[neon/backports-jammy/xwayland/Neon/release] debian/patches: drop upstreamed patch
Carlos De Maine
null at kde.org
Wed Dec 20 04:49:49 GMT 2023
Git commit 6bb80092e22bb04e21bc9934b8b13a8ade5e1626 by Carlos De Maine.
Committed on 20/12/2023 at 05:49.
Pushed by carlosdem into branch 'Neon/release'.
drop upstreamed patch
D +0 -80 debian/patches/CVE-2023-5367.patch
M +0 -1 debian/patches/series
https://invent.kde.org/neon/backports-jammy/xwayland/-/commit/6bb80092e22bb04e21bc9934b8b13a8ade5e1626
diff --git a/debian/patches/CVE-2023-5367.patch b/debian/patches/CVE-2023-5367.patch
deleted file mode 100644
index 59e5440..0000000
--- a/debian/patches/CVE-2023-5367.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 69ceb12e9c9dc42175aba48bb86f2842423d7082 Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer at who-t.net>
-Date: Tue, 3 Oct 2023 11:53:05 +1000
-Subject: [PATCH xserver 1/4] Xi/randr: fix handling of PropModeAppend/Prepend
-
-The handling of appending/prepending properties was incorrect, with at
-least two bugs: the property length was set to the length of the new
-part only, i.e. appending or prepending N elements to a property with P
-existing elements always resulted in the property having N elements
-instead of N + P.
-
-Second, when pre-pending a value to a property, the offset for the old
-values was incorrect, leaving the new property with potentially
-uninitalized values and/or resulting in OOB memory writes.
-For example, prepending a 3 element value to a 5 element property would
-result in this 8 value array:
- [N, N, N, ?, ?, P, P, P ] P, P
- ^OOB write
-
-The XI2 code is a copy/paste of the RandR code, so the bug exists in
-both.
-
-CVE-2023-5367, ZDI-CAN-22153
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
----
- Xi/xiproperty.c | 4 ++--
- randr/rrproperty.c | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
-index 066ba21fba..d315f04d0e 100644
---- a/Xi/xiproperty.c
-+++ b/Xi/xiproperty.c
-@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
- XIDestroyDeviceProperty(prop);
- return BadAlloc;
- }
-- new_value.size = len;
-+ new_value.size = total_len;
- new_value.type = type;
- new_value.format = format;
-
-@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
- case PropModePrepend:
- new_data = new_value.data;
- old_data = (void *) (((char *) new_value.data) +
-- (prop_value->size * size_in_bytes));
-+ (len * size_in_bytes));
- break;
- }
- if (new_data)
-diff --git a/randr/rrproperty.c b/randr/rrproperty.c
-index c2fb9585c6..25469f57b2 100644
---- a/randr/rrproperty.c
-+++ b/randr/rrproperty.c
-@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
- RRDestroyOutputProperty(prop);
- return BadAlloc;
- }
-- new_value.size = len;
-+ new_value.size = total_len;
- new_value.type = type;
- new_value.format = format;
-
-@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
- case PropModePrepend:
- new_data = new_value.data;
- old_data = (void *) (((char *) new_value.data) +
-- (prop_value->size * size_in_bytes));
-+ (len * size_in_bytes));
- break;
- }
- if (new_data)
---
-2.41.0
-
diff --git a/debian/patches/series b/debian/patches/series
index ff06726..c1894c1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
xwayland-Detect-gbm_bo_get_fd_for_plane-at-runtime.patch
-CVE-2023-5367.patch
CVE-2023-6377.patch
CVE-2023-6478.patch
More information about the Neon-commits
mailing list