diff options
31 files changed, 1796 insertions, 164 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 2d461f516..c940a39e6 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,64 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Wed, 10 Jan 2024 20:25:54 GMT</pubDate> - <lastBuildDate>Thu, 11 Jan 2024 12:30:19 GMT</lastBuildDate> + <pubDate>Tue, 16 Jan 2024 20:49:28 GMT</pubDate> + <lastBuildDate>Wed, 17 Jan 2024 12:30:23 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Tue, 16 Jan 2024 20:49:28 GMT</title> + <pubDate>Tue, 16 Jan 2024 20:49:28 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20240116204928</link> + <guid isPermaLink="false">20240116204928</guid> + <description> + <![CDATA[<pre> +patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded. + This update fixes two medium severity security issues: + Fix more timing side-channel inside RSA-PSK key exchange. + Fix assertion failure when verifying a certificate chain with a cycle of + cross signatures. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2024-0553 + https://www.cve.org/CVERecord?id=CVE-2024-0567 + (* Security fix *) +patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. + This update fixes security issues: + Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. + Reattaching to different master device may lead to out-of-bounds memory access. + Heap buffer overflow in XISendDeviceHierarchyEvent. + Heap buffer overflow in DisableDevice. + SELinux context corruption. + SELinux unlabeled GLX PBuffer. + For more information, see: + https://lists.x.org/archives/xorg/2024-January/061525.html + https://www.cve.org/CVERecord?id=CVE-2023-6816 + https://www.cve.org/CVERecord?id=CVE-2024-0229 + https://www.cve.org/CVERecord?id=CVE-2024-21885 + https://www.cve.org/CVERecord?id=CVE-2024-21886 + https://www.cve.org/CVERecord?id=CVE-2024-0408 + https://www.cve.org/CVERecord?id=CVE-2024-0409 + (* Security fix *) +patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. +patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. +patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. +patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt. + This update fixes security issues: + Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. + Reattaching to different master device may lead to out-of-bounds memory access. + Heap buffer overflow in XISendDeviceHierarchyEvent. + Heap buffer overflow in DisableDevice. + SELinux unlabeled GLX PBuffer. + For more information, see: + https://lists.x.org/archives/xorg/2024-January/061525.html + https://www.cve.org/CVERecord?id=CVE-2023-6816 + https://www.cve.org/CVERecord?id=CVE-2024-0229 + https://www.cve.org/CVERecord?id=CVE-2024-21885 + https://www.cve.org/CVERecord?id=CVE-2024-21886 + https://www.cve.org/CVERecord?id=CVE-2024-0408 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Wed, 10 Jan 2024 20:25:54 GMT</title> <pubDate>Wed, 10 Jan 2024 20:25:54 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20240110202554</link> diff --git a/ChangeLog.txt b/ChangeLog.txt index 92b7cbc0b..5758c3bd8 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,49 @@ +Tue Jan 16 20:49:28 UTC 2024 +patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded. + This update fixes two medium severity security issues: + Fix more timing side-channel inside RSA-PSK key exchange. + Fix assertion failure when verifying a certificate chain with a cycle of + cross signatures. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2024-0553 + https://www.cve.org/CVERecord?id=CVE-2024-0567 + (* Security fix *) +patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. + This update fixes security issues: + Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. + Reattaching to different master device may lead to out-of-bounds memory access. + Heap buffer overflow in XISendDeviceHierarchyEvent. + Heap buffer overflow in DisableDevice. + SELinux context corruption. + SELinux unlabeled GLX PBuffer. + For more information, see: + https://lists.x.org/archives/xorg/2024-January/061525.html + https://www.cve.org/CVERecord?id=CVE-2023-6816 + https://www.cve.org/CVERecord?id=CVE-2024-0229 + https://www.cve.org/CVERecord?id=CVE-2024-21885 + https://www.cve.org/CVERecord?id=CVE-2024-21886 + https://www.cve.org/CVERecord?id=CVE-2024-0408 + https://www.cve.org/CVERecord?id=CVE-2024-0409 + (* Security fix *) +patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. +patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. +patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. +patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt. + This update fixes security issues: + Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. + Reattaching to different master device may lead to out-of-bounds memory access. + Heap buffer overflow in XISendDeviceHierarchyEvent. + Heap buffer overflow in DisableDevice. + SELinux unlabeled GLX PBuffer. + For more information, see: + https://lists.x.org/archives/xorg/2024-January/061525.html + https://www.cve.org/CVERecord?id=CVE-2023-6816 + https://www.cve.org/CVERecord?id=CVE-2024-0229 + https://www.cve.org/CVERecord?id=CVE-2024-21885 + https://www.cve.org/CVERecord?id=CVE-2024-21886 + https://www.cve.org/CVERecord?id=CVE-2024-0408 + (* Security fix *) ++--------------------------+ Wed Jan 10 20:25:54 UTC 2024 patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. diff --git a/FILELIST.TXT b/FILELIST.TXT index 55c39acc3..1a6856e9d 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Wed Jan 10 20:26:45 UTC 2024 +Tue Jan 16 20:52:12 UTC 2024 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2024-01-10 20:25 . +drwxr-xr-x 12 root root 4096 2024-01-16 20:49 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1209617 2024-01-09 20:53 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2024-01-09 20:53 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1210139 2024-01-10 20:27 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2024-01-10 20:27 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 2079681 2024-01-10 20:25 ./ChangeLog.txt +-rw-r--r-- 1 root root 2082003 2024-01-16 20:49 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1583782 2024-01-09 20:52 ./FILELIST.TXT +-rw-r--r-- 1 root root 1584480 2024-01-10 20:26 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -770,13 +770,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba -rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default -rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig -rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz -drwxr-xr-x 4 root root 4096 2024-01-10 20:26 ./patches --rw-r--r-- 1 root root 98175 2024-01-10 20:26 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2024-01-10 20:26 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 134557 2024-01-10 20:26 ./patches/FILE_LIST --rw-r--r-- 1 root root 15241977 2024-01-10 20:26 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 72864 2024-01-10 20:26 ./patches/PACKAGES.TXT -drwxr-xr-x 5 root root 32768 2024-01-10 20:26 ./patches/packages +drwxr-xr-x 4 root root 4096 2024-01-16 20:52 ./patches +-rw-r--r-- 1 root root 99861 2024-01-16 20:52 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2024-01-16 20:52 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 136567 2024-01-16 20:52 ./patches/FILE_LIST +-rw-r--r-- 1 root root 15259626 2024-01-16 20:52 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 72865 2024-01-16 20:52 ./patches/PACKAGES.TXT +drwxr-xr-x 5 root root 32768 2024-01-16 20:52 ./patches/packages -rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc @@ -855,9 +855,9 @@ drwxr-xr-x 5 root root 32768 2024-01-10 20:26 ./patches/packages -rw-r--r-- 1 root root 598 2022-07-07 18:24 ./patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 2368640 2022-07-07 18:24 ./patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-07-07 18:24 ./patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 492 2023-02-10 19:44 ./patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 2855224 2023-02-10 19:44 ./patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2023-02-10 19:44 ./patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 492 2024-01-16 20:17 ./patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 2794108 2024-01-16 20:17 ./patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2024-01-16 20:17 ./patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 314 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 111208 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz.asc @@ -1098,21 +1098,21 @@ drwxr-xr-x 2 root root 4096 2023-11-21 21:09 ./patches/packages/old-linux -rw-r--r-- 1 root root 377 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 801956 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 670 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt --rw-r--r-- 1 root root 1780124 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz --rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz.asc --rw-r--r-- 1 root root 370 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt --rw-r--r-- 1 root root 869204 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz --rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz.asc --rw-r--r-- 1 root root 592 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt --rw-r--r-- 1 root root 605124 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz --rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz.asc --rw-r--r-- 1 root root 689 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt --rw-r--r-- 1 root root 731156 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz --rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz.asc --rw-r--r-- 1 root root 816 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt --rw-r--r-- 1 root root 816656 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz --rw-r--r-- 1 root root 163 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz.asc +-rw-r--r-- 1 root root 670 2024-01-16 19:51 ./patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txt +-rw-r--r-- 1 root root 1779656 2024-01-16 19:51 ./patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz +-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz.asc +-rw-r--r-- 1 root root 370 2024-01-16 19:51 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txt +-rw-r--r-- 1 root root 868556 2024-01-16 19:51 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz +-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz.asc +-rw-r--r-- 1 root root 592 2024-01-16 19:51 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txt +-rw-r--r-- 1 root root 604924 2024-01-16 19:51 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz +-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz.asc +-rw-r--r-- 1 root root 689 2024-01-16 19:51 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txt +-rw-r--r-- 1 root root 730724 2024-01-16 19:51 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz +-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz.asc +-rw-r--r-- 1 root root 816 2024-01-16 20:01 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txt +-rw-r--r-- 1 root root 816672 2024-01-16 20:01 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz +-rw-r--r-- 1 root root 163 2024-01-16 20:01 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz.asc -rw-r--r-- 1 root root 570 2024-01-10 20:20 ./patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 1041872 2024-01-10 20:20 ./patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2024-01-10 20:20 ./patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz.asc @@ -1128,7 +1128,7 @@ drwxr-xr-x 2 root root 4096 2023-11-21 21:09 ./patches/packages/old-linux -rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 101 root root 4096 2024-01-10 20:24 ./patches/source +drwxr-xr-x 101 root root 4096 2024-01-16 20:45 ./patches/source drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython -rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz -rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild @@ -1326,10 +1326,10 @@ drwxr-xr-x 2 root root 4096 2022-07-07 18:21 ./patches/source/gnupg2 -rw-r--r-- 1 root root 5158914 2022-07-06 18:20 ./patches/source/gnupg2/gnupg-2.2.36.tar.lz -rwxr-xr-x 1 root root 4261 2022-07-07 18:21 ./patches/source/gnupg2/gnupg2.SlackBuild -rw-r--r-- 1 root root 1052 2018-08-27 17:38 ./patches/source/gnupg2/slack-desc -drwxr-xr-x 2 root root 4096 2023-02-10 19:41 ./patches/source/gnutls --rw-r--r-- 1 root root 6377212 2023-02-10 09:42 ./patches/source/gnutls/gnutls-3.7.9.tar.xz --rw-r--r-- 1 root root 685 2023-02-10 09:42 ./patches/source/gnutls/gnutls-3.7.9.tar.xz.sig --rwxr-xr-x 1 root root 4992 2022-07-29 19:02 ./patches/source/gnutls/gnutls.SlackBuild +drwxr-xr-x 2 root root 4096 2024-01-16 20:08 ./patches/source/gnutls +-rw-r--r-- 1 root root 6463720 2024-01-16 10:16 ./patches/source/gnutls/gnutls-3.8.3.tar.xz +-rw-r--r-- 1 root root 580 2024-01-16 10:16 ./patches/source/gnutls/gnutls-3.8.3.tar.xz.sig +-rwxr-xr-x 1 root root 4992 2024-01-16 20:14 ./patches/source/gnutls/gnutls.SlackBuild -rw-r--r-- 1 root root 946 2018-02-27 06:13 ./patches/source/gnutls/slack-desc drwxr-xr-x 2 root root 4096 2022-04-07 21:51 ./patches/source/gzip -rw-r--r-- 1 root root 825548 2022-04-07 17:00 ./patches/source/gzip/gzip-1.12.tar.xz @@ -2090,7 +2090,7 @@ drwxr-xr-x 2 root root 4096 2022-11-16 19:13 ./patches/source/xfce4-setti -rw-r--r-- 1 root root 83 2022-11-09 20:26 ./patches/source/xfce4-settings/xfce4-settings.url -rw-r--r-- 1 root root 543 2012-07-19 19:32 ./patches/source/xfce4-settings/xfce4-settings.xft.defaults.diff.gz drwxr-xr-x 10 root root 4096 2022-07-12 20:19 ./patches/source/xorg-server -drwxr-xr-x 2 root root 4096 2023-12-13 20:11 ./patches/source/xorg-server-xwayland +drwxr-xr-x 2 root root 4096 2024-01-16 19:52 ./patches/source/xorg-server-xwayland -rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz -rw-r--r-- 1 root root 2243 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz -rw-r--r-- 1 root root 1923 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz @@ -2109,13 +2109,22 @@ drwxr-xr-x 2 root root 4096 2023-12-13 20:11 ./patches/source/xorg-server -rw-r--r-- 1 root root 1127 2023-10-25 18:35 ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch.gz -rw-r--r-- 1 root root 1150 2023-12-13 20:03 ./patches/source/xorg-server-xwayland/CVE-2023-6377.patch.gz -rw-r--r-- 1 root root 972 2023-12-13 20:03 ./patches/source/xorg-server-xwayland/CVE-2023-6478.patch.gz +-rw-r--r-- 1 root root 998 2024-01-16 19:41 ./patches/source/xorg-server-xwayland/CVE-2023-6816.patch.gz +-rw-r--r-- 1 root root 1388 2024-01-16 19:44 ./patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch.gz +-rw-r--r-- 1 root root 2299 2024-01-16 19:44 ./patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch.gz +-rw-r--r-- 1 root root 781 2024-01-16 19:44 ./patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch.gz +-rw-r--r-- 1 root root 1160 2024-01-16 19:47 ./patches/source/xorg-server-xwayland/CVE-2024-0408.patch.gz +-rw-r--r-- 1 root root 981 2024-01-16 19:46 ./patches/source/xorg-server-xwayland/CVE-2024-0409.patch.gz +-rw-r--r-- 1 root root 1351 2024-01-16 19:45 ./patches/source/xorg-server-xwayland/CVE-2024-21885.patch.gz +-rw-r--r-- 1 root root 1124 2024-01-16 19:45 ./patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch.gz +-rw-r--r-- 1 root root 859 2024-01-16 19:46 ./patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch.gz -rw-r--r-- 1 root root 1287 2021-04-18 18:21 ./patches/source/xorg-server-xwayland/slack-desc --rwxr-xr-x 1 root root 6746 2023-12-13 20:11 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild +-rwxr-xr-x 1 root root 7440 2024-01-16 20:00 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild -rw-r--r-- 1 root root 1261712 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz -rw-r--r-- 1 root root 95 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz.sig -rw-r--r-- 1 root root 376 2021-01-16 18:58 ./patches/source/xorg-server/arch.use.flags drwxr-xr-x 2 root root 4096 2013-04-18 22:42 ./patches/source/xorg-server/build --rw-r--r-- 1 root root 13 2023-12-13 20:06 ./patches/source/xorg-server/build/xorg-server +-rw-r--r-- 1 root root 13 2024-01-16 19:48 ./patches/source/xorg-server/build/xorg-server drwxr-xr-x 2 root root 4096 2022-07-12 19:51 ./patches/source/xorg-server/configure -rw-r--r-- 1 root root 3140 2021-12-26 22:45 ./patches/source/xorg-server/configure/xorg-server drwxr-xr-x 2 root root 4096 2013-04-18 22:43 ./patches/source/xorg-server/doinst.sh @@ -2125,8 +2134,8 @@ drwxr-xr-x 2 root root 4096 2022-07-12 19:52 ./patches/source/xorg-server -rw-r--r-- 1 root root 1189 2018-05-03 12:16 ./patches/source/xorg-server/noarch -rw-r--r-- 1 root root 833 2019-12-09 18:56 ./patches/source/xorg-server/package-blacklist drwxr-xr-x 3 root root 4096 2023-02-07 20:15 ./patches/source/xorg-server/patch -drwxr-xr-x 2 root root 4096 2023-12-13 20:05 ./patches/source/xorg-server/patch/xorg-server --rw-r--r-- 1 root root 5499 2023-12-13 20:05 ./patches/source/xorg-server/patch/xorg-server.patch +drwxr-xr-x 2 root root 4096 2024-01-16 19:48 ./patches/source/xorg-server/patch/xorg-server +-rw-r--r-- 1 root root 6790 2024-01-16 19:49 ./patches/source/xorg-server/patch/xorg-server.patch -rw-r--r-- 1 root root 623 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz -rw-r--r-- 1 root root 3846 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch.gz -rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz @@ -2151,6 +2160,15 @@ drwxr-xr-x 2 root root 4096 2023-12-13 20:05 ./patches/source/xorg-server -rw-r--r-- 1 root root 1534 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch.gz -rw-r--r-- 1 root root 1150 2023-12-13 20:03 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch.gz -rw-r--r-- 1 root root 972 2023-12-13 20:03 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch.gz +-rw-r--r-- 1 root root 998 2024-01-16 19:41 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch.gz +-rw-r--r-- 1 root root 1388 2024-01-16 19:44 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch.gz +-rw-r--r-- 1 root root 2299 2024-01-16 19:44 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch.gz +-rw-r--r-- 1 root root 781 2024-01-16 19:44 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch.gz +-rw-r--r-- 1 root root 1160 2024-01-16 19:47 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch.gz +-rw-r--r-- 1 root root 981 2024-01-16 19:46 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch.gz +-rw-r--r-- 1 root root 1351 2024-01-16 19:45 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch.gz +-rw-r--r-- 1 root root 1124 2024-01-16 19:45 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch.gz +-rw-r--r-- 1 root root 859 2024-01-16 19:46 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch.gz -rw-r--r-- 1 root root 298 2018-05-30 05:02 ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff.gz -rw-r--r-- 1 root root 357 2020-09-11 18:38 ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff.gz -rw-r--r-- 1 root root 340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz @@ -2659,33 +2677,33 @@ drwxr-xr-x 2 root root 20480 2022-02-02 04:20 ./slackware64/ap -rw-r--r-- 1 root root 14191780 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz -rw-r--r-- 1 root root 163 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz.asc -rw-r--r-- 1 root root 368 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txt --rw-r--r-- 1 root root 3514504 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz --rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz.asc --rw-r--r-- 1 root root 279 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txt --rw-r--r-- 1 root root 189172 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz.asc --rw-r--r-- 1 root root 429 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txt --rw-r--r-- 1 root root 2273172 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz --rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz.asc --rw-r--r-- 1 root root 592 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txt --rw-r--r-- 1 root root 2764424 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz.asc --rw-r--r-- 1 root root 459 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txt --rw-r--r-- 1 root root 19096240 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz --rw-r--r-- 1 root root 163 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz.asc --rw-r--r-- 1 root root 481 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txt --rw-r--r-- 1 root root 136168 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz.asc --rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/ap/install-packages --rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/ap/install.end --rw-r--r-- 1 root root 488 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txt --rw-r--r-- 1 root root 288072 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz --rw-r--r-- 1 root root 163 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz.asc --rw-r--r-- 1 root root 597 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txt --rw-r--r-- 1 root root 347356 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz.asc --rw-r--r-- 1 root root 381 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txt --rw-r--r-- 1 root root 41548 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txz +-rw-r--r-- 1 root root 3514504 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz +-rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz.asc +-rw-r--r-- 1 root root 279 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txt +-rw-r--r-- 1 root root 189172 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz.asc +-rw-r--r-- 1 root root 429 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txt +-rw-r--r-- 1 root root 2273172 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz +-rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz.asc +-rw-r--r-- 1 root root 592 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txt +-rw-r--r-- 1 root root 2764424 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz.asc +-rw-r--r-- 1 root root 459 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txt +-rw-r--r-- 1 root root 19096240 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz +-rw-r--r-- 1 root root 163 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz.asc +-rw-r--r-- 1 root root 481 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txt +-rw-r--r-- 1 root root 136168 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz.asc +-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/ap/install-packages +-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/ap/install.end +-rw-r--r-- 1 root root 488 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txt +-rw-r--r-- 1 root root 288072 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz +-rw-r--r-- 1 root root 163 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz.asc +-rw-r--r-- 1 root root 597 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txt +-rw-r--r-- 1 root root 347356 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz.asc +-rw-r--r-- 1 root root 381 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txt +-rw-r--r-- 1 root root 41548 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txz -rw-r--r-- 1 root root 163 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txz.asc -rw-r--r-- 1 root root 478 2021-02-13 11:31 ./slackware64/ap/jed-0.99_19-x86_64-5.txt -rw-r--r-- 1 root root 530420 2021-02-13 11:31 ./slackware64/ap/jed-0.99_19-x86_64-5.txz @@ -5393,34 +5411,34 @@ drwxr-xr-x 2 root root 32768 2022-02-01 04:47 ./slackware64/n -rw-r--r-- 1 root root 163 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txz.asc -rw-r--r-- 1 root root 373 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txt -rw-r--r-- 1 root root 986628 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz --rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz.asc --rw-r--r-- 1 root root 456 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txt --rw-r--r-- 1 root root 104864 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz.asc --rw-r--r-- 1 root root 515 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txt --rw-r--r-- 1 root root 37192 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz --rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz.asc --rw-r--r-- 1 root root 641 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txt --rw-r--r-- 1 root root 1818824 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz.asc --rw-r--r-- 1 root root 493 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txt --rw-r--r-- 1 root root 190792 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz.asc --rw-r--r-- 1 root root 443 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txt --rw-r--r-- 1 root root 382016 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz.asc --rw-r--r-- 1 root root 450 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txt --rw-r--r-- 1 root root 3337528 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz.asc --rw-r--r-- 1 root root 423 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txt --rw-r--r-- 1 root root 80700 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz.asc --rw-r--r-- 1 root root 224 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txt --rw-r--r-- 1 root root 259064 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz --rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz.asc --rw-r--r-- 1 root root 318 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txt --rw-r--r-- 1 root root 820708 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz.asc +-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz.asc +-rw-r--r-- 1 root root 456 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txt +-rw-r--r-- 1 root root 104864 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz.asc +-rw-r--r-- 1 root root 515 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txt +-rw-r--r-- 1 root root 37192 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz.asc +-rw-r--r-- 1 root root 641 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txt +-rw-r--r-- 1 root root 1818824 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 493 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txt +-rw-r--r-- 1 root root 190792 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 443 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txt +-rw-r--r-- 1 root root 382016 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz.asc +-rw-r--r-- 1 root root 450 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txt +-rw-r--r-- 1 root root 3337528 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 423 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txt +-rw-r--r-- 1 root root 80700 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz.asc +-rw-r--r-- 1 root root 224 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txt +-rw-r--r-- 1 root root 259064 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz +-rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz.asc +-rw-r--r-- 1 root root 318 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txt +-rw-r--r-- 1 root root 820708 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz.asc -rw-r--r-- 1 root root 440 2022-01-19 17:53 ./slackware64/n/ethtool-5.16-x86_64-1.txt -rw-r--r-- 1 root root 179472 2022-01-19 17:53 ./slackware64/n/ethtool-5.16-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-01-19 17:53 ./slackware64/n/ethtool-5.16-x86_64-1.txz.asc @@ -8414,38 +8432,38 @@ drwxr-xr-x 2 root root 4096 2021-08-12 11:27 ./source/ap/linuxdoc-tools/so -rw-r--r-- 1 root root 438044 2020-06-21 14:05 ./source/ap/linuxdoc-tools/sources/linuxdoc-tools_0.9.82.tar.xz -rw-r--r-- 1 root root 712 2017-06-07 14:43 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2-gcc46.patch.xz -rw-r--r-- 1 root root 643132 2017-06-07 14:49 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2.tar.xz --rw-r--r-- 1 root root 1528303 2021-07-27 12:02 ./source/ap/linuxdoc-tools/sources/opensp-1.5.2-38.fc35.src.rpm --rw-r--r-- 1 root root 28136 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-NamespaceSupport-1.12-15.fc35.src.rpm --rw-r--r-- 1 root root 49816 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-1.02-8.fc35.src.rpm --rw-r--r-- 1 root root 37941 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-Base-1.09-15.fc35.src.rpm --rw-r--r-- 1 root root 107408 2021-07-27 05:52 ./source/ap/linuxdoc-tools/sources/sgml-common-0.6.3-57.fc35.src.rpm --rwxr-xr-x 1 root root 8342 2021-08-11 08:55 ./source/ap/linuxdoc-tools/sources/source.download --rw-r--r-- 1 root root 138086 2021-07-27 06:39 ./source/ap/linuxdoc-tools/sources/xmlto-0.0.28-16.fc35.src.rpm --rwxr-xr-x 1 root root 2909 2021-11-03 03:52 ./source/ap/linuxdoc-tools/trackbuild.linuxdoc-tools -drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lm_sensors --rw-r--r-- 1 root root 212074 2019-10-17 15:43 ./source/ap/lm_sensors/lm_sensors-3.6.0.tar.lz --rwxr-xr-x 1 root root 4099 2021-02-13 05:31 ./source/ap/lm_sensors/lm_sensors.SlackBuild --rw-r--r-- 1 root root 990 2018-11-26 20:25 ./source/ap/lm_sensors/slack-desc -drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lsof --rw-r--r-- 1 root root 778902 2020-11-10 19:00 ./source/ap/lsof/lsof-4.94.0.tar.lz --rwxr-xr-x 1 root root 3441 2021-02-13 05:31 ./source/ap/lsof/lsof.SlackBuild --rw-r--r-- 1 root root 97 2020-11-11 19:39 ./source/ap/lsof/lsof.url --rw-r--r-- 1 root root 784 2018-02-27 06:12 ./source/ap/lsof/slack-desc -drwxr-xr-x 2 root root 4096 2021-05-06 19:12 ./source/ap/lsscsi --rw-r--r-- 1 root root 148432 2021-05-05 21:53 ./source/ap/lsscsi/lsscsi-0.32.tar.lz --rwxr-xr-x 1 root root 4171 2021-05-06 19:12 ./source/ap/lsscsi/lsscsi.SlackBuild --rw-r--r-- 1 root root 36 2008-11-29 19:46 ./source/ap/lsscsi/lsscsi.url --rw-r--r-- 1 root root 821 2018-02-27 06:12 ./source/ap/lsscsi/slack-desc -drwxr-xr-x 2 root root 4096 2021-11-12 18:35 ./source/ap/lxc --rw-r--r-- 1 root root 254 2015-09-01 21:57 ./source/ap/lxc/doinst.sh.gz --rwxr-xr-x 1 root root 2327 2020-07-09 18:37 ./source/ap/lxc/get-lxc.sh --rw-r--r-- 1 root root 929976 2021-10-19 16:10 ./source/ap/lxc/lxc-4.0.11.tar.lz --rw-r--r-- 1 root root 11756 2021-11-17 20:07 ./source/ap/lxc/lxc-slackware.in --rwxr-xr-x 1 root root 6490 2021-11-17 20:07 ./source/ap/lxc/lxc.SlackBuild --rw-r--r-- 1 root root 43 2021-11-10 23:12 ./source/ap/lxc/lxc.url --rw-r--r-- 1 root root 1340 2017-06-21 17:56 ./source/ap/lxc/rc.lxc --rw-r--r-- 1 root root 955 2019-02-12 20:15 ./source/ap/lxc/slack-desc -drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/madplay +-rw-r--r-- 1 root root 1528303 2021-07-27 12:02 ./source/ap/linuxdoc-tools/sources/opensp-1.5.2-38.fc35.src.rpm +-rw-r--r-- 1 root root 28136 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-NamespaceSupport-1.12-15.fc35.src.rpm +-rw-r--r-- 1 root root 49816 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-1.02-8.fc35.src.rpm +-rw-r--r-- 1 root root 37941 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-Base-1.09-15.fc35.src.rpm +-rw-r--r-- 1 root root 107408 2021-07-27 05:52 ./source/ap/linuxdoc-tools/sources/sgml-common-0.6.3-57.fc35.src.rpm +-rwxr-xr-x 1 root root 8342 2021-08-11 08:55 ./source/ap/linuxdoc-tools/sources/source.download +-rw-r--r-- 1 root root 138086 2021-07-27 06:39 ./source/ap/linuxdoc-tools/sources/xmlto-0.0.28-16.fc35.src.rpm +-rwxr-xr-x 1 root root 2909 2021-11-03 03:52 ./source/ap/linuxdoc-tools/trackbuild.linuxdoc-tools +drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lm_sensors +-rw-r--r-- 1 root root 212074 2019-10-17 15:43 ./source/ap/lm_sensors/lm_sensors-3.6.0.tar.lz +-rwxr-xr-x 1 root root 4099 2021-02-13 05:31 ./source/ap/lm_sensors/lm_sensors.SlackBuild +-rw-r--r-- 1 root root 990 2018-11-26 20:25 ./source/ap/lm_sensors/slack-desc +drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lsof +-rw-r--r-- 1 root root 778902 2020-11-10 19:00 ./source/ap/lsof/lsof-4.94.0.tar.lz +-rwxr-xr-x 1 root root 3441 2021-02-13 05:31 ./source/ap/lsof/lsof.SlackBuild +-rw-r--r-- 1 root root 97 2020-11-11 19:39 ./source/ap/lsof/lsof.url +-rw-r--r-- 1 root root 784 2018-02-27 06:12 ./source/ap/lsof/slack-desc +drwxr-xr-x 2 root root 4096 2021-05-06 19:12 ./source/ap/lsscsi +-rw-r--r-- 1 root root 148432 2021-05-05 21:53 ./source/ap/lsscsi/lsscsi-0.32.tar.lz +-rwxr-xr-x 1 root root 4171 2021-05-06 19:12 ./source/ap/lsscsi/lsscsi.SlackBuild +-rw-r--r-- 1 root root 36 2008-11-29 19:46 ./source/ap/lsscsi/lsscsi.url +-rw-r--r-- 1 root root 821 2018-02-27 06:12 ./source/ap/lsscsi/slack-desc +drwxr-xr-x 2 root root 4096 2021-11-12 18:35 ./source/ap/lxc +-rw-r--r-- 1 root root 254 2015-09-01 21:57 ./source/ap/lxc/doinst.sh.gz +-rwxr-xr-x 1 root root 2327 2020-07-09 18:37 ./source/ap/lxc/get-lxc.sh +-rw-r--r-- 1 root root 929976 2021-10-19 16:10 ./source/ap/lxc/lxc-4.0.11.tar.lz +-rw-r--r-- 1 root root 11756 2021-11-17 20:07 ./source/ap/lxc/lxc-slackware.in +-rwxr-xr-x 1 root root 6490 2021-11-17 20:07 ./source/ap/lxc/lxc.SlackBuild +-rw-r--r-- 1 root root 43 2021-11-10 23:12 ./source/ap/lxc/lxc.url +-rw-r--r-- 1 root root 1340 2017-06-21 17:56 ./source/ap/lxc/rc.lxc +-rw-r--r-- 1 root root 955 2019-02-12 20:15 ./source/ap/lxc/slack-desc +drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/madplay -rw-r--r-- 1 root root 285 2011-04-02 17:59 ./source/ap/madplay/madplay-0.15.2b-fix-segfault.patch.gz -rw-r--r-- 1 root root 361360 2004-02-23 23:28 ./source/ap/madplay/madplay-0.15.2b.tar.xz -rwxr-xr-x 1 root root 3198 2021-02-13 05:31 ./source/ap/madplay/madplay.SlackBuild @@ -14892,38 +14910,38 @@ drwxr-xr-x 2 root root 4096 2021-01-05 21:04 ./source/x/x11-skel/scripts drwxr-xr-x 2 root root 12288 2021-11-29 19:51 ./source/x/x11/build -rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/anthy -rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/appres --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bdftopcf --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/beforelight --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bigreqsproto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bitmap --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/compositeproto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/damageproto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dmxproto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri2proto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri3proto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/editres --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/encodings --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/evieext --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/fixesproto --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-100dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-75dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-100dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-75dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-type1 --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-alias --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-arabic-misc --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-100dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-75dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-100dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-75dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-ttf --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-type1 --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-100dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-75dpi --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-speedo --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-type1 --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cronyx-cyrillic --rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cursor-misc +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bdftopcf +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/beforelight +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bigreqsproto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bitmap +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/compositeproto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/damageproto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dmxproto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri2proto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri3proto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/editres +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/encodings +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/evieext +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/fixesproto +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-100dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-75dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-100dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-75dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-type1 +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-alias +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-arabic-misc +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-100dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-75dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-100dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-75dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-ttf +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-type1 +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-100dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-75dpi +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-speedo +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-type1 +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cronyx-cyrillic +-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cursor-misc -rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-daewoo-misc -rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-dec-misc -rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-ibm-type1 diff --git a/patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txt b/patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txt index 7fde3fa58..7fde3fa58 100644 --- a/patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txt +++ b/patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txt diff --git a/patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt b/patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txt index ec0248ea9..ec0248ea9 100644 --- a/patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt +++ b/patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txt diff --git a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txt index 2ffb35f60..2ffb35f60 100644 --- a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt +++ b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txt diff --git a/patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt b/patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txt index 9c7075278..9c7075278 100644 --- a/patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt +++ b/patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txt diff --git a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txt index 675c628db..675c628db 100644 --- a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt +++ b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txt diff --git a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txt index 44e18f2cf..44e18f2cf 100644 --- a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt +++ b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txt diff --git a/patches/source/xorg-server-xwayland/CVE-2023-6816.patch b/patches/source/xorg-server-xwayland/CVE-2023-6816.patch new file mode 100644 index 000000000..e928729e9 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2023-6816.patch @@ -0,0 +1,51 @@ +From 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 14 Dec 2023 11:29:49 +1000 +Subject: [PATCH] dix: allocate enough space for logical button maps + +Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for +each logical button currently down. Since buttons can be arbitrarily mapped +to anything up to 255 make sure we have enough bits for the maximum mapping. + +CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/xiquerypointer.c | 3 +-- + dix/enterleave.c | 5 +++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c +index 5b77b1a444..2b05ac5f39 100644 +--- a/Xi/xiquerypointer.c ++++ b/Xi/xiquerypointer.c +@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client) + if (pDev->button) { + int i; + +- rep.buttons_len = +- bytes_to_int32(bits_to_bytes(pDev->button->numButtons)); ++ rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map up to 255 */ + rep.length += rep.buttons_len; + buttons = calloc(rep.buttons_len, 4); + if (!buttons) +diff --git a/dix/enterleave.c b/dix/enterleave.c +index 867ec74363..ded8679d76 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, + + mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER); + +- /* XI 2 event */ +- btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0; ++ /* XI 2 event contains the logical button map - maps are CARD8 ++ * so we need 256 bits for the possibly maximum mapping */ ++ btlen = (mouse->button) ? bits_to_bytes(256) : 0; + btlen = bytes_to_int32(btlen); + len = sizeof(xXIFocusInEvent) + btlen * 4; + +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch b/patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch new file mode 100644 index 000000000..b5354ba65 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch @@ -0,0 +1,83 @@ +From ece23be888a93b741aa1209d1dbf64636109d6a5 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon, 18 Dec 2023 14:27:50 +1000 +Subject: [PATCH] dix: Allocate sufficient xEvents for our DeviceStateNotify + +If a device has both a button class and a key class and numButtons is +zero, we can get an OOB write due to event under-allocation. + +This function seems to assume a device has either keys or buttons, not +both. It has two virtually identical code paths, both of which assume +they're applying to the first event in the sequence. + +A device with both a key and button class triggered a logic bug - only +one xEvent was allocated but the deviceStateNotify pointer was pushed on +once per type. So effectively this logic code: + + int count = 1; + if (button && nbuttons > 32) count++; + if (key && nbuttons > 0) count++; + if (key && nkeys > 32) count++; // this is basically always true + // count is at 2 for our keys + zero button device + + ev = alloc(count * sizeof(xEvent)); + FixDeviceStateNotify(ev); + if (button) + FixDeviceStateNotify(ev++); + if (key) + FixDeviceStateNotify(ev++); // santa drops into the wrong chimney here + +If the device has more than 3 valuators, the OOB is pushed back - we're +off by one so it will happen when the last deviceValuator event is +written instead. + +Fix this by allocating the maximum number of events we may allocate. +Note that the current behavior is not protocol-correct anyway, this +patch fixes only the allocation issue. + +Note that this issue does not trigger if the device has at least one +button. While the server does not prevent a button class with zero +buttons, it is very unlikely. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + dix/enterleave.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/dix/enterleave.c b/dix/enterleave.c +index ded8679d76..17964b00a4 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -675,7 +675,8 @@ static void + DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + { + int evcount = 1; +- deviceStateNotify *ev, *sev; ++ deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3]; ++ deviceStateNotify *ev; + deviceKeyStateNotify *kev; + deviceButtonStateNotify *bev; + +@@ -714,7 +715,7 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + } + } + +- sev = ev = xallocarray(evcount, sizeof(xEvent)); ++ ev = sev; + FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first); + + if (b != NULL) { +@@ -770,7 +771,6 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + + DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount, + DeviceStateNotifyMask, NullGrab); +- free(sev); + } + + void +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch b/patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch new file mode 100644 index 000000000..1704fad67 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch @@ -0,0 +1,217 @@ +From 219c54b8a3337456ce5270ded6a67bcde53553d5 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon, 18 Dec 2023 12:26:20 +1000 +Subject: [PATCH] dix: fix DeviceStateNotify event calculation + +The previous code only made sense if one considers buttons and keys to +be mutually exclusive on a device. That is not necessarily true, causing +a number of issues. + +This function allocates and fills in the number of xEvents we need to +send the device state down the wire. This is split across multiple +32-byte devices including one deviceStateNotify event and optional +deviceKeyStateNotify, deviceButtonStateNotify and (possibly multiple) +deviceValuator events. + +The previous behavior would instead compose a sequence +of [state, buttonstate, state, keystate, valuator...]. This is not +protocol correct, and on top of that made the code extremely convoluted. + +Fix this by streamlining: add both button and key into the deviceStateNotify +and then append the key state and button state, followed by the +valuators. Finally, the deviceValuator events contain up to 6 valuators +per event but we only ever sent through 3 at a time. Let's double that +troughput. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + dix/enterleave.c | 121 ++++++++++++++++++++--------------------------- + 1 file changed, 52 insertions(+), 69 deletions(-) + +diff --git a/dix/enterleave.c b/dix/enterleave.c +index 17964b00a4..7b7ba1098b 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -615,9 +615,15 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v, + + ev->type = DeviceValuator; + ev->deviceid = dev->id; +- ev->num_valuators = nval < 3 ? nval : 3; ++ ev->num_valuators = nval < 6 ? nval : 6; + ev->first_valuator = first; + switch (ev->num_valuators) { ++ case 6: ++ ev->valuator2 = v->axisVal[first + 5]; ++ case 5: ++ ev->valuator2 = v->axisVal[first + 4]; ++ case 4: ++ ev->valuator2 = v->axisVal[first + 3]; + case 3: + ev->valuator2 = v->axisVal[first + 2]; + case 2: +@@ -626,7 +632,6 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v, + ev->valuator0 = v->axisVal[first]; + break; + } +- first += ev->num_valuators; + } + + static void +@@ -646,7 +651,7 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k, + ev->num_buttons = b->numButtons; + memcpy((char *) ev->buttons, (char *) b->down, 4); + } +- else if (k) { ++ if (k) { + ev->classes_reported |= (1 << KeyClass); + ev->num_keys = k->xkbInfo->desc->max_key_code - + k->xkbInfo->desc->min_key_code; +@@ -670,15 +675,26 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k, + } + } + +- ++/** ++ * The device state notify event is split across multiple 32-byte events. ++ * The first one contains the first 32 button state bits, the first 32 ++ * key state bits, and the first 3 valuator values. ++ * ++ * If a device has more than that, the server sends out: ++ * - one deviceButtonStateNotify for buttons 32 and above ++ * - one deviceKeyStateNotify for keys 32 and above ++ * - one deviceValuator event per 6 valuators above valuator 4 ++ * ++ * All events but the last one have the deviceid binary ORed with MORE_EVENTS, ++ */ + static void + DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + { ++ /* deviceStateNotify, deviceKeyStateNotify, deviceButtonStateNotify ++ * and one deviceValuator for each 6 valuators */ ++ deviceStateNotify sev[3 + (MAX_VALUATORS + 6)/6]; + int evcount = 1; +- deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3]; +- deviceStateNotify *ev; +- deviceKeyStateNotify *kev; +- deviceButtonStateNotify *bev; ++ deviceStateNotify *ev = sev; + + KeyClassPtr k; + ButtonClassPtr b; +@@ -691,82 +707,49 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + + if ((b = dev->button) != NULL) { + nbuttons = b->numButtons; +- if (nbuttons > 32) ++ if (nbuttons > 32) /* first 32 are encoded in deviceStateNotify */ + evcount++; + } + if ((k = dev->key) != NULL) { + nkeys = k->xkbInfo->desc->max_key_code - k->xkbInfo->desc->min_key_code; +- if (nkeys > 32) ++ if (nkeys > 32) /* first 32 are encoded in deviceStateNotify */ + evcount++; +- if (nbuttons > 0) { +- evcount++; +- } + } + if ((v = dev->valuator) != NULL) { + nval = v->numAxes; +- +- if (nval > 3) +- evcount++; +- if (nval > 6) { +- if (!(k && b)) +- evcount++; +- if (nval > 9) +- evcount += ((nval - 7) / 3); +- } ++ /* first three are encoded in deviceStateNotify, then ++ * it's 6 per deviceValuator event */ ++ evcount += ((nval - 3) + 6)/6; + } + +- ev = sev; +- FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first); +- +- if (b != NULL) { +- FixDeviceStateNotify(dev, ev++, NULL, b, v, first); +- first += 3; +- nval -= 3; +- if (nbuttons > 32) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- bev = (deviceButtonStateNotify *) ev++; +- bev->type = DeviceButtonStateNotify; +- bev->deviceid = dev->id; +- memcpy((char *) &bev->buttons[4], (char *) &b->down[4], +- DOWN_LENGTH - 4); +- } +- if (nval > 0) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first); +- first += 3; +- nval -= 3; +- } ++ BUG_RETURN(evcount <= ARRAY_SIZE(sev)); ++ ++ FixDeviceStateNotify(dev, ev, k, b, v, first); ++ ++ if (b != NULL && nbuttons > 32) { ++ deviceButtonStateNotify *bev = (deviceButtonStateNotify *) ++ev; ++ (ev - 1)->deviceid |= MORE_EVENTS; ++ bev->type = DeviceButtonStateNotify; ++ bev->deviceid = dev->id; ++ memcpy((char *) &bev->buttons[4], (char *) &b->down[4], ++ DOWN_LENGTH - 4); + } + +- if (k != NULL) { +- FixDeviceStateNotify(dev, ev++, k, NULL, v, first); +- first += 3; +- nval -= 3; +- if (nkeys > 32) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- kev = (deviceKeyStateNotify *) ev++; +- kev->type = DeviceKeyStateNotify; +- kev->deviceid = dev->id; +- memmove((char *) &kev->keys[0], (char *) &k->down[4], 28); +- } +- if (nval > 0) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first); +- first += 3; +- nval -= 3; +- } ++ if (k != NULL && nkeys > 32) { ++ deviceKeyStateNotify *kev = (deviceKeyStateNotify *) ++ev; ++ (ev - 1)->deviceid |= MORE_EVENTS; ++ kev->type = DeviceKeyStateNotify; ++ kev->deviceid = dev->id; ++ memmove((char *) &kev->keys[0], (char *) &k->down[4], 28); + } + ++ first = 3; ++ nval -= 3; + while (nval > 0) { +- FixDeviceStateNotify(dev, ev++, NULL, NULL, v, first); +- first += 3; +- nval -= 3; +- if (nval > 0) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first); +- first += 3; +- nval -= 3; +- } ++ ev->deviceid |= MORE_EVENTS; ++ FixDeviceValuator(dev, (deviceValuator *) ++ev, v, first); ++ first += 6; ++ nval -= 6; + } + + DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount, +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch b/patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch new file mode 100644 index 000000000..1624ec161 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch @@ -0,0 +1,37 @@ +From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 21 Dec 2023 13:48:10 +1000 +Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of + buttons + +There's a racy sequence where a master device may copy the button class +from the slave, without ever initializing numButtons. This leads to a +device with zero buttons but a button class which is invalid. + +Let's copy the numButtons value from the source - by definition if we +don't have a button class yet we do not have any other slave devices +with more than this number of buttons anyway. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/exevents.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Xi/exevents.c b/Xi/exevents.c +index 54ea11a938..e161714682 100644 +--- a/Xi/exevents.c ++++ b/Xi/exevents.c +@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) + to->button = calloc(1, sizeof(ButtonClassRec)); + if (!to->button) + FatalError("[Xi] no memory for class shift.\n"); ++ to->button->numButtons = from->button->numButtons; + } + else + classes->button = NULL; +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-0408.patch b/patches/source/xorg-server-xwayland/CVE-2024-0408.patch new file mode 100644 index 000000000..1efab4974 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-0408.patch @@ -0,0 +1,60 @@ +From e5e8586a12a3ec915673edffa10dc8fe5e15dac3 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Wed, 6 Dec 2023 12:09:41 +0100 +Subject: [PATCH] glx: Call XACE hooks on the GLX buffer + +The XSELINUX code will label resources at creation by checking the +access mode. When the access mode is DixCreateAccess, it will call the +function to label the new resource SELinuxLabelResource(). + +However, GLX buffers do not go through the XACE hooks when created, +hence leaving the resource actually unlabeled. + +When, later, the client tries to create another resource using that +drawable (like a GC for example), the XSELINUX code would try to use +the security ID of that object which has never been labeled, get a NULL +pointer and crash when checking whether the requested permissions are +granted for subject security ID. + +To avoid the issue, make sure to call the XACE hooks when creating the +GLX buffers. + +Credit goes to Donn Seeley <donn@xmission.com> for providing the patch. + +CVE-2024-0408 + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Acked-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + glx/glxcmds.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/glx/glxcmds.c b/glx/glxcmds.c +index fc26a2e345..1e46d0c723 100644 +--- a/glx/glxcmds.c ++++ b/glx/glxcmds.c +@@ -48,6 +48,7 @@ + #include "indirect_util.h" + #include "protocol-versions.h" + #include "glxvndabi.h" ++#include "xace.h" + + static char GLXServerVendorName[] = "SGI"; + +@@ -1392,6 +1393,13 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId, + if (!pPixmap) + return BadAlloc; + ++ err = XaceHook(XACE_RESOURCE_ACCESS, client, glxDrawableId, RT_PIXMAP, ++ pPixmap, RT_NONE, NULL, DixCreateAccess); ++ if (err != Success) { ++ (*pGlxScreen->pScreen->DestroyPixmap) (pPixmap); ++ return err; ++ } ++ + /* Assign the pixmap the same id as the pbuffer and add it as a + * resource so it and the DRI2 drawable will be reclaimed when the + * pbuffer is destroyed. */ +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-0409.patch b/patches/source/xorg-server-xwayland/CVE-2024-0409.patch new file mode 100644 index 000000000..7e956fba3 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-0409.patch @@ -0,0 +1,56 @@ +From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Wed, 6 Dec 2023 11:51:56 +0100 +Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor + +The cursor in DIX is actually split in two parts, the cursor itself and +the cursor bits, each with their own devPrivates. + +The cursor itself includes the cursor bits, meaning that the cursor bits +devPrivates in within structure of the cursor. + +Both Xephyr and Xwayland were using the private key for the cursor bits +to store the data for the cursor, and when using XSELINUX which comes +with its own special devPrivates, the data stored in that cursor bits' +devPrivates would interfere with the XSELINUX devPrivates data and the +SELINUX security ID would point to some other unrelated data, causing a +crash in the XSELINUX code when trying to (re)use the security ID. + +CVE-2024-0409 + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + hw/kdrive/ephyr/ephyrcursor.c | 2 +- + hw/xwayland/xwayland-cursor.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c +index f991899c50..3f192d034a 100644 +--- a/hw/kdrive/ephyr/ephyrcursor.c ++++ b/hw/kdrive/ephyr/ephyrcursor.c +@@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = { + Bool + ephyrCursorInit(ScreenPtr screen) + { +- if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS, ++ if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR, + sizeof(ephyrCursorRec))) + return FALSE; + +diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c +index e3c1aaa50c..bd94b0cfbb 100644 +--- a/hw/xwayland/xwayland-cursor.c ++++ b/hw/xwayland/xwayland-cursor.c +@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = { + Bool + xwl_screen_init_cursor(struct xwl_screen *xwl_screen) + { +- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0)) ++ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0)) + return FALSE; + + return miPointerInitialize(xwl_screen->screen, +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-21885.patch b/patches/source/xorg-server-xwayland/CVE-2024-21885.patch new file mode 100644 index 000000000..949efd7c6 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-21885.patch @@ -0,0 +1,109 @@ +From 4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 4 Jan 2024 10:01:24 +1000 +Subject: [PATCH] Xi: flush hierarchy events after adding/removing master + devices + +The `XISendDeviceHierarchyEvent()` function allocates space to store up +to `MAXDEVICES` (256) `xXIHierarchyInfo` structures in `info`. + +If a device with a given ID was removed and a new device with the same +ID added both in the same operation, the single device ID will lead to +two info structures being written to `info`. + +Since this case can occur for every device ID at once, a total of two +times `MAXDEVICES` info structures might be written to the allocation. + +To avoid it, once one add/remove master is processed, send out the +device hierarchy event for the current state and continue. That event +thus only ever has exactly one of either added/removed in it (and +optionally slave attached/detached). + +CVE-2024-21885, ZDI-CAN-22744 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/xichangehierarchy.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c +index d2d985848d..72d00451e3 100644 +--- a/Xi/xichangehierarchy.c ++++ b/Xi/xichangehierarchy.c +@@ -416,6 +416,11 @@ ProcXIChangeHierarchy(ClientPtr client) + size_t len; /* length of data remaining in request */ + int rc = Success; + int flags[MAXDEVICES] = { 0 }; ++ enum { ++ NO_CHANGE, ++ FLUSH, ++ CHANGED, ++ } changes = NO_CHANGE; + + REQUEST(xXIChangeHierarchyReq); + REQUEST_AT_LEAST_SIZE(xXIChangeHierarchyReq); +@@ -465,8 +470,9 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = add_master(client, c, flags); + if (rc != Success) + goto unwind; +- } ++ changes = FLUSH; + break; ++ } + case XIRemoveMaster: + { + xXIRemoveMasterInfo *r = (xXIRemoveMasterInfo *) any; +@@ -475,8 +481,9 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = remove_master(client, r, flags); + if (rc != Success) + goto unwind; +- } ++ changes = FLUSH; + break; ++ } + case XIDetachSlave: + { + xXIDetachSlaveInfo *c = (xXIDetachSlaveInfo *) any; +@@ -485,8 +492,9 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = detach_slave(client, c, flags); + if (rc != Success) + goto unwind; +- } ++ changes = CHANGED; + break; ++ } + case XIAttachSlave: + { + xXIAttachSlaveInfo *c = (xXIAttachSlaveInfo *) any; +@@ -495,16 +503,25 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = attach_slave(client, c, flags); + if (rc != Success) + goto unwind; ++ changes = CHANGED; ++ break; + } ++ default: + break; + } + ++ if (changes == FLUSH) { ++ XISendDeviceHierarchyEvent(flags); ++ memset(flags, 0, sizeof(flags)); ++ changes = NO_CHANGE; ++ } ++ + len -= any->length * 4; + any = (xXIAnyHierarchyChangeInfo *) ((char *) any + any->length * 4); + } + + unwind: +- +- XISendDeviceHierarchyEvent(flags); ++ if (changes != NO_CHANGE) ++ XISendDeviceHierarchyEvent(flags); + return rc; + } +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch b/patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch new file mode 100644 index 000000000..e58fe8d78 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch @@ -0,0 +1,70 @@ +From bc1fdbe46559dd947674375946bbef54dd0ce36b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com> +Date: Fri, 22 Dec 2023 18:28:31 +0100 +Subject: [PATCH] Xi: do not keep linked list pointer during recursion + +The `DisableDevice()` function is called whenever an enabled device +is disabled and it moves the device from the `inputInfo.devices` linked +list to the `inputInfo.off_devices` linked list. + +However, its link/unlink operation has an issue during the recursive +call to `DisableDevice()` due to the `prev` pointer pointing to a +removed device. + +This issue leads to a length mismatch between the total number of +devices and the number of device in the list, leading to a heap +overflow and, possibly, to local privilege escalation. + +Simplify the code that checked whether the device passed to +`DisableDevice()` was in `inputInfo.devices` or not and find the +previous device after the recursion. + +CVE-2024-21886, ZDI-CAN-22840 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + dix/devices.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/dix/devices.c b/dix/devices.c +index dca98c8d1b..389d28a23c 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -453,14 +453,20 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent) + { + DeviceIntPtr *prev, other; + BOOL enabled; ++ BOOL dev_in_devices_list = FALSE; + int flags[MAXDEVICES] = { 0 }; + + if (!dev->enabled) + return TRUE; + +- for (prev = &inputInfo.devices; +- *prev && (*prev != dev); prev = &(*prev)->next); +- if (*prev != dev) ++ for (other = inputInfo.devices; other; other = other->next) { ++ if (other == dev) { ++ dev_in_devices_list = TRUE; ++ break; ++ } ++ } ++ ++ if (!dev_in_devices_list) + return FALSE; + + TouchEndPhysicallyActiveTouches(dev); +@@ -511,6 +517,9 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent) + LeaveWindow(dev); + SetFocusOut(dev); + ++ for (prev = &inputInfo.devices; ++ *prev && (*prev != dev); prev = &(*prev)->next); ++ + *prev = dev->next; + dev->next = inputInfo.off_devices; + inputInfo.off_devices = dev; +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch b/patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch new file mode 100644 index 000000000..de7422442 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch @@ -0,0 +1,53 @@ +From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Fri, 5 Jan 2024 09:40:27 +1000 +Subject: [PATCH] dix: when disabling a master, float disabled slaved devices + too + +Disabling a master device floats all slave devices but we didn't do this +to already-disabled slave devices. As a result those devices kept their +reference to the master device resulting in access to already freed +memory if the master device was removed before the corresponding slave +device. + +And to match this behavior, also forcibly reset that pointer during +CloseDownDevices(). + +Related to CVE-2024-21886, ZDI-CAN-22840 +--- + dix/devices.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/dix/devices.c b/dix/devices.c +index 389d28a23c..84a6406d13 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent) + flags[other->id] |= XISlaveDetached; + } + } ++ ++ for (other = inputInfo.off_devices; other; other = other->next) { ++ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) { ++ AttachDevice(NULL, other, NULL); ++ flags[other->id] |= XISlaveDetached; ++ } ++ } + } + else { + for (other = inputInfo.devices; other; other = other->next) { +@@ -1088,6 +1095,11 @@ CloseDownDevices(void) + dev->master = NULL; + } + ++ for (dev = inputInfo.off_devices; dev; dev = dev->next) { ++ if (!IsMaster(dev) && !IsFloating(dev)) ++ dev->master = NULL; ++ } ++ + CloseDeviceList(&inputInfo.devices); + CloseDeviceList(&inputInfo.off_devices); + +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild index fe617accc..1a0b78aaf 100755 --- a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild +++ b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=xorg-server-xwayland SRCNAM=xwayland VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-9_slack15.0} +BUILD=${BUILD:-10_slack15.0} # Default font paths to be used by the X server: DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" @@ -117,6 +117,19 @@ zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2023-6377.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2023-6478.patch.gz | patch -p1 --verbose || exit 1 + +# Patch more security issues: +zcat $CWD/CVE-2023-6816.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-0408.patch.gz | patch -p1 --verbose || exit 1 +# The vulnerable code is not present in xwayland-21.1.4: +#zcat $CWD/CVE-2024-0409.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-21885.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || exit 1 + # Configure, build, and install: export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS" diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server index 92794e1d7..7db570d8b 100644 --- a/patches/source/xorg-server/build/xorg-server +++ b/patches/source/xorg-server/build/xorg-server @@ -1 +1 @@ -10_slack15.0 +11_slack15.0 diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch index fa924f1f7..8226fa1b7 100644 --- a/patches/source/xorg-server/patch/xorg-server.patch +++ b/patches/source/xorg-server/patch/xorg-server.patch @@ -67,3 +67,14 @@ zcat $CWD/patch/xorg-server/CVE-2023-5380.patch.gz | patch -p1 --verbose || { to # Patch more security issues: zcat $CWD/patch/xorg-server/CVE-2023-6377.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } zcat $CWD/patch/xorg-server/CVE-2023-6478.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# Patch more security issues: +zcat $CWD/patch/xorg-server/CVE-2023-6816.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-0408.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-0409.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-21885.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch new file mode 100644 index 000000000..e928729e9 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch @@ -0,0 +1,51 @@ +From 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 14 Dec 2023 11:29:49 +1000 +Subject: [PATCH] dix: allocate enough space for logical button maps + +Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for +each logical button currently down. Since buttons can be arbitrarily mapped +to anything up to 255 make sure we have enough bits for the maximum mapping. + +CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/xiquerypointer.c | 3 +-- + dix/enterleave.c | 5 +++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c +index 5b77b1a444..2b05ac5f39 100644 +--- a/Xi/xiquerypointer.c ++++ b/Xi/xiquerypointer.c +@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client) + if (pDev->button) { + int i; + +- rep.buttons_len = +- bytes_to_int32(bits_to_bytes(pDev->button->numButtons)); ++ rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map up to 255 */ + rep.length += rep.buttons_len; + buttons = calloc(rep.buttons_len, 4); + if (!buttons) +diff --git a/dix/enterleave.c b/dix/enterleave.c +index 867ec74363..ded8679d76 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, + + mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER); + +- /* XI 2 event */ +- btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0; ++ /* XI 2 event contains the logical button map - maps are CARD8 ++ * so we need 256 bits for the possibly maximum mapping */ ++ btlen = (mouse->button) ? bits_to_bytes(256) : 0; + btlen = bytes_to_int32(btlen); + len = sizeof(xXIFocusInEvent) + btlen * 4; + +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch new file mode 100644 index 000000000..b5354ba65 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch @@ -0,0 +1,83 @@ +From ece23be888a93b741aa1209d1dbf64636109d6a5 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon, 18 Dec 2023 14:27:50 +1000 +Subject: [PATCH] dix: Allocate sufficient xEvents for our DeviceStateNotify + +If a device has both a button class and a key class and numButtons is +zero, we can get an OOB write due to event under-allocation. + +This function seems to assume a device has either keys or buttons, not +both. It has two virtually identical code paths, both of which assume +they're applying to the first event in the sequence. + +A device with both a key and button class triggered a logic bug - only +one xEvent was allocated but the deviceStateNotify pointer was pushed on +once per type. So effectively this logic code: + + int count = 1; + if (button && nbuttons > 32) count++; + if (key && nbuttons > 0) count++; + if (key && nkeys > 32) count++; // this is basically always true + // count is at 2 for our keys + zero button device + + ev = alloc(count * sizeof(xEvent)); + FixDeviceStateNotify(ev); + if (button) + FixDeviceStateNotify(ev++); + if (key) + FixDeviceStateNotify(ev++); // santa drops into the wrong chimney here + +If the device has more than 3 valuators, the OOB is pushed back - we're +off by one so it will happen when the last deviceValuator event is +written instead. + +Fix this by allocating the maximum number of events we may allocate. +Note that the current behavior is not protocol-correct anyway, this +patch fixes only the allocation issue. + +Note that this issue does not trigger if the device has at least one +button. While the server does not prevent a button class with zero +buttons, it is very unlikely. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + dix/enterleave.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/dix/enterleave.c b/dix/enterleave.c +index ded8679d76..17964b00a4 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -675,7 +675,8 @@ static void + DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + { + int evcount = 1; +- deviceStateNotify *ev, *sev; ++ deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3]; ++ deviceStateNotify *ev; + deviceKeyStateNotify *kev; + deviceButtonStateNotify *bev; + +@@ -714,7 +715,7 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + } + } + +- sev = ev = xallocarray(evcount, sizeof(xEvent)); ++ ev = sev; + FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first); + + if (b != NULL) { +@@ -770,7 +771,6 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + + DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount, + DeviceStateNotifyMask, NullGrab); +- free(sev); + } + + void +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch new file mode 100644 index 000000000..1704fad67 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch @@ -0,0 +1,217 @@ +From 219c54b8a3337456ce5270ded6a67bcde53553d5 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon, 18 Dec 2023 12:26:20 +1000 +Subject: [PATCH] dix: fix DeviceStateNotify event calculation + +The previous code only made sense if one considers buttons and keys to +be mutually exclusive on a device. That is not necessarily true, causing +a number of issues. + +This function allocates and fills in the number of xEvents we need to +send the device state down the wire. This is split across multiple +32-byte devices including one deviceStateNotify event and optional +deviceKeyStateNotify, deviceButtonStateNotify and (possibly multiple) +deviceValuator events. + +The previous behavior would instead compose a sequence +of [state, buttonstate, state, keystate, valuator...]. This is not +protocol correct, and on top of that made the code extremely convoluted. + +Fix this by streamlining: add both button and key into the deviceStateNotify +and then append the key state and button state, followed by the +valuators. Finally, the deviceValuator events contain up to 6 valuators +per event but we only ever sent through 3 at a time. Let's double that +troughput. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + dix/enterleave.c | 121 ++++++++++++++++++++--------------------------- + 1 file changed, 52 insertions(+), 69 deletions(-) + +diff --git a/dix/enterleave.c b/dix/enterleave.c +index 17964b00a4..7b7ba1098b 100644 +--- a/dix/enterleave.c ++++ b/dix/enterleave.c +@@ -615,9 +615,15 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v, + + ev->type = DeviceValuator; + ev->deviceid = dev->id; +- ev->num_valuators = nval < 3 ? nval : 3; ++ ev->num_valuators = nval < 6 ? nval : 6; + ev->first_valuator = first; + switch (ev->num_valuators) { ++ case 6: ++ ev->valuator2 = v->axisVal[first + 5]; ++ case 5: ++ ev->valuator2 = v->axisVal[first + 4]; ++ case 4: ++ ev->valuator2 = v->axisVal[first + 3]; + case 3: + ev->valuator2 = v->axisVal[first + 2]; + case 2: +@@ -626,7 +632,6 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v, + ev->valuator0 = v->axisVal[first]; + break; + } +- first += ev->num_valuators; + } + + static void +@@ -646,7 +651,7 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k, + ev->num_buttons = b->numButtons; + memcpy((char *) ev->buttons, (char *) b->down, 4); + } +- else if (k) { ++ if (k) { + ev->classes_reported |= (1 << KeyClass); + ev->num_keys = k->xkbInfo->desc->max_key_code - + k->xkbInfo->desc->min_key_code; +@@ -670,15 +675,26 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k, + } + } + +- ++/** ++ * The device state notify event is split across multiple 32-byte events. ++ * The first one contains the first 32 button state bits, the first 32 ++ * key state bits, and the first 3 valuator values. ++ * ++ * If a device has more than that, the server sends out: ++ * - one deviceButtonStateNotify for buttons 32 and above ++ * - one deviceKeyStateNotify for keys 32 and above ++ * - one deviceValuator event per 6 valuators above valuator 4 ++ * ++ * All events but the last one have the deviceid binary ORed with MORE_EVENTS, ++ */ + static void + DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + { ++ /* deviceStateNotify, deviceKeyStateNotify, deviceButtonStateNotify ++ * and one deviceValuator for each 6 valuators */ ++ deviceStateNotify sev[3 + (MAX_VALUATORS + 6)/6]; + int evcount = 1; +- deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3]; +- deviceStateNotify *ev; +- deviceKeyStateNotify *kev; +- deviceButtonStateNotify *bev; ++ deviceStateNotify *ev = sev; + + KeyClassPtr k; + ButtonClassPtr b; +@@ -691,82 +707,49 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win) + + if ((b = dev->button) != NULL) { + nbuttons = b->numButtons; +- if (nbuttons > 32) ++ if (nbuttons > 32) /* first 32 are encoded in deviceStateNotify */ + evcount++; + } + if ((k = dev->key) != NULL) { + nkeys = k->xkbInfo->desc->max_key_code - k->xkbInfo->desc->min_key_code; +- if (nkeys > 32) ++ if (nkeys > 32) /* first 32 are encoded in deviceStateNotify */ + evcount++; +- if (nbuttons > 0) { +- evcount++; +- } + } + if ((v = dev->valuator) != NULL) { + nval = v->numAxes; +- +- if (nval > 3) +- evcount++; +- if (nval > 6) { +- if (!(k && b)) +- evcount++; +- if (nval > 9) +- evcount += ((nval - 7) / 3); +- } ++ /* first three are encoded in deviceStateNotify, then ++ * it's 6 per deviceValuator event */ ++ evcount += ((nval - 3) + 6)/6; + } + +- ev = sev; +- FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first); +- +- if (b != NULL) { +- FixDeviceStateNotify(dev, ev++, NULL, b, v, first); +- first += 3; +- nval -= 3; +- if (nbuttons > 32) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- bev = (deviceButtonStateNotify *) ev++; +- bev->type = DeviceButtonStateNotify; +- bev->deviceid = dev->id; +- memcpy((char *) &bev->buttons[4], (char *) &b->down[4], +- DOWN_LENGTH - 4); +- } +- if (nval > 0) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first); +- first += 3; +- nval -= 3; +- } ++ BUG_RETURN(evcount <= ARRAY_SIZE(sev)); ++ ++ FixDeviceStateNotify(dev, ev, k, b, v, first); ++ ++ if (b != NULL && nbuttons > 32) { ++ deviceButtonStateNotify *bev = (deviceButtonStateNotify *) ++ev; ++ (ev - 1)->deviceid |= MORE_EVENTS; ++ bev->type = DeviceButtonStateNotify; ++ bev->deviceid = dev->id; ++ memcpy((char *) &bev->buttons[4], (char *) &b->down[4], ++ DOWN_LENGTH - 4); + } + +- if (k != NULL) { +- FixDeviceStateNotify(dev, ev++, k, NULL, v, first); +- first += 3; +- nval -= 3; +- if (nkeys > 32) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- kev = (deviceKeyStateNotify *) ev++; +- kev->type = DeviceKeyStateNotify; +- kev->deviceid = dev->id; +- memmove((char *) &kev->keys[0], (char *) &k->down[4], 28); +- } +- if (nval > 0) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first); +- first += 3; +- nval -= 3; +- } ++ if (k != NULL && nkeys > 32) { ++ deviceKeyStateNotify *kev = (deviceKeyStateNotify *) ++ev; ++ (ev - 1)->deviceid |= MORE_EVENTS; ++ kev->type = DeviceKeyStateNotify; ++ kev->deviceid = dev->id; ++ memmove((char *) &kev->keys[0], (char *) &k->down[4], 28); + } + ++ first = 3; ++ nval -= 3; + while (nval > 0) { +- FixDeviceStateNotify(dev, ev++, NULL, NULL, v, first); +- first += 3; +- nval -= 3; +- if (nval > 0) { +- (ev - 1)->deviceid |= MORE_EVENTS; +- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first); +- first += 3; +- nval -= 3; +- } ++ ev->deviceid |= MORE_EVENTS; ++ FixDeviceValuator(dev, (deviceValuator *) ++ev, v, first); ++ first += 6; ++ nval -= 6; + } + + DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount, +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch new file mode 100644 index 000000000..1624ec161 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch @@ -0,0 +1,37 @@ +From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 21 Dec 2023 13:48:10 +1000 +Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of + buttons + +There's a racy sequence where a master device may copy the button class +from the slave, without ever initializing numButtons. This leads to a +device with zero buttons but a button class which is invalid. + +Let's copy the numButtons value from the source - by definition if we +don't have a button class yet we do not have any other slave devices +with more than this number of buttons anyway. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/exevents.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Xi/exevents.c b/Xi/exevents.c +index 54ea11a938..e161714682 100644 +--- a/Xi/exevents.c ++++ b/Xi/exevents.c +@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) + to->button = calloc(1, sizeof(ButtonClassRec)); + if (!to->button) + FatalError("[Xi] no memory for class shift.\n"); ++ to->button->numButtons = from->button->numButtons; + } + else + classes->button = NULL; +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch new file mode 100644 index 000000000..1efab4974 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch @@ -0,0 +1,60 @@ +From e5e8586a12a3ec915673edffa10dc8fe5e15dac3 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Wed, 6 Dec 2023 12:09:41 +0100 +Subject: [PATCH] glx: Call XACE hooks on the GLX buffer + +The XSELINUX code will label resources at creation by checking the +access mode. When the access mode is DixCreateAccess, it will call the +function to label the new resource SELinuxLabelResource(). + +However, GLX buffers do not go through the XACE hooks when created, +hence leaving the resource actually unlabeled. + +When, later, the client tries to create another resource using that +drawable (like a GC for example), the XSELINUX code would try to use +the security ID of that object which has never been labeled, get a NULL +pointer and crash when checking whether the requested permissions are +granted for subject security ID. + +To avoid the issue, make sure to call the XACE hooks when creating the +GLX buffers. + +Credit goes to Donn Seeley <donn@xmission.com> for providing the patch. + +CVE-2024-0408 + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Acked-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + glx/glxcmds.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/glx/glxcmds.c b/glx/glxcmds.c +index fc26a2e345..1e46d0c723 100644 +--- a/glx/glxcmds.c ++++ b/glx/glxcmds.c +@@ -48,6 +48,7 @@ + #include "indirect_util.h" + #include "protocol-versions.h" + #include "glxvndabi.h" ++#include "xace.h" + + static char GLXServerVendorName[] = "SGI"; + +@@ -1392,6 +1393,13 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId, + if (!pPixmap) + return BadAlloc; + ++ err = XaceHook(XACE_RESOURCE_ACCESS, client, glxDrawableId, RT_PIXMAP, ++ pPixmap, RT_NONE, NULL, DixCreateAccess); ++ if (err != Success) { ++ (*pGlxScreen->pScreen->DestroyPixmap) (pPixmap); ++ return err; ++ } ++ + /* Assign the pixmap the same id as the pbuffer and add it as a + * resource so it and the DRI2 drawable will be reclaimed when the + * pbuffer is destroyed. */ +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch new file mode 100644 index 000000000..7e956fba3 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch @@ -0,0 +1,56 @@ +From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Wed, 6 Dec 2023 11:51:56 +0100 +Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor + +The cursor in DIX is actually split in two parts, the cursor itself and +the cursor bits, each with their own devPrivates. + +The cursor itself includes the cursor bits, meaning that the cursor bits +devPrivates in within structure of the cursor. + +Both Xephyr and Xwayland were using the private key for the cursor bits +to store the data for the cursor, and when using XSELINUX which comes +with its own special devPrivates, the data stored in that cursor bits' +devPrivates would interfere with the XSELINUX devPrivates data and the +SELINUX security ID would point to some other unrelated data, causing a +crash in the XSELINUX code when trying to (re)use the security ID. + +CVE-2024-0409 + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + hw/kdrive/ephyr/ephyrcursor.c | 2 +- + hw/xwayland/xwayland-cursor.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c +index f991899c50..3f192d034a 100644 +--- a/hw/kdrive/ephyr/ephyrcursor.c ++++ b/hw/kdrive/ephyr/ephyrcursor.c +@@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = { + Bool + ephyrCursorInit(ScreenPtr screen) + { +- if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS, ++ if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR, + sizeof(ephyrCursorRec))) + return FALSE; + +diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c +index e3c1aaa50c..bd94b0cfbb 100644 +--- a/hw/xwayland/xwayland-cursor.c ++++ b/hw/xwayland/xwayland-cursor.c +@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = { + Bool + xwl_screen_init_cursor(struct xwl_screen *xwl_screen) + { +- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0)) ++ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0)) + return FALSE; + + return miPointerInitialize(xwl_screen->screen, +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch new file mode 100644 index 000000000..949efd7c6 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch @@ -0,0 +1,109 @@ +From 4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 4 Jan 2024 10:01:24 +1000 +Subject: [PATCH] Xi: flush hierarchy events after adding/removing master + devices + +The `XISendDeviceHierarchyEvent()` function allocates space to store up +to `MAXDEVICES` (256) `xXIHierarchyInfo` structures in `info`. + +If a device with a given ID was removed and a new device with the same +ID added both in the same operation, the single device ID will lead to +two info structures being written to `info`. + +Since this case can occur for every device ID at once, a total of two +times `MAXDEVICES` info structures might be written to the allocation. + +To avoid it, once one add/remove master is processed, send out the +device hierarchy event for the current state and continue. That event +thus only ever has exactly one of either added/removed in it (and +optionally slave attached/detached). + +CVE-2024-21885, ZDI-CAN-22744 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/xichangehierarchy.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c +index d2d985848d..72d00451e3 100644 +--- a/Xi/xichangehierarchy.c ++++ b/Xi/xichangehierarchy.c +@@ -416,6 +416,11 @@ ProcXIChangeHierarchy(ClientPtr client) + size_t len; /* length of data remaining in request */ + int rc = Success; + int flags[MAXDEVICES] = { 0 }; ++ enum { ++ NO_CHANGE, ++ FLUSH, ++ CHANGED, ++ } changes = NO_CHANGE; + + REQUEST(xXIChangeHierarchyReq); + REQUEST_AT_LEAST_SIZE(xXIChangeHierarchyReq); +@@ -465,8 +470,9 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = add_master(client, c, flags); + if (rc != Success) + goto unwind; +- } ++ changes = FLUSH; + break; ++ } + case XIRemoveMaster: + { + xXIRemoveMasterInfo *r = (xXIRemoveMasterInfo *) any; +@@ -475,8 +481,9 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = remove_master(client, r, flags); + if (rc != Success) + goto unwind; +- } ++ changes = FLUSH; + break; ++ } + case XIDetachSlave: + { + xXIDetachSlaveInfo *c = (xXIDetachSlaveInfo *) any; +@@ -485,8 +492,9 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = detach_slave(client, c, flags); + if (rc != Success) + goto unwind; +- } ++ changes = CHANGED; + break; ++ } + case XIAttachSlave: + { + xXIAttachSlaveInfo *c = (xXIAttachSlaveInfo *) any; +@@ -495,16 +503,25 @@ ProcXIChangeHierarchy(ClientPtr client) + rc = attach_slave(client, c, flags); + if (rc != Success) + goto unwind; ++ changes = CHANGED; ++ break; + } ++ default: + break; + } + ++ if (changes == FLUSH) { ++ XISendDeviceHierarchyEvent(flags); ++ memset(flags, 0, sizeof(flags)); ++ changes = NO_CHANGE; ++ } ++ + len -= any->length * 4; + any = (xXIAnyHierarchyChangeInfo *) ((char *) any + any->length * 4); + } + + unwind: +- +- XISendDeviceHierarchyEvent(flags); ++ if (changes != NO_CHANGE) ++ XISendDeviceHierarchyEvent(flags); + return rc; + } +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch new file mode 100644 index 000000000..e58fe8d78 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch @@ -0,0 +1,70 @@ +From bc1fdbe46559dd947674375946bbef54dd0ce36b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com> +Date: Fri, 22 Dec 2023 18:28:31 +0100 +Subject: [PATCH] Xi: do not keep linked list pointer during recursion + +The `DisableDevice()` function is called whenever an enabled device +is disabled and it moves the device from the `inputInfo.devices` linked +list to the `inputInfo.off_devices` linked list. + +However, its link/unlink operation has an issue during the recursive +call to `DisableDevice()` due to the `prev` pointer pointing to a +removed device. + +This issue leads to a length mismatch between the total number of +devices and the number of device in the list, leading to a heap +overflow and, possibly, to local privilege escalation. + +Simplify the code that checked whether the device passed to +`DisableDevice()` was in `inputInfo.devices` or not and find the +previous device after the recursion. + +CVE-2024-21886, ZDI-CAN-22840 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + dix/devices.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/dix/devices.c b/dix/devices.c +index dca98c8d1b..389d28a23c 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -453,14 +453,20 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent) + { + DeviceIntPtr *prev, other; + BOOL enabled; ++ BOOL dev_in_devices_list = FALSE; + int flags[MAXDEVICES] = { 0 }; + + if (!dev->enabled) + return TRUE; + +- for (prev = &inputInfo.devices; +- *prev && (*prev != dev); prev = &(*prev)->next); +- if (*prev != dev) ++ for (other = inputInfo.devices; other; other = other->next) { ++ if (other == dev) { ++ dev_in_devices_list = TRUE; ++ break; ++ } ++ } ++ ++ if (!dev_in_devices_list) + return FALSE; + + TouchEndPhysicallyActiveTouches(dev); +@@ -511,6 +517,9 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent) + LeaveWindow(dev); + SetFocusOut(dev); + ++ for (prev = &inputInfo.devices; ++ *prev && (*prev != dev); prev = &(*prev)->next); ++ + *prev = dev->next; + dev->next = inputInfo.off_devices; + inputInfo.off_devices = dev; +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch new file mode 100644 index 000000000..de7422442 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch @@ -0,0 +1,53 @@ +From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Fri, 5 Jan 2024 09:40:27 +1000 +Subject: [PATCH] dix: when disabling a master, float disabled slaved devices + too + +Disabling a master device floats all slave devices but we didn't do this +to already-disabled slave devices. As a result those devices kept their +reference to the master device resulting in access to already freed +memory if the master device was removed before the corresponding slave +device. + +And to match this behavior, also forcibly reset that pointer during +CloseDownDevices(). + +Related to CVE-2024-21886, ZDI-CAN-22840 +--- + dix/devices.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/dix/devices.c b/dix/devices.c +index 389d28a23c..84a6406d13 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent) + flags[other->id] |= XISlaveDetached; + } + } ++ ++ for (other = inputInfo.off_devices; other; other = other->next) { ++ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) { ++ AttachDevice(NULL, other, NULL); ++ flags[other->id] |= XISlaveDetached; ++ } ++ } + } + else { + for (other = inputInfo.devices; other; other = other->next) { +@@ -1088,6 +1095,11 @@ CloseDownDevices(void) + dev->master = NULL; + } + ++ for (dev = inputInfo.off_devices; dev; dev = dev->next) { ++ if (!IsMaster(dev) && !IsFloating(dev)) ++ dev->master = NULL; ++ } ++ + CloseDeviceList(&inputInfo.devices); + CloseDeviceList(&inputInfo.off_devices); + +-- +GitLab + diff --git a/recompress.sh b/recompress.sh index 62bc762e1..17334d110 100755 --- a/recompress.sh +++ b/recompress.sh @@ -1200,21 +1200,30 @@ gzip ./patches/source/texlive/doinst.sh gzip ./patches/source/texlive/texlive.unicode5.0.diff gzip ./patches/source/sysstat/doinst.sh gzip ./patches/source/xorg-server-xwayland/CVE-2022-46342.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-21885.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-46343.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch gzip ./patches/source/xorg-server-xwayland/CVE-2023-6377.patch gzip ./patches/source/xorg-server-xwayland/CVE-2023-6478.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-0408.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-46340.patch gzip ./patches/source/xorg-server-xwayland/CVE-2023-0494.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-46340.correction.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-46344.patch gzip ./patches/source/xorg-server-xwayland/857.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch gzip ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-3551.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-4283.patch gzip ./patches/source/xorg-server-xwayland/CVE-2023-1393.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2023-6816.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-46341.patch gzip ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch gzip ./patches/source/xorg-server-xwayland/CVE-2022-3550.patch +gzip ./patches/source/xorg-server-xwayland/CVE-2024-0409.patch gzip ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch gzip ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch gzip ./patches/source/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch @@ -1265,18 +1274,24 @@ gzip ./patches/source/emacs/d48bb4874bc6cd3e69c7a15fc3c91cc141025c51.patch gzip ./patches/source/emacs/doinst.sh gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46342.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46343.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch gzip ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46340.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46340.correction.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46344.patch gzip ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch gzip ./patches/source/xorg-server/patch/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch gzip ./patches/source/xorg-server/patch/xorg-server/857.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch gzip ./patches/source/xorg-server/patch/xorg-server/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3551.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-4283.patch @@ -1284,9 +1299,12 @@ gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch gzip ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff gzip ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff gzip ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46341.patch gzip ./patches/source/xorg-server/patch/xorg-server/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3550.patch +gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch gzip ./patches/source/xorg-server/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff gzip ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch gzip ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch |