[neon/backports-jammy/xwayland/Neon/release] debian/patches: delete upstreamed patch
Carlos De Maine
null at kde.org
Wed Dec 20 04:52:33 GMT 2023
Git commit 4866d04f9171dcc8085c2b2646d4fc15c2c9b0c4 by Carlos De Maine.
Committed on 20/12/2023 at 05:52.
Pushed by carlosdem into branch 'Neon/release'.
delete upstreamed patch
D +0 -75 debian/patches/CVE-2023-6377.patch
M +0 -1 debian/patches/series
https://invent.kde.org/neon/backports-jammy/xwayland/-/commit/4866d04f9171dcc8085c2b2646d4fc15c2c9b0c4
diff --git a/debian/patches/CVE-2023-6377.patch b/debian/patches/CVE-2023-6377.patch
deleted file mode 100644
index 2284a64..0000000
--- a/debian/patches/CVE-2023-6377.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 8a3421f22d18a5f9054f9405a0f7c5cc7032caa1 Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer at who-t.net>
-Date: Tue, 28 Nov 2023 15:19:04 +1000
-Subject: [PATCH xserver] Xi: allocate enough XkbActions for our buttons
-
-button->xkb_acts is supposed to be an array sufficiently large for all
-our buttons, not just a single XkbActions struct. Allocating
-insufficient memory here means when we memcpy() later in
-XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
-leading to the usual security ooopsiedaisies.
-
-CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
----
- Xi/exevents.c | 12 ++++++------
- dix/devices.c | 10 ++++++++++
- 2 files changed, 16 insertions(+), 6 deletions(-)
-
-diff --git a/Xi/exevents.c b/Xi/exevents.c
-index dcd4efb3bc..54ea11a938 100644
---- a/Xi/exevents.c
-+++ b/Xi/exevents.c
-@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
- }
-
- if (from->button->xkb_acts) {
-- if (!to->button->xkb_acts) {
-- to->button->xkb_acts = calloc(1, sizeof(XkbAction));
-- if (!to->button->xkb_acts)
-- FatalError("[Xi] not enough memory for xkb_acts.\n");
-- }
-+ size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
-+ to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
-+ maxbuttons,
-+ sizeof(XkbAction));
-+ memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
- memcpy(to->button->xkb_acts, from->button->xkb_acts,
-- sizeof(XkbAction));
-+ from->button->numButtons * sizeof(XkbAction));
- }
- else {
- free(to->button->xkb_acts);
-diff --git a/dix/devices.c b/dix/devices.c
-index 7150734a58..20fef16923 100644
---- a/dix/devices.c
-+++ b/dix/devices.c
-@@ -2530,6 +2530,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
-
- if (master->button && master->button->numButtons != maxbuttons) {
- int i;
-+ int last_num_buttons = master->button->numButtons;
-+
- DeviceChangedEvent event = {
- .header = ET_Internal,
- .type = ET_DeviceChanged,
-@@ -2540,6 +2542,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
- };
-
- master->button->numButtons = maxbuttons;
-+ if (last_num_buttons < maxbuttons) {
-+ master->button->xkb_acts = xnfreallocarray(master->button->xkb_acts,
-+ maxbuttons,
-+ sizeof(XkbAction));
-+ memset(&master->button->xkb_acts[last_num_buttons],
-+ 0,
-+ (maxbuttons - last_num_buttons) * sizeof(XkbAction));
-+ }
-
- memcpy(&event.buttons.names, master->button->labels, maxbuttons *
- sizeof(Atom));
---
-2.43.0
-
diff --git a/debian/patches/series b/debian/patches/series
index c1894c1..d62a1de 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
xwayland-Detect-gbm_bo_get_fd_for_plane-at-runtime.patch
-CVE-2023-6377.patch
CVE-2023-6478.patch
More information about the Neon-commits
mailing list