ODROID-U3 xorg-server debian package fork :

[deb_xorg-server.git] / debian / patches / CVE-2014-8xxx / 0008-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch

diff --git a/debian/patches/CVE-2014-8xxx/0008-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch b/debian/patches/CVE-2014-8xxx/0008-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch
index 421f07084b741738027d4ccd3bab5a10758f41bf..dccaa0301faa5675738f774b0957dad9b32d2e14 100644 (file)
--- a/debian/patches/CVE-2014-8xxx/0008-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch
+++ b/debian/patches/CVE-2014-8xxx/0008-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch
@@ -37,11 +37,9 @@ Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
  include/dix.h           |    4 ++++
  17 files changed, 94 insertions(+), 18 deletions(-)
 
-diff --git a/Xi/chgdctl.c b/Xi/chgdctl.c
-index d078aa2..b3ee867 100644
 --- a/Xi/chgdctl.c
 +++ b/Xi/chgdctl.c
-@@ -78,7 +78,7 @@ SProcXChangeDeviceControl(ClientPtr client)
+@@ -78,7 +78,7 @@ SProcXChangeDeviceControl(ClientPtr clie
  
      REQUEST(xChangeDeviceControlReq);
      swaps(&stuff->length);
@@ -50,7 +48,7 @@ index d078aa2..b3ee867 100644
      swaps(&stuff->control);
      ctl = (xDeviceCtl *) &stuff[1];
      swaps(&ctl->control);
-@@ -115,7 +115,7 @@ ProcXChangeDeviceControl(ClientPtr client)
+@@ -115,7 +115,7 @@ ProcXChangeDeviceControl(ClientPtr clien
      xDeviceEnableCtl *e;
  
      REQUEST(xChangeDeviceControlReq);
@@ -59,7 +57,7 @@ index d078aa2..b3ee867 100644
  
      len = stuff->length - bytes_to_int32(sizeof(xChangeDeviceControlReq));
      ret = dixLookupDevice(&dev, stuff->deviceid, client, DixManageAccess);
-@@ -192,6 +192,10 @@ ProcXChangeDeviceControl(ClientPtr client)
+@@ -192,6 +192,10 @@ ProcXChangeDeviceControl(ClientPtr clien
          break;
      case DEVICE_ENABLE:
          e = (xDeviceEnableCtl *) &stuff[1];
@@ -70,11 +68,9 @@ index d078aa2..b3ee867 100644
  
          if (IsXTestDevice(dev, NULL))
              status = !Success;
-diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
-index 6dcf60c..224c2ba 100644
 --- a/Xi/chgfctl.c
 +++ b/Xi/chgfctl.c
-@@ -467,6 +467,8 @@ ProcXChangeFeedbackControl(ClientPtr client)
+@@ -467,6 +467,8 @@ ProcXChangeFeedbackControl(ClientPtr cli
          xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
  
          if (client->swapped) {
@@ -83,11 +79,9 @@ index 6dcf60c..224c2ba 100644
              swaps(&f->num_keysyms);
          }
          if (len !=
-diff --git a/Xi/sendexev.c b/Xi/sendexev.c
-index 3c21386..183f88d 100644
 --- a/Xi/sendexev.c
 +++ b/Xi/sendexev.c
-@@ -135,6 +135,9 @@ ProcXSendExtensionEvent(ClientPtr client)
+@@ -135,6 +135,9 @@ ProcXSendExtensionEvent(ClientPtr client
      if (ret != Success)
          return ret;
  
@@ -97,8 +91,6 @@ index 3c21386..183f88d 100644
      /* The client's event type must be one defined by an extension. */
  
      first = ((xEvent *) &stuff[1]);
-diff --git a/Xi/xiallowev.c b/Xi/xiallowev.c
-index ebef233..ca263ef 100644
 --- a/Xi/xiallowev.c
 +++ b/Xi/xiallowev.c
 @@ -48,6 +48,7 @@ int
@@ -117,8 +109,6 @@ index ebef233..ca263ef 100644
          swapl(&req_xi22->touchid);
          swapl(&req_xi22->grab_window);
      }
-diff --git a/Xi/xichangecursor.c b/Xi/xichangecursor.c
-index 7a1bb7a..8e6255b 100644
 --- a/Xi/xichangecursor.c
 +++ b/Xi/xichangecursor.c
 @@ -57,11 +57,11 @@ int
@@ -134,8 +124,6 @@ index 7a1bb7a..8e6255b 100644
      return (ProcXIChangeCursor(client));
  }
  
-diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
-index 9e36354..2732445 100644
 --- a/Xi/xichangehierarchy.c
 +++ b/Xi/xichangehierarchy.c
 @@ -411,7 +411,7 @@ int
@@ -228,8 +216,6 @@ index 9e36354..2732445 100644
          any = (xXIAnyHierarchyChangeInfo *) ((char *) any + any->length * 4);
      }
  
-diff --git a/Xi/xigetclientpointer.c b/Xi/xigetclientpointer.c
-index 3c90d58..306dd39 100644
 --- a/Xi/xigetclientpointer.c
 +++ b/Xi/xigetclientpointer.c
 @@ -50,6 +50,7 @@ int
@@ -240,8 +226,6 @@ index 3c90d58..306dd39 100644
  
      swaps(&stuff->length);
      swapl(&stuff->win);
-diff --git a/Xi/xigrabdev.c b/Xi/xigrabdev.c
-index 63d95bc..e2a2ae3 100644
 --- a/Xi/xigrabdev.c
 +++ b/Xi/xigrabdev.c
 @@ -47,6 +47,11 @@ int
@@ -281,11 +265,9 @@ index 63d95bc..e2a2ae3 100644
  
      ret = dixLookupDevice(&dev, stuff->deviceid, client, DixGetAttrAccess);
      if (ret != Success)
-diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
-index 700622d..9241ffd 100644
 --- a/Xi/xipassivegrab.c
 +++ b/Xi/xipassivegrab.c
-@@ -53,6 +53,7 @@ SProcXIPassiveGrabDevice(ClientPtr client)
+@@ -53,6 +53,7 @@ SProcXIPassiveGrabDevice(ClientPtr clien
      uint32_t *mods;
  
      REQUEST(xXIPassiveGrabDeviceReq);
@@ -293,7 +275,7 @@ index 700622d..9241ffd 100644
  
      swaps(&stuff->length);
      swaps(&stuff->deviceid);
-@@ -63,6 +64,8 @@ SProcXIPassiveGrabDevice(ClientPtr client)
+@@ -63,6 +64,8 @@ SProcXIPassiveGrabDevice(ClientPtr clien
      swaps(&stuff->mask_len);
      swaps(&stuff->num_modifiers);
  
@@ -302,7 +284,7 @@ index 700622d..9241ffd 100644
      mods = (uint32_t *) &stuff[1] + stuff->mask_len;
  
      for (i = 0; i < stuff->num_modifiers; i++, mods++) {
-@@ -92,7 +95,8 @@ ProcXIPassiveGrabDevice(ClientPtr client)
+@@ -92,7 +95,8 @@ ProcXIPassiveGrabDevice(ClientPtr client
      int mask_len;
  
      REQUEST(xXIPassiveGrabDeviceReq);
@@ -312,7 +294,7 @@ index 700622d..9241ffd 100644
  
      if (stuff->deviceid == XIAllDevices)
          dev = inputInfo.all_devices;
-@@ -252,6 +256,7 @@ SProcXIPassiveUngrabDevice(ClientPtr client)
+@@ -252,6 +256,7 @@ SProcXIPassiveUngrabDevice(ClientPtr cli
      uint32_t *modifiers;
  
      REQUEST(xXIPassiveUngrabDeviceReq);
@@ -320,7 +302,7 @@ index 700622d..9241ffd 100644
  
      swaps(&stuff->length);
      swapl(&stuff->grab_window);
-@@ -259,6 +264,8 @@ SProcXIPassiveUngrabDevice(ClientPtr client)
+@@ -259,6 +264,8 @@ SProcXIPassiveUngrabDevice(ClientPtr cli
      swapl(&stuff->detail);
      swaps(&stuff->num_modifiers);
  
@@ -329,7 +311,7 @@ index 700622d..9241ffd 100644
      modifiers = (uint32_t *) &stuff[1];
  
      for (i = 0; i < stuff->num_modifiers; i++, modifiers++)
-@@ -277,7 +284,8 @@ ProcXIPassiveUngrabDevice(ClientPtr client)
+@@ -277,7 +284,8 @@ ProcXIPassiveUngrabDevice(ClientPtr clie
      int i, rc;
  
      REQUEST(xXIPassiveUngrabDeviceReq);
@@ -339,8 +321,6 @@ index 700622d..9241ffd 100644
  
      if (stuff->deviceid == XIAllDevices)
          dev = inputInfo.all_devices;
-diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
-index 463607d..8e8e4b0 100644
 --- a/Xi/xiproperty.c
 +++ b/Xi/xiproperty.c
 @@ -1013,10 +1013,9 @@ int
@@ -424,8 +404,6 @@ index 463607d..8e8e4b0 100644
      return (ProcXIGetProperty(client));
  }
  
-diff --git a/Xi/xiquerydevice.c b/Xi/xiquerydevice.c
-index 4e544f0..67a9a4f 100644
 --- a/Xi/xiquerydevice.c
 +++ b/Xi/xiquerydevice.c
 @@ -54,6 +54,7 @@ int
@@ -436,8 +414,6 @@ index 4e544f0..67a9a4f 100644
  
      swaps(&stuff->length);
      swaps(&stuff->deviceid);
-diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c
-index e9bdd42..7ec0c85 100644
 --- a/Xi/xiquerypointer.c
 +++ b/Xi/xiquerypointer.c
 @@ -63,6 +63,8 @@ int
@@ -449,8 +425,6 @@ index e9bdd42..7ec0c85 100644
      swaps(&stuff->length);
      swaps(&stuff->deviceid);
      swapl(&stuff->win);
-diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c
-index 45a996e..168579f 100644
 --- a/Xi/xiselectev.c
 +++ b/Xi/xiselectev.c
 @@ -114,6 +114,7 @@ int
@@ -479,8 +453,6 @@ index 45a996e..168579f 100644
          evmask =
              (xXIEventMask *) (((char *) &evmask[1]) + evmask->mask_len * 4);
      }
-diff --git a/Xi/xisetclientpointer.c b/Xi/xisetclientpointer.c
-index 38ff51e..24d4a53 100644
 --- a/Xi/xisetclientpointer.c
 +++ b/Xi/xisetclientpointer.c
 @@ -51,10 +51,11 @@ int
@@ -496,8 +468,6 @@ index 38ff51e..24d4a53 100644
      return (ProcXISetClientPointer(client));
  }
  
-diff --git a/Xi/xisetdevfocus.c b/Xi/xisetdevfocus.c
-index 372ec24..96a9a16 100644
 --- a/Xi/xisetdevfocus.c
 +++ b/Xi/xisetdevfocus.c
 @@ -44,6 +44,8 @@ int
@@ -518,8 +488,6 @@ index 372ec24..96a9a16 100644
      swaps(&stuff->length);
      swaps(&stuff->deviceid);
  
-diff --git a/Xi/xiwarppointer.c b/Xi/xiwarppointer.c
-index 3f051f7..780758a 100644
 --- a/Xi/xiwarppointer.c
 +++ b/Xi/xiwarppointer.c
 @@ -56,6 +56,8 @@ int
@@ -531,8 +499,6 @@ index 3f051f7..780758a 100644
      swaps(&stuff->length);
      swapl(&stuff->src_win);
      swapl(&stuff->dst_win);
-diff --git a/include/dix.h b/include/dix.h
-index e0c6ed8..21176a8 100644
 --- a/include/dix.h
 +++ b/include/dix.h
 @@ -74,6 +74,10 @@ SOFTWARE.
@@ -546,6 +512,3 @@ index e0c6ed8..21176a8 100644
  #define REQUEST_FIXED_SIZE(req, n)\
      if (((sizeof(req) >> 2) > client->req_len) || \
          ((n >> 2) >= client->req_len) || \
--- 
-1.7.9.2
-