diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-10-17 19:31:45 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-10-18 13:30:33 +0200 |
commit | 2559feca78bc678c5bbf91419695174d3fcbdf14 (patch) | |
tree | efa4d497c6065d936916a39b23f638c6b277b7b4 /patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch | |
parent | a37e7d6f03a8b559ab7c17eb42c13e7e06c2b9fc (diff) | |
download | current-2559feca78bc678c5bbf91419695174d3fcbdf14.tar.gz current-2559feca78bc678c5bbf91419695174d3fcbdf14.tar.xz |
Mon Oct 17 19:31:45 UTC 202220221017193145_15.0
patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
xquartz: Fix a possible crash when editing the Application menu due
to mutating immutable arrays.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
(* Security fix *)
Diffstat (limited to 'patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch')
-rw-r--r-- | patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch new file mode 100644 index 000000000..593545d03 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch @@ -0,0 +1,43 @@ +From dfd057996b26420309c324ec844a5ba6dd07eda3 Mon Sep 17 00:00:00 2001 +From: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Date: Sat, 2 Jul 2022 14:17:18 -0700 +Subject: xquartz: Fix a possible crash when editing the Application menu due + to mutaing immutable arrays + +Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object + +Application Specific Backtrace 0: +0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242 +1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48 +2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194 +3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0 +4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119 +5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169 + +Fixes: https://github.com/XQuartz/XQuartz/issues/267 +Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +--- + hw/xquartz/X11Controller.m | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m +index 3b55bb6a5..e9a939312 100644 +--- a/hw/xquartz/X11Controller.m ++++ b/hw/xquartz/X11Controller.m +@@ -469,8 +469,11 @@ extern char *bundle_id_prefix; + self.table_apps = table_apps; + + NSArray * const apps = self.apps; +- if (apps != nil) +- [table_apps addObjectsFromArray:apps]; ++ if (apps != nil) { ++ for (NSArray <NSString *> * row in apps) { ++ [table_apps addObject:row.mutableCopy]; ++ } ++ } + + columns = [apps_table tableColumns]; + [[columns objectAtIndex:0] setIdentifier:@"0"]; +-- +cgit v1.2.1 + |