Bug 256273 - graphics/wayland: fix CVE-2013-2003
Summary: graphics/wayland: fix CVE-2013-2003
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-x11 (Nobody)
URL: https://gitlab.freedesktop.org/waylan...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2021-05-30 22:14 UTC by Ghost
Modified: 2021-05-31 21:55 UTC (History)
3 users (show)

See Also:
zeising: maintainer-feedback+
koobs: merge-quarterly?


Attachments
patch (1.09 KB, patch)
2021-05-30 22:14 UTC, Ghost
no flags Details | Diff
vuxml entry (1.33 KB, patch)
2021-05-31 11:51 UTC, Ghost
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ghost 2021-05-30 22:14:47 UTC
Created attachment 225385 [details]
patch
Comment 1 Niclas Zeising freebsd_committer freebsd_triage 2021-05-31 06:23:47 UTC
This needs a VuXML entry as well.
Comment 2 Ghost 2021-05-31 11:51:20 UTC
Created attachment 225402 [details]
vuxml entry
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-05-31 20:58:11 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6431a5d2419ada906a7927c7b85e5f98bcd6eba2

commit 6431a5d2419ada906a7927c7b85e5f98bcd6eba2
Author:     Adriaan de Groot <adridg@FreeBSD.org>
AuthorDate: 2021-05-31 19:59:06 +0000
Commit:     Adriaan de Groot <adridg@FreeBSD.org>
CommitDate: 2021-05-31 20:55:01 +0000

    graphics/wayland: merge upstream fix for CVE-2013-2003

    This is upstream MR 133,
            https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133
    which in turn is a Wayland-ified version of the fix to libXcursor.

    PR:             256273
    Reported by:    Evgeniy Khramtsov
    Approved by:    zeising (x11)

 graphics/wayland/Makefile | 4 ++++
 graphics/wayland/distinfo | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)
Comment 4 Adriaan de Groot freebsd_committer freebsd_triage 2021-05-31 21:37:14 UTC
Thanks for reporting!
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-05-31 21:55:22 UTC
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=07b0f03960528e9f5be1a9fd985650a32c579e0a

commit 07b0f03960528e9f5be1a9fd985650a32c579e0a
Author:     Adriaan de Groot <adridg@FreeBSD.org>
AuthorDate: 2021-05-31 19:59:06 +0000
Commit:     Adriaan de Groot <adridg@FreeBSD.org>
CommitDate: 2021-05-31 21:54:42 +0000

    graphics/wayland: merge upstream fix for CVE-2013-2003

    This is upstream MR 133,
            https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133
    which in turn is a Wayland-ified version of the fix to libXcursor.

    PR:             256273
    Reported by:    Evgeniy Khramtsov
    Approved by:    zeising (x11)

    (cherry picked from commit 6431a5d2419ada906a7927c7b85e5f98bcd6eba2)

 graphics/wayland/Makefile | 4 ++++
 graphics/wayland/distinfo | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)