$?; \
+ case $${DIFFSTATUS:-0} in \
+ 0) ;; \
+ 1) if [ -n "$$IGNORE_MANIFEST_CHANGES" ]; then \
+ echo 'MANIFEST check failed; ignoring problem because
\$$IGNORE_MANIFEST_CHANGES set' >&2; \
+ echo 'Please ensure that the package maintainer has an
up-to-date version of the' >&2; \
+ echo 'MANIFEST.$(ARCH).in file.' >&2; \
+ else \
+ echo 'MANIFEST check failed; please see debian/README' >&2; \
+ exit 1; \
+ fi; \
+ ;; \
+ *) echo "diff reported unexpected exit status $$DIFFSTATUS when
performing MANIFEST check" >&2; \
+ exit 1; \
+ ;; \
+ esac; \
+ fi; \
+ fi
+ >$@
+
+# Because we build (and install) different files depending on whether or not
+# any architecture-independent packages are being created, the list of files we
+# expect to see will differ; see the discussion of the "build" target above.
+.PHONY: check-manifest-arch check-manifest-indep
+check-manifest-arch: IMAKE_DEFINES+= -DBuildSpecsDocs=NO -DBuildFonts=NO
-DInstallHardcopyDocs=NO
+check-manifest-arch: check-manifest
+check-manifest-indep: check-manifest
+
+# Remove files from the upstream source tree that we don't need, or which have
+# licensing problems. It must be run before creating the .orig.tar.gz.
+#
+# Note: This rule is for Debian package maintainers' convenience, and is not
+# needed for conventional build scenarios.
+.PHONY: prune-upstream-tree
+prune-upstream-tree:
+ # Ensure we're in the correct directory.
+ dh_testdir
+ grep -rvh '^#' debian/prune/ | xargs --no-run-if-empty rm -rf
+
+# Change to what should be the correct directory, ensure it is, and if
+# so, create the .orig.tar.gz file. Exclude the debian directory and its
+# contents, and any .svn directories and their contents (so that we can safely
+# build an .orig.tar.gz from SVN checkout, not just an export).
+#
+# Note: This rule is for Debian package maintainers' convenience, and is not
+# needed for conventional build scenarios.
+#
+# This rule *IS* the recommended method for creating a new .orig.tar.gz file,
+# for the rare situations when one is needed.
+.PHONY: make-orig-tar-gz
+make-orig-tar-gz: clean prune-upstream-tree
+ ( cd .. \
+ && if [ $(shell basename $(CURDIR)) != $(SOURCE_NAME)-$(NO_EPOCH_VER)
]; then \
+ echo "Our current working directory has the wrong name.
Renaming..." >&2; \
+ mv $(CURDIR) $(SOURCE_NAME)-$(NO_EPOCH_VER); \
+ fi; \
+ tar --exclude=debian --exclude=debian/* \
+ --exclude=.svn --exclude=.svn/* \
+ -cf - $(SOURCE_NAME)-$(NO_EPOCH_VER) \
+ | gzip -9 >$(SOURCE_NAME)_$(NO_EPOCH_VER).orig.tar.gz; \
+ )
+
+# Verify that there are no offsets or fuzz in the patches we apply.
+#
+# Note: This rule is for Debian package maintainers' convenience, and is not
+# needed for conventional build scenarios.
+.PHONY: patch-audit
+patch-audit: prepare unpatch
+ @echo -n "Auditing patches..."; \
+ >$(STAMP_DIR)/log/patch; \
+ FUZZY=; \
+ while [ -n "$$(quilt next)" ]; do \
+ RESULT=$$(quilt push -v | tee -a $(STAMP_DIR)/log/patch | grep ^Hunk
| sed 's/^Hunk.*\(succeeded\|FAILED\).*/\1/');\
+ case "$$RESULT" in \
+ succeeded) \
+ echo "fuzzy patch: $$(quilt top)" \
+ | tee -a $(STAMP_DIR)/log/$$(quilt top); \
+ FUZZY=yes; \
+ ;; \
+ FAILED) \
+ echo "broken patch: $$(quilt next)" \
+ | tee -a $(STAMP_DIR)/log/$$(quilt next); \
+ exit 1; \
+ ;; \
+ esac; \
+ done; \
+ if [ -n "$$FUZZY" ]; then \
+ echo "there were fuzzy patches; please fix."; \
+ exit 1; \
+ else \
+ echo "done."; \
+ fi
+
+# Generate the maintainer scripts.
+.PHONY: genscripts
+stampdir_targets+=genscripts
+genscripts: $(STAMP_DIR)/genscripts
+$(STAMP_DIR)/genscripts: $(STAMP_DIR)/stampdir
+ for FILE in debian/*.config.in \
+ debian/*.postinst.in \
+ debian/*.postrm.in \
+ debian/*.preinst.in \
+ debian/*.prerm.in; do \
+ if [ -e "$$FILE" ]; then \
+ MAINTSCRIPT=$$(echo $$FILE | sed 's/.in$$//'); \
+ sed -n '1,/^#INCLUDE_SHELL_LIB#$$/p' <$$FILE \
+ | sed -e '/^#INCLUDE_SHELL_LIB#$$/d' >$$MAINTSCRIPT.tmp; \
+ cat debian/xsfbs/xsfbs.sh >>$$MAINTSCRIPT.tmp; \
+ sed -n '/^#INCLUDE_SHELL_LIB#$$/,$$p' <$$FILE \
+ | sed -e '/^#INCLUDE_SHELL_LIB#$$/d' >>$$MAINTSCRIPT.tmp; \
+ sed -e 's/@SOURCE_VERSION@/$(SOURCE_VERSION)/' \
+ -e 's/@OFFICIAL_BUILD@/$(OFFICIAL_BUILD)/' \
+ -e 's/@DEFAULT_DCRESOLUTIONS@/$(DEFAULT_DCRESOLUTIONS)/' \
+ <$$MAINTSCRIPT.tmp >$$MAINTSCRIPT; \
+ rm $$MAINTSCRIPT.tmp; \
+ fi; \
+ done
+ # Validate syntax of generated shell scripts.
+ #sh debian/scripts/validate-posix-sh debian/*.config \
+ # debian/*.postinst \
+ # debian/*.postrm \
+ # debian/*.preinst \
+ # debian/*.prerm
+ >$@
+
+# Generate the shlibs.local file.
+debian/shlibs.local:
+ cat debian/*.shlibs >$@
+
+include debian/xsfbs/xsfbs-autoreconf.mk
+
+# vim:set noet ai sts=8 sw=8 tw=0:
diff --git a/debian/xsfbs/xsfbs.sh b/debian/xsfbs/xsfbs.sh
new file mode 100644
index 0000000..bb40f37
--- /dev/null
+++ b/debian/xsfbs/xsfbs.sh
@@ -0,0 +1,907 @@
+# $Id: xsfbs.sh 2888 2006-08-22 03:04:13Z dnusinow $
+
+# This is the X Strike Force shell library for X Window System package
+# maintainer scripts. It serves to define shell functions commonly used by
+# such packages, and performs some error checking necessary for proper
operation
+# of those functions. By itself, it does not "do" much; the maintainer scripts
+# invoke the functions defined here to accomplish package installation and
+# removal tasks.
+
+# If you are reading this within a Debian package maintainer script (e.g.,
+# /var/lib/dpkg)info/PACKAGE.{config,preinst,postinst,prerm,postrm}), you can
+# skip past this library by scanning forward in this file to the string
+# "GOBSTOPPER".
+
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
+
+# Use special abnormal exit codes so that problems with this library are more
+# easily tracked down.
+SHELL_LIB_INTERNAL_ERROR=86
+SHELL_LIB_THROWN_ERROR=74
+SHELL_LIB_USAGE_ERROR=99
+
+# old -> new variable names
+if [ -z "$DEBUG_XORG_PACKAGE" ] && [ -n "$DEBUG_XFREE86_PACKAGE" ]; then
+ DEBUG_XORG_PACKAGE="$DEBUG_XFREE86_PACKAGE"
+fi
+if [ -z "$DEBUG_XORG_DEBCONF" ] && [ -n "$DEBUG_XFREE86_DEBCONF" ]; then
+ DEBUG_XORG_DEBCONF="$DEBUG_XFREE86_DEBCONF"
+fi
+
+# initial sanity checks
+if [ -z "$THIS_PACKAGE" ]; then
+ cat >&2 <<EOF
+Error: package maintainer script attempted to use shell library without
+definining \$THIS_PACKAGE shell variable. Please report the package name,
+version, and the text of this error message to the Debian Bug Tracking System.
+Visit <http://www.debian.org/Bugs/Reporting> on the World Wide Web for
+instructions, read the file /usr/share/doc/debian/bug-reporting.txt from the
+"doc-debian" package, or install the "reportbug" package and use the command of
+the same name to file a report against version $SOURCE_VERSION of this package.
+EOF
+ exit $SHELL_LIB_USAGE_ERROR
+fi
+
+if [ -z "$THIS_SCRIPT" ]; then
+ cat >&2 <<EOF
+Error: package maintainer script attempted to use shell library without
+definining \$THIS_SCRIPT shell variable. Please report the package name,
+version, and the text of this error message to the Debian Bug Tracking System.
+Visit <http://www.debian.org/Bugs/Reporting> on the World Wide Web for
+instructions, read the file /usr/share/doc/debian/bug-reporting.txt from the
+"doc-debian" package, or install the "reportbug" package and use the command of
+the same name to file a report against version $SOURCE_VERSION of the
+"$THIS_PACKAGE" package.
+EOF
+ exit $SHELL_LIB_USAGE_ERROR
+fi
+
+ARCHITECTURE="$(dpkg --print-installation-architecture)"
+
+LAPTOP=""
+if [ -n "$(which laptop-detect)" ]; then
+ if laptop-detect >/dev/null; then
+ LAPTOP=true
+ fi
+fi
+
+if [ "$1" = "reconfigure" ] || [ -n "$DEBCONF_RECONFIGURE" ]; then
+ RECONFIGURE="true"
+else
+ RECONFIGURE=
+fi
+
+if ([ "$1" = "install" ] || [ "$1" = "configure" ]) && [ -z "$2" ]; then
+ FIRSTINST="yes"
+fi
+
+if [ -z "$RECONFIGURE" ] && [ -z "$FIRSTINST" ]; then
+ UPGRADE="yes"
+fi
+
+trap "message;\
+ message \"Received signal. Aborting $THIS_PACKAGE package $THIS_SCRIPT
script.\";\
+ message;\
+ exit 1" HUP INT QUIT TERM
+
+reject_nondigits () {
+ # syntax: reject_nondigits [ operand ... ]
+ #
+ # scan operands (typically shell variables whose values cannot be trusted)
for
+ # characters other than decimal digits and barf if any are found
+ while [ -n "$1" ]; do
+ # does the operand contain anything but digits?
+ if ! expr "$1" : "[[:digit:]]\+$" > /dev/null 2>&1; then
+ # can't use die(), because it wraps message() which wraps this function
+ echo "$THIS_PACKAGE $THIS_SCRIPT error: reject_nondigits() encountered" \
+ "possibly malicious garbage \"$1\"" >&2
+ exit $SHELL_LIB_THROWN_ERROR
+ fi
+ shift
+ done
+}
+
+reject_whitespace () {
+ # syntax: reject_whitespace [ operand ]
+ #
+ # scan operand (typically a shell variable whose value cannot be trusted) for
+ # whitespace characters and barf if any are found
+ if [ -n "$1" ]; then
+ # does the operand contain any whitespace?
+ if expr "$1" : "[[:space:]]" > /dev/null 2>&1; then
+ # can't use die(), because I want to avoid forward references
+ echo "$THIS_PACKAGE $THIS_SCRIPT error: reject_whitespace() encountered"
\
+ "possibly malicious garbage \"$1\"" >&2
+ exit $SHELL_LIB_THROWN_ERROR
+ fi
+ fi
+}
+
+reject_unlikely_path_chars () {
+ # syntax: reject_unlikely_path_chars [ operand ... ]
+ #
+ # scan operands (typically shell variables whose values cannot be trusted)
for
+ # characters unlikely to be seen in a path and which the shell might
+ # interpret and barf if any are found
+ while [ -n "$1" ]; do
+ # does the operand contain any funny characters?
+ if expr "$1" : '.*[!$&()*;<>?|].*' > /dev/null 2>&1; then
+ # can't use die(), because I want to avoid forward references
+ echo "$THIS_PACKAGE $THIS_SCRIPT error: reject_unlikely_path_chars()" \
+ "encountered possibly malicious garbage \"$1\"" >&2
+ exit $SHELL_LIB_THROWN_ERROR
+ fi
+ shift
+ done
+}
+
+# Query the terminal to establish a default number of columns to use for
+# displaying messages to the user. This is used only as a fallback in the
+# event the COLUMNS variable is not set. ($COLUMNS can react to SIGWINCH while
+# the script is running, and this cannot, only being calculated once.)
+DEFCOLUMNS=$(stty size 2> /dev/null | awk '{print $2}') || true
+if ! expr "$DEFCOLUMNS" : "[[:digit:]]\+$" > /dev/null 2>&1; then
+ DEFCOLUMNS=80
+fi
+
+message () {
+ # pretty-print messages of arbitrary length
+ reject_nondigits "$COLUMNS"
+ echo "$*" | fmt -t -w ${COLUMNS:-$DEFCOLUMNS} >&2
+}
+
+observe () {
+ # syntax: observe message ...
+ #
+ # issue observational message suitable for logging someday when support for
+ # it exists in dpkg
+ if [ -n "$DEBUG_XORG_PACKAGE" ]; then
+ message "$THIS_PACKAGE $THIS_SCRIPT note: $*"
+ fi
+}
+
+warn () {
+ # syntax: warn message ...
+ #
+ # issue warning message suitable for logging someday when support for
+ # it exists in dpkg; also send to standard error
+ message "$THIS_PACKAGE $THIS_SCRIPT warning: $*"
+}
+
+die () {
+ # syntax: die message ...
+ #
+ # exit script with error message
+ message "$THIS_PACKAGE $THIS_SCRIPT error: $*"
+ exit $SHELL_LIB_THROWN_ERROR
+}
+
+internal_error () {
+ # exit script with error; essentially a "THIS SHOULD NEVER HAPPEN" message
+ message "internal error: $*"
+ if [ -n "$OFFICIAL_BUILD" ]; then
+ message "Please report a bug in the $THIS_SCRIPT script of the" \
+ "$THIS_PACKAGE package, version $SOURCE_VERSION to the Debian Bug"
\
+ "Tracking System. Include all messages above that mention the" \
+ "$THIS_PACKAGE package. Visit " \
+ "<http://www.debian.org/Bugs/Reporting> on the World Wide Web for"
\
+ "instructions, read the file" \
+ "/usr/share/doc/debian/bug-reporting.txt from the doc-debian" \
+ "package, or install the reportbug package and use the command of"
\
+ "the same name to file a report."
+ fi
+ exit $SHELL_LIB_INTERNAL_ERROR
+}
+
+usage_error () {
+ message "usage error: $*"
+ message "Please report a bug in the $THIS_SCRIPT script of the" \
+ "$THIS_PACKAGE package, version $SOURCE_VERSION to the Debian Bug" \
+ "Tracking System. Include all messages above that mention the" \
+ "$THIS_PACKAGE package. Visit " \
+ "<http://www.debian.org/Bugs/Reporting> on the World Wide Web for" \
+ "instructions, read the file" \
+ "/usr/share/doc/debian/bug-reporting.txt from the doc-debian" \
+ "package, or install the reportbug package and use the command of" \
+ "the same name to file a report."
+ exit $SHELL_LIB_USAGE_ERROR
+}
+
+
+maplink () {
+ # returns what symlink should point to; i.e., what the "sane" answer is
+ # Keep this in sync with the debian/*.links files.
+ # This is only needed for symlinks to directories.
+ #
+ # XXX: Most of these look wrong in the X11R7 world and need to be fixed.
+ # If we've stopped using this function, fixing it might enable us to
re-enable
+ # it again and catch more errors.
+ case "$1" in
+ /etc/X11/xkb/compiled) echo /var/lib/xkb ;;
+ /etc/X11/xkb/xkbcomp) echo /usr/X11R6/bin/xkbcomp ;;
+ /usr/X11R6/lib/X11/app-defaults) echo /etc/X11/app-defaults ;;
+ /usr/X11R6/lib/X11/fs) echo /etc/X11/fs ;;
+ /usr/X11R6/lib/X11/lbxproxy) echo /etc/X11/lbxproxy ;;
+ /usr/X11R6/lib/X11/proxymngr) echo /etc/X11/proxymngr ;;
+ /usr/X11R6/lib/X11/rstart) echo /etc/X11/rstart ;;
+ /usr/X11R6/lib/X11/twm) echo /etc/X11/twm ;;
+ /usr/X11R6/lib/X11/xdm) echo /etc/X11/xdm ;;
+ /usr/X11R6/lib/X11/xinit) echo /etc/X11/xinit ;;
+ /usr/X11R6/lib/X11/xkb) echo /etc/X11/xkb ;;
+ /usr/X11R6/lib/X11/xserver) echo /etc/X11/xserver ;;
+ /usr/X11R6/lib/X11/xsm) echo /etc/X11/xsm ;;
+ /usr/bin/X11) echo ../X11R6/bin ;;
+ /usr/bin/rstartd) echo ../X11R6/bin/rstartd ;;
+ /usr/include/X11) echo ../X11R6/include/X11 ;;
+ /usr/lib/X11) echo ../X11R6/lib/X11 ;;
+ *) internal_error "maplink() called with unknown path \"$1\"" ;;
+ esac
+}
+
+analyze_path () {
+ # given a supplied set of pathnames, break each one up by directory and do an
+ # ls -dl on each component, cumulatively; i.e.
+ # analyze_path /usr/X11R6/bin -> ls -dl /usr /usr/X11R6 /usr/X11R6/bin
+ # Thanks to Randolph Chung for this clever hack.
+
+ #local f g
+
+ while [ -n "$1" ]; do
+ reject_whitespace "$1"
+ _g=
+ message "Analyzing $1:"
+ for _f in $(echo "$1" | tr / \ ); do
+ if [ -e /$_g$_f ]; then
+ ls -dl /$_g$_f /$_g$_f.dpkg-* 2> /dev/null || true
+ _g=$_g$_f/
+ else
+ message "/$_g$_f: nonexistent; directory contents of /$_g:"
+ ls -l /$_g
+ break
+ fi
+ done
+ shift
+ done
+}
+
+find_culprits () {
+ #local f p dpkg_info_dir possible_culprits smoking_guns bad_packages package
\
+ # msg
+
+ reject_whitespace "$1"
+ message "Searching for overlapping packages..."
+ _dpkg_info_dir=/var/lib/dpkg/info
+ if [ -d $_dpkg_info_dir ]; then
+ if [ "$(echo $_dpkg_info_dir/*.list)" != "$_dpkg_info_dir/*.list" ]; then
+ _possible_culprits=$(ls -1 $_dpkg_info_dir/*.list | egrep -v \
+ "(xbase-clients|x11-common|xfs|xlibs)")
+ if [ -n "$_possible_culprits" ]; then
+ _smoking_guns=$(grep -l "$1" $_possible_culprits || true)
+ if [ -n "$_smoking_guns" ]; then
+ _bad_packages=$(printf "\\n")
+ for f in $_smoking_guns; do
+ # too bad you can't nest parameter expansion voodoo
+ p=${f%*.list} # strip off the trailing ".list"
+ _package=${p##*/} # strip off the directories
+ _bad_packages=$(printf "%s\n%s" "$_bad_packages" "$_package")
+ done
+ _msg=$(cat <<EOF
+The following packages appear to have file overlaps with the X.Org packages;
+these packages are either very old, or in violation of Debian Policy. Try
+upgrading each of these packages to the latest available version if possible:
+for example, with the command "apt-get install". If no newer version of a
+package is available, you will have to remove it; for example, with the command
+"apt-get remove". If even the latest available version of the package has
+this file overlap, please file a bug against that package with the Debian Bug
+Tracking System. You may want to refer the package maintainer to section 12.8
+of the Debian Policy manual.
+EOF
+)
+ message "$_msg"
+ message "The overlapping packages are: $_bad_packages"
+ else
+ message "no overlaps found."
+ fi
+ fi
+ else
+ message "cannot search; no matches for $_dpkg_info_dir/*.list."
+ fi
+ else
+ message "cannot search; $_dpkg_info_dir does not exist."
+ fi
+}
+
+# we require a readlink command or shell function
+if ! which readlink > /dev/null 2>&1; then
+ message "The readlink command was not found. Please install version" \
+ "1.13.1 or later of the debianutils package."
+ readlink () {
+ # returns what symlink in $1 actually points to
+ perl -e '$l = shift; exit 1 unless -l $l; $r = readlink $l; exit 1 unless
$r; print "$r\n"' "$1"
+ }
+fi
+
+check_symlink () {
+ # syntax: check_symlink symlink
+ #
+ # See if specified symlink points where it is supposed to. Return 0 if it
+ # does, and 1 if it does not.
+ #
+ # Primarily used by check_symlinks_and_warn() and check_symlinks_and_bomb().
+
+ #local symlink
+
+ # validate arguments
+ if [ $# -ne 1 ]; then
+ usage_error "check_symlink() called with wrong number of arguments;" \
+ "expected 1, got $#"
+ exit $SHELL_LIB_USAGE_ERROR
+ fi
+
+ _symlink="$1"
+
+ if [ "$(maplink "$_symlink")" = "$(readlink "$_symlink")" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+check_symlinks_and_warn () {
+ # syntax: check_symlinks_and_warn symlink ...
+ #
+ # For each argument, check for symlink sanity, and warn if it isn't sane.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
