1 files changed, 0 insertions, 95 deletions
diff --git a/x11-servers/xorg-server/files/patch-CVE-2017-12183 b/x11-servers/xorg-server/files/patch-CVE-2017-12183
deleted file mode 100644
index 5ccc3760e022..000000000000
--- a/x11-servers/xorg-server/files/patch-CVE-2017-12183
+++ /dev/null
@@ -1,95 +0,0 @@
-From 61502107a30d64f991784648c3228ebc6694a032 Mon Sep 17 00:00:00 2001
-From: Nathan Kidd <nkidd@opentext.com>
-Date: Fri, 9 Jan 2015 11:43:05 -0500
-Subject: xfixes: unvalidated lengths (CVE-2017-12183)
-
-v2: Use before swap (Jeremy Huddleston Sequoia)
-
-v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
-
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
-Reviewed-by: Julien Cristau <jcristau@debian.org>
-Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
-Signed-off-by: Nathan Kidd <nkidd@opentext.com>
-Signed-off-by: Julien Cristau <jcristau@debian.org>
-(cherry picked from commit 55caa8b08c84af2b50fbc936cf334a5a93dd7db5)
-
-diff --git a/xfixes/cursor.c b/xfixes/cursor.c
-index f009a78..6e84d71 100644
---- xfixes/cursor.c
-+++ xfixes/cursor.c
-@@ -281,6 +281,7 @@ int
- SProcXFixesSelectCursorInput(ClientPtr client)
- {
-     REQUEST(xXFixesSelectCursorInputReq);
-+    REQUEST_SIZE_MATCH(xXFixesSelectCursorInputReq);
- 
-     swaps(&stuff->length);
-     swapl(&stuff->window);
-@@ -414,7 +415,7 @@ ProcXFixesSetCursorName(ClientPtr client)
-     REQUEST(xXFixesSetCursorNameReq);
-     Atom atom;
- 
--    REQUEST_AT_LEAST_SIZE(xXFixesSetCursorNameReq);
-+    REQUEST_FIXED_SIZE(xXFixesSetCursorNameReq, stuff->nbytes);
-     VERIFY_CURSOR(pCursor, stuff->cursor, client, DixSetAttrAccess);
-     tchar = (char *) &stuff[1];
-     atom = MakeAtom(tchar, stuff->nbytes, TRUE);
-@@ -1007,6 +1008,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client)
-     int i;
-     CARD16 *in_devices = (CARD16 *) &stuff[1];
- 
-+    REQUEST_AT_LEAST_SIZE(xXFixesCreatePointerBarrierReq);
-+
-     swaps(&stuff->length);
-     swaps(&stuff->num_devices);
-     REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices));
-diff --git a/xfixes/region.c b/xfixes/region.c
-index dd74d7f..f300d2b 100644
---- xfixes/region.c
-+++ xfixes/region.c
-@@ -359,6 +359,7 @@ ProcXFixesCopyRegion(ClientPtr client)
-     RegionPtr pSource, pDestination;
- 
-     REQUEST(xXFixesCopyRegionReq);
-+    REQUEST_SIZE_MATCH(xXFixesCopyRegionReq);
- 
-     VERIFY_REGION(pSource, stuff->source, client, DixReadAccess);
-     VERIFY_REGION(pDestination, stuff->destination, client, DixWriteAccess);
-@@ -375,7 +376,7 @@ SProcXFixesCopyRegion(ClientPtr client)
-     REQUEST(xXFixesCopyRegionReq);
- 
-     swaps(&stuff->length);
--    REQUEST_AT_LEAST_SIZE(xXFixesCopyRegionReq);
-+    REQUEST_SIZE_MATCH(xXFixesCopyRegionReq);
-     swapl(&stuff->source);
-     swapl(&stuff->destination);
-     return (*ProcXFixesVector[stuff->xfixesReqType]) (client);
-diff --git a/xfixes/saveset.c b/xfixes/saveset.c
-index eb3f658..aa365cf 100644
---- xfixes/saveset.c
-+++ xfixes/saveset.c
-@@ -62,6 +62,7 @@ int
- SProcXFixesChangeSaveSet(ClientPtr client)
- {
-     REQUEST(xXFixesChangeSaveSetReq);
-+    REQUEST_SIZE_MATCH(xXFixesChangeSaveSetReq);
- 
-     swaps(&stuff->length);
-     swapl(&stuff->window);
-diff --git a/xfixes/xfixes.c b/xfixes/xfixes.c
-index 8d1bd4c..8b45c53 100644
---- xfixes/xfixes.c
-+++ xfixes/xfixes.c
-@@ -160,6 +160,7 @@ static int
- SProcXFixesQueryVersion(ClientPtr client)
- {
-     REQUEST(xXFixesQueryVersionReq);
-+    REQUEST_SIZE_MATCH(xXFixesQueryVersionReq);
- 
-     swaps(&stuff->length);
-     swapl(&stuff->majorVersion);
--- 
-cgit v0.10.2
-