1 files changed, 0 insertions, 103 deletions
diff --git a/debian/patches/1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-.full.patch b/debian/patches/1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-.full.patch
deleted file mode 100644
index 9d23ae0d1..000000000
--- a/debian/patches/1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-.full.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From fde1375e373137ac52d0530b819bf9df64ab14c1 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sun, 26 Jan 2014 10:54:41 -0800
-Subject: [PATCH 24/40] Xi: unvalidated lengths in Xinput extension
- [CVE-2014-8095]
-
-Multiple functions in the Xinput extension handling of requests from
-clients failed to check that the length of the request sent by the
-client was large enough to perform all the required operations and
-thus could read or write to memory outside the bounds of the request
-buffer.
-
-This commit includes the creation of a new REQUEST_AT_LEAST_EXTRA_SIZE
-macro in include/dix.h for the common case of needing to ensure a
-request is large enough to include both the request itself and a
-minimum amount of extra data following the request header.
-
-v2: backport to nx-libs 3.6.x (Mike DePaulo)
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
-Conflicts:
-	Xi/chgdctl.c
-	Xi/chgfctl.c
-	Xi/xiallowev.c
-	Xi/xichangecursor.c
-	Xi/xichangehierarchy.c
-	Xi/xigetclientpointer.c
-	Xi/xigrabdev.c
-	Xi/xipassivegrab.c
-	Xi/xiproperty.c
-	Xi/xiquerydevice.c
-	Xi/xiquerypointer.c
-	Xi/xiselectev.c
-	Xi/xisetclientpointer.c
-	Xi/xisetdevfocus.c
-	Xi/xiwarppointer.c
-
-[RHEL5: Xi/xi* files are XI2 ]
----
- nx-X11/programs/Xserver/Xi/chgdctl.c  | 4 ++--
- nx-X11/programs/Xserver/Xi/chgfctl.c  | 2 ++
- nx-X11/programs/Xserver/Xi/sendexev.c | 3 +++
- nx-X11/programs/Xserver/include/dix.h | 4 ++++
- 4 files changed, 11 insertions(+), 2 deletions(-)
-
---- a/nx-X11/programs/Xserver/Xi/chgdctl.c
-+++ b/nx-X11/programs/Xserver/Xi/chgdctl.c
-@@ -87,7 +87,7 @@ SProcXChangeDeviceControl(client)
- 
-     REQUEST(xChangeDeviceControlReq);
-     swaps(&stuff->length, n);
--    REQUEST_AT_LEAST_SIZE(xChangeDeviceControlReq);
-+    REQUEST_AT_LEAST_EXTRA_SIZE(xChangeDeviceControlReq, sizeof(xDeviceCtl));
-     swaps(&stuff->control, n);
-     return(ProcXChangeDeviceControl(client));
-     }
-@@ -111,7 +111,7 @@ ProcXChangeDeviceControl(client)
-     CARD32 *resolution;
- 
-     REQUEST(xChangeDeviceControlReq);
--    REQUEST_AT_LEAST_SIZE(xChangeDeviceControlReq);
-+    REQUEST_AT_LEAST_EXTRA_SIZE(xChangeDeviceControlReq, sizeof(xDeviceCtl));
- 
-     len = stuff->length - (sizeof(xChangeDeviceControlReq) >>2);
-     dev = LookupDeviceIntRec (stuff->deviceid);
---- a/nx-X11/programs/Xserver/Xi/chgfctl.c
-+++ b/nx-X11/programs/Xserver/Xi/chgfctl.c
-@@ -160,6 +160,8 @@ ProcXChangeFeedbackControl(client)
- 	    xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
- 	    if (client->swapped)
- 		{
-+		if (len < (sizeof(xStringFeedbackCtl) + 3) >> 2)
-+		    return BadLength;
- 		swaps(&f->num_keysyms,n);
- 		}
- 	    if (len != ((sizeof(xStringFeedbackCtl)>>2) + f->num_keysyms))
---- a/nx-X11/programs/Xserver/Xi/sendexev.c
-+++ b/nx-X11/programs/Xserver/Xi/sendexev.c
-@@ -154,6 +154,9 @@ ProcXSendExtensionEvent (client)
- 	return Success;
- 	}
- 
-+    if (stuff->num_events == 0)
-+        return ret;
-+
-     /* The client's event type must be one defined by an extension. */
- 
-     first = ((xEvent *) &stuff[1]);
---- a/nx-X11/programs/Xserver/include/dix.h
-+++ b/nx-X11/programs/Xserver/include/dix.h
-@@ -73,6 +73,10 @@ SOFTWARE.
-     if ((sizeof(req) >> 2) > client->req_len )\
-          return(BadLength)
- 
-+#define REQUEST_AT_LEAST_EXTRA_SIZE(req, extra)  \
-+    if (((sizeof(req) + ((uint64_t) extra)) >> 2) > client->req_len ) \
-+         return(BadLength)
-+
- #define REQUEST_FIXED_SIZE(req, n)\
-     if (((sizeof(req) >> 2) > client->req_len) || \
-         ((n >> 2) >= client->req_len) || \