debian/patches/122_xext_fix_card32_overflow_in_xauth.patch

   1 --- a/Xext/security.c
   2 +++ b/Xext/security.c
   3 @@ -262,9 +262,9 @@ SecurityComputeAuthorizationTimeout(Secu
   4      /* maxSecs is the number of full seconds that can be expressed in
   5       * 32 bits worth of milliseconds
   6       */
   7 -    CARD32 maxSecs = (CARD32) (~0) / (CARD32) MILLI_PER_SECOND;
   8 +    CARD32 maxSecs = (CARD32) (MAXINT) / (CARD32) MILLI_PER_SECOND;
   9
  10 -    if (seconds > maxSecs) {    /* only come here if we want to wait more than 49 days */
  11 +    if (seconds > maxSecs) {    /* only come here if we want to wait more than 24 days */
  12          pAuth->secondsRemaining = seconds - maxSecs;
  13          return maxSecs * MILLI_PER_SECOND;
  14      }
  15 @@ -298,8 +298,6 @@ SecurityAuthorizationExpired(OsTimerPtr
  16  {
  17      SecurityAuthorizationPtr pAuth = (SecurityAuthorizationPtr) pval;
  18
  19 -    assert(pAuth->timer == timer);
  20 -
  21      if (pAuth->secondsRemaining) {
  22          return SecurityComputeAuthorizationTimeout(pAuth,
  23                                                     pAuth->secondsRemaining);