aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/xorg-server-CVE-2017-10972.patch')
-rw-r--r--gnu/packages/patches/xorg-server-CVE-2017-10972.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
deleted file mode 100644
index f24e9c0ae6..0000000000
--- a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Wed, 24 May 2017 15:54:39 +0300
-Subject: Xi: Zero target buffer in SProcXSendExtensionEvent.
-
-Make sure that the xEvent eventT is initialized with zeros, the same way as
-in SProcSendEvent.
-
-Some event swapping functions do not overwrite all 32 bytes of xEvent
-structure, for example XSecurityAuthorizationRevoked. Two cooperating
-clients, one swapped and the other not, can send
-XSecurityAuthorizationRevoked event to each other to retrieve old stack data
-from X server. This can be potentialy misused to go around ASLR or
-stack-protector.
-
-Signed-off-by: Michal Srb <msrb@suse.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-
-diff --git a/Xi/sendexev.c b/Xi/sendexev.c
-index 11d8202..1cf118a 100644
---- a/Xi/sendexev.c
-+++ b/Xi/sendexev.c
-@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client)
- {
- CARD32 *p;
- int i;
-- xEvent eventT;
-+ xEvent eventT = { .u.u.type = 0 };
- xEvent *eventP;
- EventSwapPtr proc;
-
---
-cgit v0.10.2
-