[neon/backports-jammy/xwayland/Neon/release] debian/patches: delete upstreamed patch

Carlos De Maine null at kde.org
Wed Dec 20 04:55:16 GMT 2023 

Git commit 71f970585fce41541ae7196945128c97e82c9147 by Carlos De Maine.
Committed on 20/12/2023 at 05:55.
Pushed by carlosdem into branch 'Neon/release'.

delete upstreamed patch

D  +0    -59   debian/patches/CVE-2023-6478.patch
M  +0    -1    debian/patches/series

https://invent.kde.org/neon/backports-jammy/xwayland/-/commit/71f970585fce41541ae7196945128c97e82c9147

diff --git a/debian/patches/CVE-2023-6478.patch b/debian/patches/CVE-2023-6478.patch
deleted file mode 100644
index d993c9a..0000000
--- a/debian/patches/CVE-2023-6478.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From bd59316fe54b2bcad94c883e81fe7cae2a90cdd6 Mon Sep 17 00:00:00 2001
-From: Peter Hutterer <peter.hutterer at who-t.net>
-Date: Mon, 27 Nov 2023 16:27:49 +1000
-Subject: [PATCH xserver] randr: avoid integer truncation in length check of
- ProcRRChange*Property
-
-Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
-See also xserver at 8f454b79 where this same bug was fixed for the core
-protocol and XI.
-
-This fixes an OOB read and the resulting information disclosure.
-
-Length calculation for the request was clipped to a 32-bit integer. With
-the correct stuff->nUnits value the expected request size was
-truncated, passing the REQUEST_FIXED_SIZE check.
-
-The server then proceeded with reading at least stuff->num_items bytes
-(depending on stuff->format) from the request and stuffing whatever it
-finds into the property. In the process it would also allocate at least
-stuff->nUnits bytes, i.e. 4GB.
-
-CVE-2023-XXXXX, ZDI-CAN-22561
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
----
- randr/rrproperty.c         | 2 +-
- randr/rrproviderproperty.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/randr/rrproperty.c b/randr/rrproperty.c
-index 25469f57b2..c4fef8a1f6 100644
---- a/randr/rrproperty.c
-+++ b/randr/rrproperty.c
-@@ -530,7 +530,7 @@ ProcRRChangeOutputProperty(ClientPtr client)
-     char format, mode;
-     unsigned long len;
-     int sizeInBytes;
--    int totalSize;
-+    uint64_t totalSize;
-     int err;
- 
-     REQUEST_AT_LEAST_SIZE(xRRChangeOutputPropertyReq);
-diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c
-index b79c17f9bf..90c5a9a933 100644
---- a/randr/rrproviderproperty.c
-+++ b/randr/rrproviderproperty.c
-@@ -498,7 +498,7 @@ ProcRRChangeProviderProperty(ClientPtr client)
-     char format, mode;
-     unsigned long len;
-     int sizeInBytes;
--    int totalSize;
-+    uint64_t totalSize;
-     int err;
- 
-     REQUEST_AT_LEAST_SIZE(xRRChangeProviderPropertyReq);
--- 
-2.43.0
-
diff --git a/debian/patches/series b/debian/patches/series
index d62a1de..4919340 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
 xwayland-Detect-gbm_bo_get_fd_for_plane-at-runtime.patch
-CVE-2023-6478.patch

More information about the Neon-commits mailing list