main/libxp: fix CVE-2013-2062

ref #1931
fixes #1955

(cherry picked from commit 596f76568714ab83fed8fef00c69f6493e6996e3)
(cherry picked from commit 04fca7445c2068e588b79b32e01639ef1a0de1b6)

7 files changed, 447 insertions, 5 deletions

diff --git a/main/libxp/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch b/main/libxp/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
new file mode 100644
index 00000000000..410a7da0330
--- /dev/null
+++ b/main/libxp/0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
@@ -0,0 +1,36 @@
+From 41aab7d289aba2aaf3839e96d0c9e2f15ede4bd1 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 18 Jan 2013 23:03:57 -0800
+Subject: [PATCH 1/5] Replace deprecated Automake INCLUDES variable with
+ AM_CPPFLAGS
+
+Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
+
+  - Support for the long-deprecated INCLUDES variable will be removed
+    altogether in Automake 1.14.  The AM_CPPFLAGS variable should be
+    used instead.
+
+This variable was deprecated in Automake releases prior to 1.10, which is
+the current minimum level required to build X.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 3ca2659..f42b633 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -24,7 +24,7 @@ libXp_la_LIBADD = $(XPRINT_LIBS)
+ 
+ AM_CFLAGS = $(CWARNFLAGS) $(XPRINT_CFLAGS) $(MALLOC_ZERO_CFLAGS)
+ 
+-INCLUDES = -I$(top_srcdir)/include/X11/extensions
++AM_CPPFLAGS = -I$(top_srcdir)/include/X11/extensions
+ 
+ #
+ # Library version number. This must match old versions on
+-- 
+1.8.2.3
+
diff --git a/main/libxp/0001-Stop-trying-to-use-NULL-for-Status-values.patch b/main/libxp/0001-Stop-trying-to-use-NULL-for-Status-values.patch
new file mode 100644
index 00000000000..d8c6057f4c2
--- /dev/null
+++ b/main/libxp/0001-Stop-trying-to-use-NULL-for-Status-values.patch
@@ -0,0 +1,50 @@
+From 776e739b1690c7de11e50e2ae2a77d98bd69a3d6 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed, 23 May 2012 21:48:59 -0700
+Subject: [PATCH] Stop trying to use NULL for Status values
+
+Fixes gcc errors in 64-bit builds:
+XpNotifyPdm.c: In function 'XpGetPdmStartParams':
+XpNotifyPdm.c:234:10: error: cast from pointer to integer of different size
+XpNotifyPdm.c:271:10: error: cast from pointer to integer of different size
+XpNotifyPdm.c:286:10: error: cast from pointer to integer of different size
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/XpNotifyPdm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/XpNotifyPdm.c b/src/XpNotifyPdm.c
+index c1ceb8e..579923c 100644
+--- a/src/XpNotifyPdm.c
++++ b/src/XpNotifyPdm.c
+@@ -231,7 +231,7 @@ XpGetPdmStartParams (
+ 	/*
+ 	 * Error - cannot determine or establish a selection_display.
+ 	 */
+-	return( (Status) NULL );
++	return( (Status) 0 );
+     }
+ 
+     /*
+@@ -268,7 +268,7 @@ XpGetPdmStartParams (
+ 	    XCloseDisplay( *selection_display );
+ 	    *selection_display = (Display *) NULL;
+ 	}
+-	return( (Status) NULL );
++	return( (Status) 0 );
+     }
+ 
+     status = XmbTextListToTextProperty( *selection_display, list, 6,
+@@ -283,7 +283,7 @@ XpGetPdmStartParams (
+ 	    XCloseDisplay( *selection_display );
+ 	    *selection_display = (Display *) NULL;
+ 	}
+-	return( (Status) NULL );
++	return( (Status) 0 );
+     }
+ 
+     *type              = text_prop.encoding;
+-- 
+1.8.2.3
+
diff --git a/main/libxp/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch b/main/libxp/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
new file mode 100644
index 00000000000..fa61ef587f8
--- /dev/null
+++ b/main/libxp/0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
@@ -0,0 +1,59 @@
+From 15ec6d1d0bb8c4cb24a190ed34e63312a0623670 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 3 May 2013 22:30:36 -0700
+Subject: [PATCH 2/5] Use _XEatDataWords to avoid overflow of rep.length bit
+ shifting
+
+rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ configure.ac    |  6 ++++++
+ src/XpExtUtil.h | 14 ++++++++++++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 50b029c..16b966c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -45,6 +45,12 @@ AC_PROG_LIBTOOL
+ # Check for X and print proto
+ PKG_CHECK_MODULES(XPRINT, x11 xext xextproto xau printproto)
+ 
++# Check for _XEatDataWords function that may be patched into older Xlib release
++SAVE_LIBS="$LIBS"
++LIBS="$XPRINT_LIBS"
++AC_CHECK_FUNCS([_XEatDataWords])
++LIBS="$SAVE_LIBS"
++
+ AC_CONFIG_FILES([Makefile
+ 		 src/Makefile
+ 		 man/Makefile
+diff --git a/src/XpExtUtil.h b/src/XpExtUtil.h
+index d479a95..1889825 100644
+--- a/src/XpExtUtil.h
++++ b/src/XpExtUtil.h
+@@ -48,6 +48,20 @@ extern char *_xpstrdup(
+     const char * /* str */
+ );
+ 
++#ifndef HAVE__XEATDATAWORDS
++#include <X11/Xmd.h>  /* for LONG64 on 64-bit platforms */
++#include <limits.h>
++
++static inline void _XEatDataWords(Display *dpy, unsigned long n)
++{
++# ifndef LONG64
++    if (n >= (ULONG_MAX >> 2))
++        _XIOError(dpy);
++# endif
++    _XEatData (dpy, n << 2);
++}
++#endif
++
+ _XFUNCPROTOEND
+ 
+ #endif /* _XPEXTUTIL_H */
+-- 
+1.8.2.3
+
diff --git a/main/libxp/0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch b/main/libxp/0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
new file mode 100644
index 00000000000..e510b705e09
--- /dev/null
+++ b/main/libxp/0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
@@ -0,0 +1,86 @@
+From babb1fc823ab3be192c48fe115feeb0d57f74d05 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 26 Apr 2013 23:59:25 -0700
+Subject: [PATCH 3/5] integer overflow in XpGetAttributes & XpGetOneAttribute
+ [CVE-2013-2062 1/3]
+
+stringLen & valueLen are CARD32s and need to be bounds checked before adding
+one to them to come up with the total size to allocate, to avoid integer
+overflow leading to underallocation and writing data from the network past
+the end of the allocated buffer.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/XpAttr.c | 36 +++++++++++++++++++-----------------
+ 1 file changed, 19 insertions(+), 17 deletions(-)
+
+diff --git a/src/XpAttr.c b/src/XpAttr.c
+index 6818daf..665e2e8 100644
+--- a/src/XpAttr.c
++++ b/src/XpAttr.c
+@@ -48,6 +48,7 @@
+ 
+ #include <stdio.h>
+ #include <sys/stat.h>
++#include <limits.h>
+ 
+ char *
+ XpGetAttributes (
+@@ -83,17 +84,18 @@ XpGetAttributes (
+     /*
+      * Read pool and return to caller.
+      */
+-    buf = Xmalloc( (unsigned) rep.stringLen + 1 );
++    if (rep.stringLen < INT_MAX)
++        buf = Xmalloc(rep.stringLen + 1);
++    else
++        buf = NULL;
+ 
+     if (!buf) {
+-        UnlockDisplay(dpy);
+-        SyncHandle();
+-        return( (char *) NULL ); /* malloc error */
++        _XEatDataWords(dpy, rep.length);
++    }
++    else {
++        _XReadPad (dpy, (char *) buf, rep.stringLen );
++        buf[rep.stringLen] = 0;
+     }
+-
+-    _XReadPad (dpy, (char *) buf, (long) rep.stringLen );
+-
+-    buf[rep.stringLen] = 0;
+ 
+     UnlockDisplay(dpy);
+     SyncHandle();
+@@ -144,18 +146,18 @@ XpGetOneAttribute (
+     /*
+      * Read variable answer.
+      */
+-    buf = Xmalloc( (unsigned) rep.valueLen + 1 );
++    if (rep.valueLen < INT_MAX)
++        buf = Xmalloc(rep.valueLen + 1);
++    else
++        buf = NULL;
+ 
+     if (!buf) {
+-        UnlockDisplay(dpy);
+-        SyncHandle();
+-        return( (char *) NULL ); /* malloc error */
++        _XEatDataWords(dpy, rep.length);
++    }
++    else {
++        _XReadPad (dpy, (char *) buf, rep.valueLen);
++        buf[rep.valueLen] = 0;
+     }
+-
+-    buf[rep.valueLen] = 0;
+-
+-    _XReadPad (dpy, (char *) buf, (long) rep.valueLen );
+-    buf[rep.valueLen] = 0;
+ 
+     UnlockDisplay(dpy);
+     SyncHandle();
+-- 
+1.8.2.3
+
diff --git a/main/libxp/0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch b/main/libxp/0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
new file mode 100644
index 00000000000..a528c59f53a
--- /dev/null
+++ b/main/libxp/0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
@@ -0,0 +1,118 @@
+From cc90f6be64bfd6973ae270b9bff494f577e1bda7 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 26 Apr 2013 23:59:25 -0700
+Subject: [PATCH 4/5] integer overflows in XpGetPrinterList() [CVE-2013-2062
+ 2/3]
+
+listCount is a CARD32 that needs to be bounds checked before it is
+multiplied by the size of the structs to allocate, and the string
+lengths are CARD32s and need to be bounds checked before adding one
+to them to come up with the total size to allocate, to avoid integer
+overflow leading to underallocation and writing data from the network
+past the end of the allocated buffer.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/XpPrinter.c | 43 +++++++++++++++++++++++--------------------
+ 1 file changed, 23 insertions(+), 20 deletions(-)
+
+diff --git a/src/XpPrinter.c b/src/XpPrinter.c
+index bdc96e6..03b18c4 100644
+--- a/src/XpPrinter.c
++++ b/src/XpPrinter.c
+@@ -42,6 +42,7 @@
+ #include <X11/extensions/Printstr.h>
+ #include <X11/Xlibint.h>
+ #include "XpExtUtil.h"
++#include <limits.h>
+ 
+ #define _XpPadOut(len) (((len) + 3) & ~3)
+ 
+@@ -62,7 +63,7 @@ XpGetPrinterList (
+     long	dataLenVR;
+     CARD8	*dataVR;	/* aka STRING8 */
+ 
+-    XPPrinterList ptr_list;
++    XPPrinterList ptr_list = NULL;
+ 
+     XExtDisplayInfo *info = (XExtDisplayInfo *) xp_find_display (dpy);
+ 
+@@ -128,13 +129,12 @@ XpGetPrinterList (
+     *list_count = rep.listCount;
+ 
+     if (*list_count) {
+-	ptr_list = (XPPrinterList)
+-		Xmalloc( (unsigned) (sizeof(XPPrinterRec) * (*list_count + 1)));
++	if (rep.listCount < (INT_MAX / sizeof(XPPrinterRec)))
++	    ptr_list = Xmalloc(sizeof(XPPrinterRec) * (*list_count + 1));
+ 
+ 	if (!ptr_list) {
+-            UnlockDisplay(dpy);
+-            SyncHandle();
+-            return ( (XPPrinterList) NULL ); /* malloc error */
++	    _XEatDataWords(dpy, rep.length);
++	    goto out;
+ 	}
+ 
+ 	/*
+@@ -150,16 +150,17 @@ XpGetPrinterList (
+ 	    _XRead32 (dpy, &dataLenVR, (long) sizeof(CARD32) );
+ 
+ 	    if (dataLenVR) {
+-		dataVR = (CARD8 *) Xmalloc( (unsigned) dataLenVR + 1 );
++		if (dataLenVR < INT_MAX)
++		    dataVR = Xmalloc(dataLenVR + 1);
++		else
++		    dataVR = NULL;
+ 
+ 		if (!dataVR) {
+-		    UnlockDisplay(dpy);
+-		    SyncHandle();
+-		    return ( (XPPrinterList) NULL ); /* malloc error */
++		    _XEatData(dpy, dataLenVR);
++		} else {
++		    _XReadPad (dpy, (char *) dataVR, (long) dataLenVR);
++		    dataVR[dataLenVR] = 0;
+ 		}
+-
+-		_XReadPad (dpy, (char *) dataVR, (long) dataLenVR);
+-		dataVR[dataLenVR] = 0;
+ 		ptr_list[i].name = (char *) dataVR;
+ 	    }
+ 	    else {
+@@ -172,16 +173,17 @@ XpGetPrinterList (
+ 	    _XRead32 (dpy, &dataLenVR, (long) sizeof(CARD32) );
+ 
+ 	    if (dataLenVR) {
+-		dataVR = (CARD8 *) Xmalloc( (unsigned) dataLenVR + 1 );
++		if (dataLenVR < INT_MAX)
++		    dataVR = Xmalloc(dataLenVR + 1);
++		else
++		    dataVR = NULL;
+ 
+ 		if (!dataVR) {
+-		    UnlockDisplay(dpy);
+-		    SyncHandle();
+-		    return ( (XPPrinterList) NULL ); /* malloc error */
++		    _XEatData(dpy, dataLenVR);
++		} else {
++		    _XReadPad (dpy, (char *) dataVR, (long) dataLenVR);
++		    dataVR[dataLenVR] = 0;
+ 		}
+-
+-		_XReadPad (dpy, (char *) dataVR, (long) dataLenVR);
+-		dataVR[dataLenVR] = 0;
+ 		ptr_list[i].desc = (char *) dataVR;
+ 	    }
+ 	    else {
+@@ -193,6 +195,7 @@ XpGetPrinterList (
+ 	ptr_list = (XPPrinterList) NULL;
+     }
+ 
++  out:
+     UnlockDisplay(dpy);
+     SyncHandle();
+ 
+-- 
+1.8.2.3
+
diff --git a/main/libxp/0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch b/main/libxp/0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch
new file mode 100644
index 00000000000..c7e925e3574
--- /dev/null
+++ b/main/libxp/0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch
@@ -0,0 +1,64 @@
+From e111065f6dd790c820fa67ea31055b18c68481e3 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 26 Apr 2013 23:59:25 -0700
+Subject: [PATCH 5/5] integer overflows in XpQueryScreens() [CVE-2013-2062 3/3]
+
+listCount is a CARD32 that needs to be bounds checked before it is
+multiplied by the size of the pointers to allocate, to avoid integer
+overflow leading to underallocation and writing data from the network
+past the end of the allocated buffer.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/XpScreens.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/XpScreens.c b/src/XpScreens.c
+index 815dfbf..b31e554 100644
+--- a/src/XpScreens.c
++++ b/src/XpScreens.c
+@@ -42,6 +42,7 @@
+ #include <X11/extensions/Printstr.h>
+ #include <X11/Xlibint.h>
+ #include "XpExtUtil.h"
++#include <limits.h>
+ 
+ 
+ Screen **
+@@ -82,19 +83,17 @@ XpQueryScreens (
+     *list_count = rep.listCount;
+ 
+     if (*list_count) {
+-	scr_list = (Screen **)
+-		   Xmalloc( (unsigned) (sizeof(Screen *) * *list_count) );
++	if (rep.listCount < (INT_MAX / sizeof(Screen *)))
++	    scr_list = Xmalloc(sizeof(Screen *) * *list_count);
++	else
++	    scr_list = NULL;
+ 
+ 	if (!scr_list) {
+-            UnlockDisplay(dpy);
+-            SyncHandle();
+-            return ( (Screen **) NULL ); /* malloc error */
++	    _XEatDataWords(dpy, rep.length);
++	    goto out;
+ 	}
+ 	i = 0;
+ 	while(i < *list_count){
+-	    /*
+-	     * Pull printer length and then name.
+-	     */
+ 	    _XRead32 (dpy, &rootWindow, (long) sizeof(CARD32) );
+ 	    scr_list[i] = NULL;
+ 	    for ( j = 0; j < XScreenCount(dpy); j++ ) {
+@@ -118,6 +117,7 @@ XpQueryScreens (
+ 	scr_list = (Screen **) NULL;
+     }
+ 
++  out:
+     UnlockDisplay(dpy);
+     SyncHandle();
+ 
+-- 
+1.8.2.3
+
diff --git a/main/libxp/APKBUILD b/main/libxp/APKBUILD
index 616e034f9e6..fe6d5c49b46 100644
--- a/main/libxp/APKBUILD
+++ b/main/libxp/APKBUILD
@@ -2,17 +2,24 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxp
 pkgver=1.0.1
-pkgrel=1
+pkgrel=3
 pkgdesc="X.Org X11 libXp runtime library"
 url="http://www.x.org"
 arch="all"
 license="MIT"
 depends=
-depends_dev="util-macros libx11-dev libxext-dev libxau-dev printproto"
-makedepends="$depends_dev"
+depends_dev="libx11-dev libxext-dev libxau-dev printproto"
+makedepends="$depends_dev libtool autoconf automake util-macros"
 install=""
 subpackages="$pkgname-dev $pkgname-doc"
-source="http://xorg.freedesktop.org/releases/individual/lib/libXp-$pkgver.tar.bz2"
+source="http://xorg.freedesktop.org/releases/individual/lib/libXp-$pkgver.tar.bz2
+	0001-Stop-trying-to-use-NULL-for-Status-values.patch
+	0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+	0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+	0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+	0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+	0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch
+	"
 
 _builddir="$srcdir"/libXp-$pkgver
 prepare() {
@@ -23,6 +30,8 @@ prepare() {
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
 		esac
 	done
+	libtoolize --force && aclocal && autoheader && autoconf \
+		&& automake --add-missing
 }
 
 build() {
@@ -42,4 +51,24 @@ package() {
 	rm "$pkgdir"/usr/lib/*.la || return 1
 }
 
-md5sums="7ae1d63748e79086bd51a633da1ff1a9  libXp-1.0.1.tar.bz2"
+md5sums="7ae1d63748e79086bd51a633da1ff1a9  libXp-1.0.1.tar.bz2
+b52d9e1211abece91ce91b96cbeec7da  0001-Stop-trying-to-use-NULL-for-Status-values.patch
+dfc36d7aa39348115edbed43e7b3bacd  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+8d99d975ee248d292c57f0539a74f444  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+0affd2550812541d7c6e03b10a882a39  0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+74e9e315a2b7b714c2ebbc69e4478723  0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+59085b08c7ae142238ee20af93836926  0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch"
+sha256sums="71d1f260005616d646b8c8788365f2b7d93911dac57bb53b65753d9f9e6443d2  libXp-1.0.1.tar.bz2
+6cd5d7b70861a35434f87c8494755ee125945b9bfb6189314c94edcf806aa104  0001-Stop-trying-to-use-NULL-for-Status-values.patch
+666273216e13b759e85cf84c345e9253771e729f605987e580ad55b0ad7651a3  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+f128151ebd1206d85c6ee55d1558fb1e3f446a7334466571818850096fec7a87  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+ad96f0031978dd8befa29bde872a8a9b40e4fbfccf42cd22e201f975564db3b6  0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+cbadbece5e73d568826b19b2f743860c8dfe47f4077accffa939cc51a79ead0c  0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+0a597afeab8bd76dcd72fec97efd0a8db12c1dd1d9f431085e061aa1b6ca1f3d  0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch"
+sha512sums="0707256ae344b847f1a5bbf85f9e6e6f926be3bee10858e3c92932ee02007fdb908cb64a6f2ce0de501f99117e4582c1bcf9bc6f921490d42cabbfb997d731bd  libXp-1.0.1.tar.bz2
+ac9c215a03b6408c72bcd017d4059f09bc7e0345a90ee79a29476534316c57057a9ada717af4f3ec511cf19c57f4e98bee05856b8cbb6c14b83e1bf9349797f9  0001-Stop-trying-to-use-NULL-for-Status-values.patch
+5a55658cedbf6ac8d410f19ceed0ef38d65a81ef54e9ffde86ac285c477669d760a1b5c2d9791aff50d48698298bcfdd3290e1b95321c62230809a8a65222127  0001-Replace-deprecated-Automake-INCLUDES-variable-with-A.patch
+9a94b99f96d03e436450daa40e54d3d091d362e76428a4bc0fdacb38b3582c1a18ad5b1824621282892bc3f9e0964bae2d8e15ccdfc5c27a426f118c7a7336c8  0002-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
+48d47a8878f2f3663c1e00091c6190ae9d4b0e08594cfb87d4810e726caf5a138100ef59d0fdb352cb5805ab3268bedde86f20d4637533f81d71451fc0989f20  0003-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch
+5b6e0c05209546c6ef29bc6ed9a24b4117d8a4983fc49abf554920d189fd73d97198c4428951177f7b21dcd968d786c98fa5b53d457946e9b79504fc6ed7c9f6  0004-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch
+8242840592974a57e98e9c6dfed73031f632dc26b88ba2bf40016c9778955476490eb14766de6a02429ad56066f228d23b3cd9c0772585c020be3b6dec32b522  0005-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch"