From ba5259e879b12c3266333e072624037d67f37be4 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 6 Jun 2013 16:16:02 +0000
Subject: main/libxxf86dga: upgrade to 1.1.4

---
 ...rflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch | 43 ----------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 main/libxxf86dga/0003-buffer-overflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch

(limited to 'main/libxxf86dga/0003-buffer-overflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch')

diff --git a/main/libxxf86dga/0003-buffer-overflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch b/main/libxxf86dga/0003-buffer-overflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch
deleted file mode 100644
index 9123d7f3ba..0000000000
--- a/main/libxxf86dga/0003-buffer-overflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 5dcfa6a8cf2df39828da733e5945e730518c27b3 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sat, 13 Apr 2013 12:27:10 -0700
-Subject: [PATCH 3/6] buffer overflow in XDGAQueryModes() [CVE-2013-2000 1/2]
-
-When reading the name strings for the modes off the network, we never
-checked to make sure the length of the individual name strings didn't
-overflow the size of the buffer we'd allocated based on the reported
-rep.length for the total reply size.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XF86DGA2.c | 13 ++++++++++---
- 1 file changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/src/XF86DGA2.c b/src/XF86DGA2.c
-index 8830266..b5145ee 100644
---- a/src/XF86DGA2.c
-+++ b/src/XF86DGA2.c
-@@ -356,9 +356,16 @@ XDGAMode* XDGAQueryModes(
- 		modes[i].reserved1 = info.reserved1;
- 		modes[i].reserved2 = info.reserved2;
- 
--		_XRead(dpy, offset, info.name_size);
--		modes[i].name = offset;
--		offset += info.name_size;
-+		if (info.name_size > 0 && info.name_size <= size) {
-+		    _XRead(dpy, offset, info.name_size);
-+		    modes[i].name = offset;
-+		    modes[i].name[info.name_size - 1] = '\0';
-+		    offset += info.name_size;
-+		    size -= info.name_size;
-+		} else {
-+		    _XEatData(dpy, info.name_size);
-+		    modes[i].name = NULL;
-+		}
- 	      }
- 	      *num = rep.number;
- 	   } else
--- 
-1.8.2.3
-
-- 
cgit v1.2.3