summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2024-01-21 20:50:08 +0000
committer Eric Hameleers <alien@slackware.com>2024-01-22 13:30:35 +0100
commit4e883273037a35e5e60bbbb34c2e8720dba2711f (patch)
tree11c2a4dfd229868bad285ff3ff4bab76f525ffec
parent0a8de80c8a0d329636b02c3c2b80d949a9070224 (diff)
downloadcurrent-20240121205008_15.0.tar.gz
current-20240121205008_15.0.tar.xz
Sun Jan 21 20:50:08 UTC 202420240121205008_15.0
extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-21886 (* Security fix *)
Diffstat
-rw-r--r--ChangeLog.rss28
-rw-r--r--ChangeLog.txt16
-rw-r--r--FILELIST.TXT171
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2023-6377.patch75
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2023-6478.patch59
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2023-6816.patch51
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.01.patch83
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.02.patch217
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch37
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-0408.patch60
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-0409.patch56
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-21885.patch109
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.01.patch70
-rw-r--r--extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.02.patch53
-rwxr-xr-xextra/source/tigervnc/tigervnc.SlackBuild13
-rwxr-xr-xrecompress.sh11
16 files changed, 1026 insertions, 83 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index d9a134a4a..c7280349a 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,34 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Wed, 17 Jan 2024 21:13:27 GMT</pubDate>
- <lastBuildDate>Thu, 18 Jan 2024 12:38:57 GMT</lastBuildDate>
+ <pubDate>Sun, 21 Jan 2024 20:50:08 GMT</pubDate>
+ <lastBuildDate>Mon, 22 Jan 2024 12:30:21 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
+ <title>Sun, 21 Jan 2024 20:50:08 GMT</title>
+ <pubDate>Sun, 21 Jan 2024 20:50:08 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20240121205008</link>
+ <guid isPermaLink="false">20240121205008</guid>
+ <description>
+ <![CDATA[<pre>
+extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
+ Recompiled against xorg-server-1.20.14, including the latest patches for
+ several security issues. Thanks to marav.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2023-6377
+ https://www.cve.org/CVERecord?id=CVE-2023-6478
+ https://www.cve.org/CVERecord?id=CVE-2023-6816
+ https://www.cve.org/CVERecord?id=CVE-2024-0229
+ https://www.cve.org/CVERecord?id=CVE-2024-0408
+ https://www.cve.org/CVERecord?id=CVE-2024-0409
+ https://www.cve.org/CVERecord?id=CVE-2024-21885
+ https://www.cve.org/CVERecord?id=CVE-2024-21886
+ https://www.cve.org/CVERecord?id=CVE-2024-21886
+ (* Security fix *)
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Wed, 17 Jan 2024 21:13:27 GMT</title>
<pubDate>Wed, 17 Jan 2024 21:13:27 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20240117211327</link>
diff --git a/ChangeLog.txt b/ChangeLog.txt
index d30fbff40..ace4cd217 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,19 @@
+Sun Jan 21 20:50:08 UTC 2024
+extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
+ Recompiled against xorg-server-1.20.14, including the latest patches for
+ several security issues. Thanks to marav.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2023-6377
+ https://www.cve.org/CVERecord?id=CVE-2023-6478
+ https://www.cve.org/CVERecord?id=CVE-2023-6816
+ https://www.cve.org/CVERecord?id=CVE-2024-0229
+ https://www.cve.org/CVERecord?id=CVE-2024-0408
+ https://www.cve.org/CVERecord?id=CVE-2024-0409
+ https://www.cve.org/CVERecord?id=CVE-2024-21885
+ https://www.cve.org/CVERecord?id=CVE-2024-21886
+ https://www.cve.org/CVERecord?id=CVE-2024-21886
+ (* Security fix *)
++--------------------------+
Wed Jan 17 21:13:27 UTC 2024
patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index 3f3c2a319..8e869e8ce 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Wed Jan 17 21:16:44 UTC 2024
+Sun Jan 21 20:58:21 UTC 2024
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2024-01-17 21:13 .
+drwxr-xr-x 12 root root 4096 2024-01-21 20:53 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 1211969 2024-01-16 20:52 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2024-01-16 20:52 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 1211977 2024-01-21 20:53 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2024-01-21 20:53 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 2082256 2024-01-17 21:13 ./ChangeLog.txt
+-rw-r--r-- 1 root root 2083010 2024-01-21 20:50 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1586608 2024-01-16 20:52 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1586612 2024-01-21 20:52 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@@ -39,12 +39,12 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 17294 2008-12-08 18:13 ./SPEAK_INSTALL.TXT
-rw-r--r-- 1 root root 57187 2022-02-01 19:37 ./Slackware-HOWTO
-rw-r--r-- 1 root root 8700 2022-01-26 05:44 ./UPGRADE.TXT
-drwxr-xr-x 19 root root 4096 2023-12-21 20:48 ./extra
--rw-r--r-- 1 root root 51532 2023-12-21 20:48 ./extra/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2023-12-21 20:48 ./extra/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 64691 2023-12-21 20:48 ./extra/FILE_LIST
--rw-r--r-- 1 root root 1981251 2023-12-21 20:48 ./extra/MANIFEST.bz2
--rw-r--r-- 1 root root 36565 2023-12-21 20:48 ./extra/PACKAGES.TXT
+drwxr-xr-x 19 root root 4096 2024-01-21 20:58 ./extra
+-rw-r--r-- 1 root root 52595 2024-01-21 20:58 ./extra/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2024-01-21 20:58 ./extra/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 65941 2024-01-21 20:58 ./extra/FILE_LIST
+-rw-r--r-- 1 root root 1978845 2024-01-21 20:58 ./extra/MANIFEST.bz2
+-rw-r--r-- 1 root root 36565 2024-01-21 20:58 ./extra/PACKAGES.TXT
-rw-r--r-- 1 root root 149 2002-02-09 00:18 ./extra/README.TXT
drwxr-xr-x 2 root root 20480 2020-05-26 20:38 ./extra/aspell-word-lists
-rw-r--r-- 1 root root 171 2016-06-06 20:10 ./extra/aspell-word-lists/aspell-af-0.50_0-x86_64-5.txt
@@ -369,7 +369,7 @@ drwxr-xr-x 2 root root 4096 2023-06-06 20:34 ./extra/sendmail
-rw-r--r-- 1 root root 586 2023-06-06 19:10 ./extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txt
-rw-r--r-- 1 root root 118876 2023-06-06 19:10 ./extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-06-06 19:10 ./extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz.asc
-drwxr-xr-x 17 root root 4096 2023-12-21 20:40 ./extra/source
+drwxr-xr-x 17 root root 4096 2024-01-21 20:57 ./extra/source
lrwxrwxrwx 1 root root 21 2021-04-29 18:18 ./extra/source/alpine -> ../../source/n/alpine
drwxr-xr-x 4 root root 4096 2018-11-09 05:59 ./extra/source/aspell-word-lists
-rwxr-xr-x 1 root root 3531 2020-05-26 20:06 ./extra/source/aspell-word-lists/aspell-dict.SlackBuild
@@ -615,7 +615,7 @@ drwxr-xr-x 3 root root 4096 2021-11-22 19:23 ./extra/source/tigervnc/patc
-rw-r--r-- 1 root root 405 2019-11-18 19:15 ./extra/source/tigervnc/patches/force_protocol_3.3_for_UVNCSC.patch.gz
-rw-r--r-- 1 root root 299 2021-11-23 19:22 ./extra/source/tigervnc/patches/tigervnc.pam.d.diff.gz
-rw-r--r-- 1 root root 279 2021-11-22 19:23 ./extra/source/tigervnc/patches/vncserver.xinitrc.diff.gz
-drwxr-xr-x 2 root root 4096 2023-11-13 18:52 ./extra/source/tigervnc/patches/xorg-server
+drwxr-xr-x 2 root root 4096 2024-01-21 20:19 ./extra/source/tigervnc/patches/xorg-server
-rw-r--r-- 1 root root 623 2018-07-15 18:32 ./extra/source/tigervnc/patches/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz
-rw-r--r-- 1 root root 3846 2018-07-15 18:32 ./extra/source/tigervnc/patches/xorg-server/0001-autobind-GPUs-to-the-screen.patch.gz
-rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./extra/source/tigervnc/patches/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
@@ -638,6 +638,17 @@ drwxr-xr-x 2 root root 4096 2023-11-13 18:52 ./extra/source/tigervnc/patc
-rw-r--r-- 1 root root 792 2023-03-29 18:09 ./extra/source/tigervnc/patches/xorg-server/CVE-2023-1393.patch.gz
-rw-r--r-- 1 root root 1127 2023-10-25 18:35 ./extra/source/tigervnc/patches/xorg-server/CVE-2023-5367.patch.gz
-rw-r--r-- 1 root root 1534 2023-10-25 18:40 ./extra/source/tigervnc/patches/xorg-server/CVE-2023-5380.patch.gz
+-rw-r--r-- 1 root root 1150 2023-12-13 20:03 ./extra/source/tigervnc/patches/xorg-server/CVE-2023-6377.patch.gz
+-rw-r--r-- 1 root root 972 2023-12-13 20:03 ./extra/source/tigervnc/patches/xorg-server/CVE-2023-6478.patch.gz
+-rw-r--r-- 1 root root 998 2024-01-16 19:41 ./extra/source/tigervnc/patches/xorg-server/CVE-2023-6816.patch.gz
+-rw-r--r-- 1 root root 1388 2024-01-16 19:44 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.01.patch.gz
+-rw-r--r-- 1 root root 2299 2024-01-16 19:44 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.02.patch.gz
+-rw-r--r-- 1 root root 781 2024-01-16 19:44 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch.gz
+-rw-r--r-- 1 root root 1160 2024-01-16 19:47 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0408.patch.gz
+-rw-r--r-- 1 root root 981 2024-01-16 19:46 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0409.patch.gz
+-rw-r--r-- 1 root root 1351 2024-01-16 19:45 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-21885.patch.gz
+-rw-r--r-- 1 root root 1124 2024-01-16 19:45 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.01.patch.gz
+-rw-r--r-- 1 root root 859 2024-01-16 19:46 ./extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.02.patch.gz
-rw-r--r-- 1 root root 298 2018-05-30 05:02 ./extra/source/tigervnc/patches/xorg-server/fix-nouveau-segfault.diff.gz
-rw-r--r-- 1 root root 357 2020-09-11 18:38 ./extra/source/tigervnc/patches/xorg-server/fix-pci-segfault.diff.gz
-rw-r--r-- 1 root root 340 2012-04-14 03:01 ./extra/source/tigervnc/patches/xorg-server/x11.startwithblackscreen.diff.gz
@@ -645,7 +656,7 @@ drwxr-xr-x 2 root root 4096 2023-11-13 18:52 ./extra/source/tigervnc/patc
-rw-r--r-- 1 root root 1437 2018-05-15 07:55 ./extra/source/tigervnc/patches/xserver120.patch.gz
-rw-r--r-- 1 root root 930 2018-07-26 17:46 ./extra/source/tigervnc/slack-desc
-rw-r--r-- 1 root root 1094249 2021-11-09 07:51 ./extra/source/tigervnc/tigervnc-1.12.0.tar.lz
--rwxr-xr-- 1 root root 10519 2023-11-13 18:57 ./extra/source/tigervnc/tigervnc.SlackBuild
+-rwxr-xr-- 1 root root 11494 2024-01-21 20:25 ./extra/source/tigervnc/tigervnc.SlackBuild
-rw-r--r-- 1 root root 5178288 2021-12-15 19:04 ./extra/source/tigervnc/xorg-server-1.20.14.tar.xz
drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./extra/source/xf86-video-fbdev
-rw-r--r-- 1 root root 875 2018-02-27 06:13 ./extra/source/xf86-video-fbdev/slack-desc
@@ -670,11 +681,11 @@ drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./extra/source/xv
-rw-r--r-- 1 root root 229 2010-02-19 19:27 ./extra/source/xv/xv.jasper.diff.gz
-rw-r--r-- 1 root root 317 2010-02-19 19:15 ./extra/source/xv/xv.prefix.diff.gz
-rw-r--r-- 1 root root 282 2010-02-19 19:16 ./extra/source/xv/xv.prefix_x86_64.diff.gz
-drwxr-xr-x 2 root root 4096 2023-11-13 19:23 ./extra/tigervnc
+drwxr-xr-x 2 root root 4096 2024-01-21 20:52 ./extra/tigervnc
-rw-r--r-- 1 root root 0 2015-12-15 08:03 ./extra/tigervnc/the_fltk_package_must_also_be_installed
--rw-r--r-- 1 root root 474 2023-11-13 19:05 ./extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txt
--rw-r--r-- 1 root root 1452740 2023-11-13 19:05 ./extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz
--rw-r--r-- 1 root root 163 2023-11-13 19:05 ./extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz.asc
+-rw-r--r-- 1 root root 474 2024-01-21 20:28 ./extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txt
+-rw-r--r-- 1 root root 1453480 2024-01-21 20:28 ./extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz
+-rw-r--r-- 1 root root 163 2024-01-21 20:28 ./extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz.asc
drwxr-xr-x 2 root root 4096 2018-06-01 21:55 ./extra/xf86-video-fbdev
-rw-r--r-- 1 root root 411 2018-06-01 05:21 ./extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-1.txt
-rw-r--r-- 1 root root 10936 2018-06-01 05:21 ./extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-1.txz
@@ -2660,22 +2671,22 @@ drwxr-xr-x 2 root root 20480 2022-02-02 04:20 ./slackware64/ap
-rw-r--r-- 1 root root 163 2021-08-02 17:46 ./slackware64/ap/diffutils-3.8-x86_64-1.txz.asc
-rw-r--r-- 1 root root 349 2021-02-13 11:27 ./slackware64/ap/dmapi-2.2.12-x86_64-5.txt
-rw-r--r-- 1 root root 32332 2021-02-13 11:27 ./slackware64/ap/dmapi-2.2.12-x86_64-5.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:27 ./slackware64/ap/dmapi-2.2.12-x86_64-5.txz.asc
--rw-r--r-- 1 root root 472 2021-02-13 11:27 ./slackware64/ap/dmidecode-3.3-x86_64-3.txt
--rw-r--r-- 1 root root 54144 2021-02-13 11:27 ./slackware64/ap/dmidecode-3.3-x86_64-3.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:27 ./slackware64/ap/dmidecode-3.3-x86_64-3.txz.asc
--rw-r--r-- 1 root root 359 2021-02-13 11:27 ./slackware64/ap/dvd+rw-tools-7.1-x86_64-5.txt
--rw-r--r-- 1 root root 103636 2021-02-13 11:27 ./slackware64/ap/dvd+rw-tools-7.1-x86_64-5.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:27 ./slackware64/ap/dvd+rw-tools-7.1-x86_64-5.txz.asc
--rw-r--r-- 1 root root 458 2021-02-13 11:28 ./slackware64/ap/enscript-1.6.6-x86_64-4.txt
--rw-r--r-- 1 root root 368508 2021-02-13 11:28 ./slackware64/ap/enscript-1.6.6-x86_64-4.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/enscript-1.6.6-x86_64-4.txz.asc
--rw-r--r-- 1 root root 602 2021-02-13 11:28 ./slackware64/ap/flac-1.3.3-x86_64-3.txt
--rw-r--r-- 1 root root 386724 2021-02-13 11:28 ./slackware64/ap/flac-1.3.3-x86_64-3.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/flac-1.3.3-x86_64-3.txz.asc
--rw-r--r-- 1 root root 558 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txt
--rw-r--r-- 1 root root 14191780 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz
--rw-r--r-- 1 root root 163 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 163 2021-02-13 11:27 ./slackware64/ap/dmapi-2.2.12-x86_64-5.txz.asc
+-rw-r--r-- 1 root root 472 2021-02-13 11:27 ./slackware64/ap/dmidecode-3.3-x86_64-3.txt
+-rw-r--r-- 1 root root 54144 2021-02-13 11:27 ./slackware64/ap/dmidecode-3.3-x86_64-3.txz
+-rw-r--r-- 1 root root 163 2021-02-13 11:27 ./slackware64/ap/dmidecode-3.3-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 359 2021-02-13 11:27 ./slackware64/ap/dvd+rw-tools-7.1-x86_64-5.txt
+-rw-r--r-- 1 root root 103636 2021-02-13 11:27 ./slackware64/ap/dvd+rw-tools-7.1-x86_64-5.txz
+-rw-r--r-- 1 root root 163 2021-02-13 11:27 ./slackware64/ap/dvd+rw-tools-7.1-x86_64-5.txz.asc
+-rw-r--r-- 1 root root 458 2021-02-13 11:28 ./slackware64/ap/enscript-1.6.6-x86_64-4.txt
+-rw-r--r-- 1 root root 368508 2021-02-13 11:28 ./slackware64/ap/enscript-1.6.6-x86_64-4.txz
+-rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/enscript-1.6.6-x86_64-4.txz.asc
+-rw-r--r-- 1 root root 602 2021-02-13 11:28 ./slackware64/ap/flac-1.3.3-x86_64-3.txt
+-rw-r--r-- 1 root root 386724 2021-02-13 11:28 ./slackware64/ap/flac-1.3.3-x86_64-3.txz
+-rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/flac-1.3.3-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 558 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txt
+-rw-r--r-- 1 root root 14191780 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz.asc
-rw-r--r-- 1 root root 368 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txt
-rw-r--r-- 1 root root 3514504 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz.asc
@@ -5394,22 +5405,22 @@ drwxr-xr-x 2 root root 32768 2022-02-01 04:47 ./slackware64/n
-rw-r--r-- 1 root root 484 2021-10-27 17:48 ./slackware64/n/c-ares-1.18.1-x86_64-1.txt
-rw-r--r-- 1 root root 139696 2021-10-27 17:48 ./slackware64/n/c-ares-1.18.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-10-27 17:48 ./slackware64/n/c-ares-1.18.1-x86_64-1.txz.asc
--rw-r--r-- 1 root root 367 2021-12-17 05:55 ./slackware64/n/ca-certificates-20211216-noarch-1.txt
--rw-r--r-- 1 root root 129372 2021-12-17 05:55 ./slackware64/n/ca-certificates-20211216-noarch-1.txz
--rw-r--r-- 1 root root 163 2021-12-17 05:55 ./slackware64/n/ca-certificates-20211216-noarch-1.txz.asc
--rw-r--r-- 1 root root 603 2021-09-25 00:07 ./slackware64/n/cifs-utils-6.14-x86_64-1.txt
--rw-r--r-- 1 root root 221196 2021-09-25 00:07 ./slackware64/n/cifs-utils-6.14-x86_64-1.txz
--rw-r--r-- 1 root root 163 2021-09-25 00:07 ./slackware64/n/cifs-utils-6.14-x86_64-1.txz.asc
--rw-r--r-- 1 root root 597 2021-02-13 11:57 ./slackware64/n/conntrack-tools-1.4.6-x86_64-3.txt
--rw-r--r-- 1 root root 156588 2021-02-13 11:57 ./slackware64/n/conntrack-tools-1.4.6-x86_64-3.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:57 ./slackware64/n/conntrack-tools-1.4.6-x86_64-3.txz.asc
--rw-r--r-- 1 root root 409 2021-02-13 11:57 ./slackware64/n/crda-4.14-x86_64-3.txt
--rw-r--r-- 1 root root 69208 2021-02-13 11:57 ./slackware64/n/crda-4.14-x86_64-3.txz
--rw-r--r-- 1 root root 163 2021-02-13 11:57 ./slackware64/n/crda-4.14-x86_64-3.txz.asc
--rw-r--r-- 1 root root 552 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txt
--rw-r--r-- 1 root root 1285024 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txz
--rw-r--r-- 1 root root 163 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txz.asc
--rw-r--r-- 1 root root 373 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txt
+-rw-r--r-- 1 root root 367 2021-12-17 05:55 ./slackware64/n/ca-certificates-20211216-noarch-1.txt
+-rw-r--r-- 1 root root 129372 2021-12-17 05:55 ./slackware64/n/ca-certificates-20211216-noarch-1.txz
+-rw-r--r-- 1 root root 163 2021-12-17 05:55 ./slackware64/n/ca-certificates-20211216-noarch-1.txz.asc
+-rw-r--r-- 1 root root 603 2021-09-25 00:07 ./slackware64/n/cifs-utils-6.14-x86_64-1.txt
+-rw-r--r-- 1 root root 221196 2021-09-25 00:07 ./slackware64/n/cifs-utils-6.14-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2021-09-25 00:07 ./slackware64/n/cifs-utils-6.14-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 597 2021-02-13 11:57 ./slackware64/n/conntrack-tools-1.4.6-x86_64-3.txt
+-rw-r--r-- 1 root root 156588 2021-02-13 11:57 ./slackware64/n/conntrack-tools-1.4.6-x86_64-3.txz
+-rw-r--r-- 1 root root 163 2021-02-13 11:57 ./slackware64/n/conntrack-tools-1.4.6-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 409 2021-02-13 11:57 ./slackware64/n/crda-4.14-x86_64-3.txt
+-rw-r--r-- 1 root root 69208 2021-02-13 11:57 ./slackware64/n/crda-4.14-x86_64-3.txz
+-rw-r--r-- 1 root root 163 2021-02-13 11:57 ./slackware64/n/crda-4.14-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 552 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txt
+-rw-r--r-- 1 root root 1285024 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 373 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txt
-rw-r--r-- 1 root root 986628 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz.asc
-rw-r--r-- 1 root root 456 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txt
@@ -8420,17 +8431,17 @@ drwxr-xr-x 2 root root 4096 2021-08-12 11:27 ./source/ap/linuxdoc-tools/so
-rw-r--r-- 1 root root 134196 2004-11-12 12:42 ./source/ap/linuxdoc-tools/sources/docbook-dsssl-doc-1.79.tar.xz
-rw-r--r-- 1 root root 23929976 2021-07-27 01:17 ./source/ap/linuxdoc-tools/sources/docbook-style-xsl-1.79.2-15.fc35.src.rpm
-rw-r--r-- 1 root root 163150 2021-07-27 01:17 ./source/ap/linuxdoc-tools/sources/docbook-utils-0.6.14-53.fc35.src.rpm
--rw-r--r-- 1 root root 98497 2006-10-26 17:17 ./source/ap/linuxdoc-tools/sources/docbook-xml-4.5.zip
--rw-r--r-- 1 root root 12412 2018-05-12 19:34 ./source/ap/linuxdoc-tools/sources/docbook2x_0.8.8-17.debian.tar.xz
--rw-r--r-- 1 root root 391024 2007-04-11 01:17 ./source/ap/linuxdoc-tools/sources/docbook2x_0.8.8.orig.tar.xz
--rw-r--r-- 1 root root 133260 2007-04-11 01:17 ./source/ap/linuxdoc-tools/sources/docbook_4.5.orig.tar.xz
--rw-r--r-- 1 root root 544716 2021-07-27 02:09 ./source/ap/linuxdoc-tools/sources/gnome-doc-utils-0.20.10-26.fc35.src.rpm
--rw-r--r-- 1 root root 521481 2021-07-27 02:26 ./source/ap/linuxdoc-tools/sources/gtk-doc-1.33.2-4.fc35.src.rpm
--rw-r--r-- 1 root root 9984 2016-10-08 13:14 ./source/ap/linuxdoc-tools/sources/libsgmls-perl_1.03ii-36.debian.tar.xz
--rw-r--r-- 1 root root 68364 2001-04-15 16:15 ./source/ap/linuxdoc-tools/sources/libsgmls-perl_1.03ii.orig.tar.xz
--rw-r--r-- 1 root root 212 2014-05-15 23:52 ./source/ap/linuxdoc-tools/sources/linuxdoc-tools-0.9.20-lib64.patch.xz
--rw-r--r-- 1 root root 438044 2020-06-21 14:05 ./source/ap/linuxdoc-tools/sources/linuxdoc-tools_0.9.82.tar.xz
--rw-r--r-- 1 root root 712 2017-06-07 14:43 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2-gcc46.patch.xz
+-rw-r--r-- 1 root root 98497 2006-10-26 17:17 ./source/ap/linuxdoc-tools/sources/docbook-xml-4.5.zip
+-rw-r--r-- 1 root root 12412 2018-05-12 19:34 ./source/ap/linuxdoc-tools/sources/docbook2x_0.8.8-17.debian.tar.xz
+-rw-r--r-- 1 root root 391024 2007-04-11 01:17 ./source/ap/linuxdoc-tools/sources/docbook2x_0.8.8.orig.tar.xz
+-rw-r--r-- 1 root root 133260 2007-04-11 01:17 ./source/ap/linuxdoc-tools/sources/docbook_4.5.orig.tar.xz
+-rw-r--r-- 1 root root 544716 2021-07-27 02:09 ./source/ap/linuxdoc-tools/sources/gnome-doc-utils-0.20.10-26.fc35.src.rpm
+-rw-r--r-- 1 root root 521481 2021-07-27 02:26 ./source/ap/linuxdoc-tools/sources/gtk-doc-1.33.2-4.fc35.src.rpm
+-rw-r--r-- 1 root root 9984 2016-10-08 13:14 ./source/ap/linuxdoc-tools/sources/libsgmls-perl_1.03ii-36.debian.tar.xz
+-rw-r--r-- 1 root root 68364 2001-04-15 16:15 ./source/ap/linuxdoc-tools/sources/libsgmls-perl_1.03ii.orig.tar.xz
+-rw-r--r-- 1 root root 212 2014-05-15 23:52 ./source/ap/linuxdoc-tools/sources/linuxdoc-tools-0.9.20-lib64.patch.xz
+-rw-r--r-- 1 root root 438044 2020-06-21 14:05 ./source/ap/linuxdoc-tools/sources/linuxdoc-tools_0.9.82.tar.xz
+-rw-r--r-- 1 root root 712 2017-06-07 14:43 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2-gcc46.patch.xz
-rw-r--r-- 1 root root 643132 2017-06-07 14:49 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2.tar.xz
-rw-r--r-- 1 root root 1528303 2021-07-27 12:02 ./source/ap/linuxdoc-tools/sources/opensp-1.5.2-38.fc35.src.rpm
-rw-r--r-- 1 root root 28136 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-NamespaceSupport-1.12-15.fc35.src.rpm
@@ -14888,24 +14899,24 @@ drwxr-xr-x 2 root root 4096 2022-01-28 20:47 ./source/x/wayland-protocols
drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/x/wqy-zenhei-font-ttf
-rw-r--r-- 1 root root 317 2018-06-10 05:08 ./source/x/wqy-zenhei-font-ttf/64-wqy-zenhei.conf.gz
-rw-r--r-- 1 root root 457 2017-04-30 21:32 ./source/x/wqy-zenhei-font-ttf/fixup-fontconfig-file.diff.gz
--rw-r--r-- 1 root root 1148 2019-09-13 18:30 ./source/x/wqy-zenhei-font-ttf/slack-desc
--rw-r--r-- 1 root root 5743256 2009-04-20 19:06 ./source/x/wqy-zenhei-font-ttf/wqy-zenhei-0.8.38-1.tar.lz
--rwxr-xr-x 1 root root 5051 2021-02-13 05:32 ./source/x/wqy-zenhei-font-ttf/wqy-zenhei-font-ttf.SlackBuild
--rw-r--r-- 1 root root 372 2018-03-07 23:23 ./source/x/wqy-zenhei-font-ttf/wqy-zenhei.fix.fontconfig.warning.diff.gz
-drwxr-xr-x 11 root root 4096 2021-02-13 05:36 ./source/x/x11
-drwxr-xr-x 4 root root 4096 2021-02-13 05:32 ./source/x/x11-skel
--rw-r--r-- 1 root root 576 2011-03-14 03:32 ./source/x/x11-skel/doinst.sh.gz
-drwxr-xr-x 2 root root 4096 2007-02-14 19:32 ./source/x/x11-skel/manpages
--rw-r--r-- 1 root root 1060 2002-05-31 22:23 ./source/x/x11-skel/manpages/xwmconfig.1
-drwxr-xr-x 2 root root 4096 2021-01-05 21:04 ./source/x/x11-skel/scripts
--rw-r--r-- 1 root root 358 2006-08-10 03:33 ./source/x/x11-skel/scripts/setup.xwmconfig
--rw-r--r-- 1 root root 17100 2007-02-12 21:14 ./source/x/x11-skel/scripts/xorg.conf-fbdev
--rw-r--r-- 1 root root 15858 2007-02-12 21:14 ./source/x/x11-skel/scripts/xorg.conf-vesa
--rw-r--r-- 1 root root 12785 2006-08-21 01:53 ./source/x/x11-skel/scripts/xorgsetup
--rw-r--r-- 1 root root 7685 2020-10-30 01:45 ./source/x/x11-skel/scripts/xwmconfig
--rw-r--r-- 1 root root 131 2021-01-05 21:04 ./source/x/x11-skel/scripts/xwmconfig.desktop
--rw-r--r-- 1 root root 1062 2018-02-27 06:13 ./source/x/x11-skel/slack-desc
--rwxr-xr-x 1 root root 3122 2021-02-13 05:32 ./source/x/x11-skel/x11-skel.SlackBuild
+-rw-r--r-- 1 root root 1148 2019-09-13 18:30 ./source/x/wqy-zenhei-font-ttf/slack-desc
+-rw-r--r-- 1 root root 5743256 2009-04-20 19:06 ./source/x/wqy-zenhei-font-ttf/wqy-zenhei-0.8.38-1.tar.lz
+-rwxr-xr-x 1 root root 5051 2021-02-13 05:32 ./source/x/wqy-zenhei-font-ttf/wqy-zenhei-font-ttf.SlackBuild
+-rw-r--r-- 1 root root 372 2018-03-07 23:23 ./source/x/wqy-zenhei-font-ttf/wqy-zenhei.fix.fontconfig.warning.diff.gz
+drwxr-xr-x 11 root root 4096 2021-02-13 05:36 ./source/x/x11
+drwxr-xr-x 4 root root 4096 2021-02-13 05:32 ./source/x/x11-skel
+-rw-r--r-- 1 root root 576 2011-03-14 03:32 ./source/x/x11-skel/doinst.sh.gz
+drwxr-xr-x 2 root root 4096 2007-02-14 19:32 ./source/x/x11-skel/manpages
+-rw-r--r-- 1 root root 1060 2002-05-31 22:23 ./source/x/x11-skel/manpages/xwmconfig.1
+drwxr-xr-x 2 root root 4096 2021-01-05 21:04 ./source/x/x11-skel/scripts
+-rw-r--r-- 1 root root 358 2006-08-10 03:33 ./source/x/x11-skel/scripts/setup.xwmconfig
+-rw-r--r-- 1 root root 17100 2007-02-12 21:14 ./source/x/x11-skel/scripts/xorg.conf-fbdev
+-rw-r--r-- 1 root root 15858 2007-02-12 21:14 ./source/x/x11-skel/scripts/xorg.conf-vesa
+-rw-r--r-- 1 root root 12785 2006-08-21 01:53 ./source/x/x11-skel/scripts/xorgsetup
+-rw-r--r-- 1 root root 7685 2020-10-30 01:45 ./source/x/x11-skel/scripts/xwmconfig
+-rw-r--r-- 1 root root 131 2021-01-05 21:04 ./source/x/x11-skel/scripts/xwmconfig.desktop
+-rw-r--r-- 1 root root 1062 2018-02-27 06:13 ./source/x/x11-skel/slack-desc
+-rwxr-xr-x 1 root root 3122 2021-02-13 05:32 ./source/x/x11-skel/x11-skel.SlackBuild
-rw-r--r-- 1 root root 376 2021-01-16 18:58 ./source/x/x11/arch.use.flags
drwxr-xr-x 2 root root 12288 2021-11-29 19:51 ./source/x/x11/build
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/anthy
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2023-6377.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2023-6377.patch
new file mode 100644
index 000000000..4e2fca615
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2023-6377.patch
@@ -0,0 +1,75 @@
+From 0c1a93d319558fe3ab2d94f51d174b4f93810afd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 28 Nov 2023 15:19:04 +1000
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
+
+button->xkb_acts is supposed to be an array sufficiently large for all
+our buttons, not just a single XkbActions struct. Allocating
+insufficient memory here means when we memcpy() later in
+XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
+leading to the usual security ooopsiedaisies.
+
+CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ Xi/exevents.c | 12 ++++++------
+ dix/devices.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index dcd4efb3bc..54ea11a938 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+ }
+
+ if (from->button->xkb_acts) {
+- if (!to->button->xkb_acts) {
+- to->button->xkb_acts = calloc(1, sizeof(XkbAction));
+- if (!to->button->xkb_acts)
+- FatalError("[Xi] not enough memory for xkb_acts.\n");
+- }
++ size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
++ to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++ maxbuttons,
++ sizeof(XkbAction));
++ memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
+ memcpy(to->button->xkb_acts, from->button->xkb_acts,
+- sizeof(XkbAction));
++ from->button->numButtons * sizeof(XkbAction));
+ }
+ else {
+ free(to->button->xkb_acts);
+diff --git a/dix/devices.c b/dix/devices.c
+index b063128df0..3f3224d626 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -2539,6 +2539,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+
+ if (master->button && master->button->numButtons != maxbuttons) {
+ int i;
++ int last_num_buttons = master->button->numButtons;
++
+ DeviceChangedEvent event = {
+ .header = ET_Internal,
+ .type = ET_DeviceChanged,
+@@ -2549,6 +2551,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+ };
+
+ master->button->numButtons = maxbuttons;
++ if (last_num_buttons < maxbuttons) {
++ master->button->xkb_acts = xnfreallocarray(master->button->xkb_acts,
++ maxbuttons,
++ sizeof(XkbAction));
++ memset(&master->button->xkb_acts[last_num_buttons],
++ 0,
++ (maxbuttons - last_num_buttons) * sizeof(XkbAction));
++ }
+
+ memcpy(&event.buttons.names, master->button->labels, maxbuttons *
+ sizeof(Atom));
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2023-6478.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2023-6478.patch
new file mode 100644
index 000000000..ed2044c7d
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2023-6478.patch
@@ -0,0 +1,59 @@
+From 14f480010a93ff962fef66a16412fafff81ad632 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 27 Nov 2023 16:27:49 +1000
+Subject: [PATCH] randr: avoid integer truncation in length check of
+ ProcRRChange*Property
+
+Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
+See also xserver@8f454b79 where this same bug was fixed for the core
+protocol and XI.
+
+This fixes an OOB read and the resulting information disclosure.
+
+Length calculation for the request was clipped to a 32-bit integer. With
+the correct stuff->nUnits value the expected request size was
+truncated, passing the REQUEST_FIXED_SIZE check.
+
+The server then proceeded with reading at least stuff->num_items bytes
+(depending on stuff->format) from the request and stuffing whatever it
+finds into the property. In the process it would also allocate at least
+stuff->nUnits bytes, i.e. 4GB.
+
+CVE-2023-6478, ZDI-CAN-22561
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ randr/rrproperty.c | 2 +-
+ randr/rrproviderproperty.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index 25469f57b2..c4fef8a1f6 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -530,7 +530,7 @@ ProcRRChangeOutputProperty(ClientPtr client)
+ char format, mode;
+ unsigned long len;
+ int sizeInBytes;
+- int totalSize;
++ uint64_t totalSize;
+ int err;
+
+ REQUEST_AT_LEAST_SIZE(xRRChangeOutputPropertyReq);
+diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c
+index b79c17f9bf..90c5a9a933 100644
+--- a/randr/rrproviderproperty.c
++++ b/randr/rrproviderproperty.c
+@@ -498,7 +498,7 @@ ProcRRChangeProviderProperty(ClientPtr client)
+ char format, mode;
+ unsigned long len;
+ int sizeInBytes;
+- int totalSize;
++ uint64_t totalSize;
+ int err;
+
+ REQUEST_AT_LEAST_SIZE(xRRChangeProviderPropertyReq);
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2023-6816.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2023-6816.patch
new file mode 100644
index 000000000..e928729e9
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2023-6816.patch
@@ -0,0 +1,51 @@
+From 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu, 14 Dec 2023 11:29:49 +1000
+Subject: [PATCH] dix: allocate enough space for logical button maps
+
+Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for
+each logical button currently down. Since buttons can be arbitrarily mapped
+to anything up to 255 make sure we have enough bits for the maximum mapping.
+
+CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ Xi/xiquerypointer.c | 3 +--
+ dix/enterleave.c | 5 +++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c
+index 5b77b1a444..2b05ac5f39 100644
+--- a/Xi/xiquerypointer.c
++++ b/Xi/xiquerypointer.c
+@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client)
+ if (pDev->button) {
+ int i;
+
+- rep.buttons_len =
+- bytes_to_int32(bits_to_bytes(pDev->button->numButtons));
++ rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map up to 255 */
+ rep.length += rep.buttons_len;
+ buttons = calloc(rep.buttons_len, 4);
+ if (!buttons)
+diff --git a/dix/enterleave.c b/dix/enterleave.c
+index 867ec74363..ded8679d76 100644
+--- a/dix/enterleave.c
++++ b/dix/enterleave.c
+@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail,
+
+ mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER);
+
+- /* XI 2 event */
+- btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
++ /* XI 2 event contains the logical button map - maps are CARD8
++ * so we need 256 bits for the possibly maximum mapping */
++ btlen = (mouse->button) ? bits_to_bytes(256) : 0;
+ btlen = bytes_to_int32(btlen);
+ len = sizeof(xXIFocusInEvent) + btlen * 4;
+
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.01.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.01.patch
new file mode 100644
index 000000000..b5354ba65
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.01.patch
@@ -0,0 +1,83 @@
+From ece23be888a93b741aa1209d1dbf64636109d6a5 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 18 Dec 2023 14:27:50 +1000
+Subject: [PATCH] dix: Allocate sufficient xEvents for our DeviceStateNotify
+
+If a device has both a button class and a key class and numButtons is
+zero, we can get an OOB write due to event under-allocation.
+
+This function seems to assume a device has either keys or buttons, not
+both. It has two virtually identical code paths, both of which assume
+they're applying to the first event in the sequence.
+
+A device with both a key and button class triggered a logic bug - only
+one xEvent was allocated but the deviceStateNotify pointer was pushed on
+once per type. So effectively this logic code:
+
+ int count = 1;
+ if (button && nbuttons > 32) count++;
+ if (key && nbuttons > 0) count++;
+ if (key && nkeys > 32) count++; // this is basically always true
+ // count is at 2 for our keys + zero button device
+
+ ev = alloc(count * sizeof(xEvent));
+ FixDeviceStateNotify(ev);
+ if (button)
+ FixDeviceStateNotify(ev++);
+ if (key)
+ FixDeviceStateNotify(ev++); // santa drops into the wrong chimney here
+
+If the device has more than 3 valuators, the OOB is pushed back - we're
+off by one so it will happen when the last deviceValuator event is
+written instead.
+
+Fix this by allocating the maximum number of events we may allocate.
+Note that the current behavior is not protocol-correct anyway, this
+patch fixes only the allocation issue.
+
+Note that this issue does not trigger if the device has at least one
+button. While the server does not prevent a button class with zero
+buttons, it is very unlikely.
+
+CVE-2024-0229, ZDI-CAN-22678
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ dix/enterleave.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dix/enterleave.c b/dix/enterleave.c
+index ded8679d76..17964b00a4 100644
+--- a/dix/enterleave.c
++++ b/dix/enterleave.c
+@@ -675,7 +675,8 @@ static void
+ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
+ {
+ int evcount = 1;
+- deviceStateNotify *ev, *sev;
++ deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3];
++ deviceStateNotify *ev;
+ deviceKeyStateNotify *kev;
+ deviceButtonStateNotify *bev;
+
+@@ -714,7 +715,7 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
+ }
+ }
+
+- sev = ev = xallocarray(evcount, sizeof(xEvent));
++ ev = sev;
+ FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first);
+
+ if (b != NULL) {
+@@ -770,7 +771,6 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
+
+ DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount,
+ DeviceStateNotifyMask, NullGrab);
+- free(sev);
+ }
+
+ void
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.02.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.02.patch
new file mode 100644
index 000000000..1704fad67
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.02.patch
@@ -0,0 +1,217 @@
+From 219c54b8a3337456ce5270ded6a67bcde53553d5 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 18 Dec 2023 12:26:20 +1000
+Subject: [PATCH] dix: fix DeviceStateNotify event calculation
+
+The previous code only made sense if one considers buttons and keys to
+be mutually exclusive on a device. That is not necessarily true, causing
+a number of issues.
+
+This function allocates and fills in the number of xEvents we need to
+send the device state down the wire. This is split across multiple
+32-byte devices including one deviceStateNotify event and optional
+deviceKeyStateNotify, deviceButtonStateNotify and (possibly multiple)
+deviceValuator events.
+
+The previous behavior would instead compose a sequence
+of [state, buttonstate, state, keystate, valuator...]. This is not
+protocol correct, and on top of that made the code extremely convoluted.
+
+Fix this by streamlining: add both button and key into the deviceStateNotify
+and then append the key state and button state, followed by the
+valuators. Finally, the deviceValuator events contain up to 6 valuators
+per event but we only ever sent through 3 at a time. Let's double that
+troughput.
+
+CVE-2024-0229, ZDI-CAN-22678
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ dix/enterleave.c | 121 ++++++++++++++++++++---------------------------
+ 1 file changed, 52 insertions(+), 69 deletions(-)
+
+diff --git a/dix/enterleave.c b/dix/enterleave.c
+index 17964b00a4..7b7ba1098b 100644
+--- a/dix/enterleave.c
++++ b/dix/enterleave.c
+@@ -615,9 +615,15 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
+
+ ev->type = DeviceValuator;
+ ev->deviceid = dev->id;
+- ev->num_valuators = nval < 3 ? nval : 3;
++ ev->num_valuators = nval < 6 ? nval : 6;
+ ev->first_valuator = first;
+ switch (ev->num_valuators) {
++ case 6:
++ ev->valuator2 = v->axisVal[first + 5];
++ case 5:
++ ev->valuator2 = v->axisVal[first + 4];
++ case 4:
++ ev->valuator2 = v->axisVal[first + 3];
+ case 3:
+ ev->valuator2 = v->axisVal[first + 2];
+ case 2:
+@@ -626,7 +632,6 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
+ ev->valuator0 = v->axisVal[first];
+ break;
+ }
+- first += ev->num_valuators;
+ }
+
+ static void
+@@ -646,7 +651,7 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k,
+ ev->num_buttons = b->numButtons;
+ memcpy((char *) ev->buttons, (char *) b->down, 4);
+ }
+- else if (k) {
++ if (k) {
+ ev->classes_reported |= (1 << KeyClass);
+ ev->num_keys = k->xkbInfo->desc->max_key_code -
+ k->xkbInfo->desc->min_key_code;
+@@ -670,15 +675,26 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k,
+ }
+ }
+
+-
++/**
++ * The device state notify event is split across multiple 32-byte events.
++ * The first one contains the first 32 button state bits, the first 32
++ * key state bits, and the first 3 valuator values.
++ *
++ * If a device has more than that, the server sends out:
++ * - one deviceButtonStateNotify for buttons 32 and above
++ * - one deviceKeyStateNotify for keys 32 and above
++ * - one deviceValuator event per 6 valuators above valuator 4
++ *
++ * All events but the last one have the deviceid binary ORed with MORE_EVENTS,
++ */
+ static void
+ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
+ {
++ /* deviceStateNotify, deviceKeyStateNotify, deviceButtonStateNotify
++ * and one deviceValuator for each 6 valuators */
++ deviceStateNotify sev[3 + (MAX_VALUATORS + 6)/6];
+ int evcount = 1;
+- deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3];
+- deviceStateNotify *ev;
+- deviceKeyStateNotify *kev;
+- deviceButtonStateNotify *bev;
++ deviceStateNotify *ev = sev;
+
+ KeyClassPtr k;
+ ButtonClassPtr b;
+@@ -691,82 +707,49 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
+
+ if ((b = dev->button) != NULL) {
+ nbuttons = b->numButtons;
+- if (nbuttons > 32)
++ if (nbuttons > 32) /* first 32 are encoded in deviceStateNotify */
+ evcount++;
+ }
+ if ((k = dev->key) != NULL) {
+ nkeys = k->xkbInfo->desc->max_key_code - k->xkbInfo->desc->min_key_code;
+- if (nkeys > 32)
++ if (nkeys > 32) /* first 32 are encoded in deviceStateNotify */
+ evcount++;
+- if (nbuttons > 0) {
+- evcount++;
+- }
+ }
+ if ((v = dev->valuator) != NULL) {
+ nval = v->numAxes;
+-
+- if (nval > 3)
+- evcount++;
+- if (nval > 6) {
+- if (!(k && b))
+- evcount++;
+- if (nval > 9)
+- evcount += ((nval - 7) / 3);
+- }
++ /* first three are encoded in deviceStateNotify, then
++ * it's 6 per deviceValuator event */
++ evcount += ((nval - 3) + 6)/6;
+ }
+
+- ev = sev;
+- FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first);
+-
+- if (b != NULL) {
+- FixDeviceStateNotify(dev, ev++, NULL, b, v, first);
+- first += 3;
+- nval -= 3;
+- if (nbuttons > 32) {
+- (ev - 1)->deviceid |= MORE_EVENTS;
+- bev = (deviceButtonStateNotify *) ev++;
+- bev->type = DeviceButtonStateNotify;
+- bev->deviceid = dev->id;
+- memcpy((char *) &bev->buttons[4], (char *) &b->down[4],
+- DOWN_LENGTH - 4);
+- }
+- if (nval > 0) {
+- (ev - 1)->deviceid |= MORE_EVENTS;
+- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
+- first += 3;
+- nval -= 3;
+- }
++ BUG_RETURN(evcount <= ARRAY_SIZE(sev));
++
++ FixDeviceStateNotify(dev, ev, k, b, v, first);
++
++ if (b != NULL && nbuttons > 32) {
++ deviceButtonStateNotify *bev = (deviceButtonStateNotify *) ++ev;
++ (ev - 1)->deviceid |= MORE_EVENTS;
++ bev->type = DeviceButtonStateNotify;
++ bev->deviceid = dev->id;
++ memcpy((char *) &bev->buttons[4], (char *) &b->down[4],
++ DOWN_LENGTH - 4);
+ }
+
+- if (k != NULL) {
+- FixDeviceStateNotify(dev, ev++, k, NULL, v, first);
+- first += 3;
+- nval -= 3;
+- if (nkeys > 32) {
+- (ev - 1)->deviceid |= MORE_EVENTS;
+- kev = (deviceKeyStateNotify *) ev++;
+- kev->type = DeviceKeyStateNotify;
+- kev->deviceid = dev->id;
+- memmove((char *) &kev->keys[0], (char *) &k->down[4], 28);
+- }
+- if (nval > 0) {
+- (ev - 1)->deviceid |= MORE_EVENTS;
+- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
+- first += 3;
+- nval -= 3;
+- }
++ if (k != NULL && nkeys > 32) {
++ deviceKeyStateNotify *kev = (deviceKeyStateNotify *) ++ev;
++ (ev - 1)->deviceid |= MORE_EVENTS;
++ kev->type = DeviceKeyStateNotify;
++ kev->deviceid = dev->id;
++ memmove((char *) &kev->keys[0], (char *) &k->down[4], 28);
+ }
+
++ first = 3;
++ nval -= 3;
+ while (nval > 0) {
+- FixDeviceStateNotify(dev, ev++, NULL, NULL, v, first);
+- first += 3;
+- nval -= 3;
+- if (nval > 0) {
+- (ev - 1)->deviceid |= MORE_EVENTS;
+- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
+- first += 3;
+- nval -= 3;
+- }
++ ev->deviceid |= MORE_EVENTS;
++ FixDeviceValuator(dev, (deviceValuator *) ++ev, v, first);
++ first += 6;
++ nval -= 6;
+ }
+
+ DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount,
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch
new file mode 100644
index 000000000..1624ec161
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch
@@ -0,0 +1,37 @@
+From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu, 21 Dec 2023 13:48:10 +1000
+Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of
+ buttons
+
+There's a racy sequence where a master device may copy the button class
+from the slave, without ever initializing numButtons. This leads to a
+device with zero buttons but a button class which is invalid.
+
+Let's copy the numButtons value from the source - by definition if we
+don't have a button class yet we do not have any other slave devices
+with more than this number of buttons anyway.
+
+CVE-2024-0229, ZDI-CAN-22678
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ Xi/exevents.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 54ea11a938..e161714682 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+ to->button = calloc(1, sizeof(ButtonClassRec));
+ if (!to->button)
+ FatalError("[Xi] no memory for class shift.\n");
++ to->button->numButtons = from->button->numButtons;
+ }
+ else
+ classes->button = NULL;
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-0408.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0408.patch
new file mode 100644
index 000000000..1efab4974
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0408.patch
@@ -0,0 +1,60 @@
+From e5e8586a12a3ec915673edffa10dc8fe5e15dac3 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 6 Dec 2023 12:09:41 +0100
+Subject: [PATCH] glx: Call XACE hooks on the GLX buffer
+
+The XSELINUX code will label resources at creation by checking the
+access mode. When the access mode is DixCreateAccess, it will call the
+function to label the new resource SELinuxLabelResource().
+
+However, GLX buffers do not go through the XACE hooks when created,
+hence leaving the resource actually unlabeled.
+
+When, later, the client tries to create another resource using that
+drawable (like a GC for example), the XSELINUX code would try to use
+the security ID of that object which has never been labeled, get a NULL
+pointer and crash when checking whether the requested permissions are
+granted for subject security ID.
+
+To avoid the issue, make sure to call the XACE hooks when creating the
+GLX buffers.
+
+Credit goes to Donn Seeley <donn@xmission.com> for providing the patch.
+
+CVE-2024-0408
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ glx/glxcmds.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/glx/glxcmds.c b/glx/glxcmds.c
+index fc26a2e345..1e46d0c723 100644
+--- a/glx/glxcmds.c
++++ b/glx/glxcmds.c
+@@ -48,6 +48,7 @@
+ #include "indirect_util.h"
+ #include "protocol-versions.h"
+ #include "glxvndabi.h"
++#include "xace.h"
+
+ static char GLXServerVendorName[] = "SGI";
+
+@@ -1392,6 +1393,13 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
+ if (!pPixmap)
+ return BadAlloc;
+
++ err = XaceHook(XACE_RESOURCE_ACCESS, client, glxDrawableId, RT_PIXMAP,
++ pPixmap, RT_NONE, NULL, DixCreateAccess);
++ if (err != Success) {
++ (*pGlxScreen->pScreen->DestroyPixmap) (pPixmap);
++ return err;
++ }
++
+ /* Assign the pixmap the same id as the pbuffer and add it as a
+ * resource so it and the DRI2 drawable will be reclaimed when the
+ * pbuffer is destroyed. */
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-0409.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0409.patch
new file mode 100644
index 000000000..7e956fba3
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0409.patch
@@ -0,0 +1,56 @@
+From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 6 Dec 2023 11:51:56 +0100
+Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor
+
+The cursor in DIX is actually split in two parts, the cursor itself and
+the cursor bits, each with their own devPrivates.
+
+The cursor itself includes the cursor bits, meaning that the cursor bits
+devPrivates in within structure of the cursor.
+
+Both Xephyr and Xwayland were using the private key for the cursor bits
+to store the data for the cursor, and when using XSELINUX which comes
+with its own special devPrivates, the data stored in that cursor bits'
+devPrivates would interfere with the XSELINUX devPrivates data and the
+SELINUX security ID would point to some other unrelated data, causing a
+crash in the XSELINUX code when trying to (re)use the security ID.
+
+CVE-2024-0409
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ hw/kdrive/ephyr/ephyrcursor.c | 2 +-
+ hw/xwayland/xwayland-cursor.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c
+index f991899c50..3f192d034a 100644
+--- a/hw/kdrive/ephyr/ephyrcursor.c
++++ b/hw/kdrive/ephyr/ephyrcursor.c
+@@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = {
+ Bool
+ ephyrCursorInit(ScreenPtr screen)
+ {
+- if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS,
++ if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR,
+ sizeof(ephyrCursorRec)))
+ return FALSE;
+
+diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
+index e3c1aaa50c..bd94b0cfbb 100644
+--- a/hw/xwayland/xwayland-cursor.c
++++ b/hw/xwayland/xwayland-cursor.c
+@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = {
+ Bool
+ xwl_screen_init_cursor(struct xwl_screen *xwl_screen)
+ {
+- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0))
++ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0))
+ return FALSE;
+
+ return miPointerInitialize(xwl_screen->screen,
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-21885.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-21885.patch
new file mode 100644
index 000000000..949efd7c6
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-21885.patch
@@ -0,0 +1,109 @@
+From 4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu, 4 Jan 2024 10:01:24 +1000
+Subject: [PATCH] Xi: flush hierarchy events after adding/removing master
+ devices
+
+The `XISendDeviceHierarchyEvent()` function allocates space to store up
+to `MAXDEVICES` (256) `xXIHierarchyInfo` structures in `info`.
+
+If a device with a given ID was removed and a new device with the same
+ID added both in the same operation, the single device ID will lead to
+two info structures being written to `info`.
+
+Since this case can occur for every device ID at once, a total of two
+times `MAXDEVICES` info structures might be written to the allocation.
+
+To avoid it, once one add/remove master is processed, send out the
+device hierarchy event for the current state and continue. That event
+thus only ever has exactly one of either added/removed in it (and
+optionally slave attached/detached).
+
+CVE-2024-21885, ZDI-CAN-22744
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ Xi/xichangehierarchy.c | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
+index d2d985848d..72d00451e3 100644
+--- a/Xi/xichangehierarchy.c
++++ b/Xi/xichangehierarchy.c
+@@ -416,6 +416,11 @@ ProcXIChangeHierarchy(ClientPtr client)
+ size_t len; /* length of data remaining in request */
+ int rc = Success;
+ int flags[MAXDEVICES] = { 0 };
++ enum {
++ NO_CHANGE,
++ FLUSH,
++ CHANGED,
++ } changes = NO_CHANGE;
+
+ REQUEST(xXIChangeHierarchyReq);
+ REQUEST_AT_LEAST_SIZE(xXIChangeHierarchyReq);
+@@ -465,8 +470,9 @@ ProcXIChangeHierarchy(ClientPtr client)
+ rc = add_master(client, c, flags);
+ if (rc != Success)
+ goto unwind;
+- }
++ changes = FLUSH;
+ break;
++ }
+ case XIRemoveMaster:
+ {
+ xXIRemoveMasterInfo *r = (xXIRemoveMasterInfo *) any;
+@@ -475,8 +481,9 @@ ProcXIChangeHierarchy(ClientPtr client)
+ rc = remove_master(client, r, flags);
+ if (rc != Success)
+ goto unwind;
+- }
++ changes = FLUSH;
+ break;
++ }
+ case XIDetachSlave:
+ {
+ xXIDetachSlaveInfo *c = (xXIDetachSlaveInfo *) any;
+@@ -485,8 +492,9 @@ ProcXIChangeHierarchy(ClientPtr client)
+ rc = detach_slave(client, c, flags);
+ if (rc != Success)
+ goto unwind;
+- }
++ changes = CHANGED;
+ break;
++ }
+ case XIAttachSlave:
+ {
+ xXIAttachSlaveInfo *c = (xXIAttachSlaveInfo *) any;
+@@ -495,16 +503,25 @@ ProcXIChangeHierarchy(ClientPtr client)
+ rc = attach_slave(client, c, flags);
+ if (rc != Success)
+ goto unwind;
++ changes = CHANGED;
++ break;
+ }
++ default:
+ break;
+ }
+
++ if (changes == FLUSH) {
++ XISendDeviceHierarchyEvent(flags);
++ memset(flags, 0, sizeof(flags));
++ changes = NO_CHANGE;
++ }
++
+ len -= any->length * 4;
+ any = (xXIAnyHierarchyChangeInfo *) ((char *) any + any->length * 4);
+ }
+
+ unwind:
+-
+- XISendDeviceHierarchyEvent(flags);
++ if (changes != NO_CHANGE)
++ XISendDeviceHierarchyEvent(flags);
+ return rc;
+ }
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.01.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.01.patch
new file mode 100644
index 000000000..e58fe8d78
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.01.patch
@@ -0,0 +1,70 @@
+From bc1fdbe46559dd947674375946bbef54dd0ce36b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
+Date: Fri, 22 Dec 2023 18:28:31 +0100
+Subject: [PATCH] Xi: do not keep linked list pointer during recursion
+
+The `DisableDevice()` function is called whenever an enabled device
+is disabled and it moves the device from the `inputInfo.devices` linked
+list to the `inputInfo.off_devices` linked list.
+
+However, its link/unlink operation has an issue during the recursive
+call to `DisableDevice()` due to the `prev` pointer pointing to a
+removed device.
+
+This issue leads to a length mismatch between the total number of
+devices and the number of device in the list, leading to a heap
+overflow and, possibly, to local privilege escalation.
+
+Simplify the code that checked whether the device passed to
+`DisableDevice()` was in `inputInfo.devices` or not and find the
+previous device after the recursion.
+
+CVE-2024-21886, ZDI-CAN-22840
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+---
+ dix/devices.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/dix/devices.c b/dix/devices.c
+index dca98c8d1b..389d28a23c 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -453,14 +453,20 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
+ {
+ DeviceIntPtr *prev, other;
+ BOOL enabled;
++ BOOL dev_in_devices_list = FALSE;
+ int flags[MAXDEVICES] = { 0 };
+
+ if (!dev->enabled)
+ return TRUE;
+
+- for (prev = &inputInfo.devices;
+- *prev && (*prev != dev); prev = &(*prev)->next);
+- if (*prev != dev)
++ for (other = inputInfo.devices; other; other = other->next) {
++ if (other == dev) {
++ dev_in_devices_list = TRUE;
++ break;
++ }
++ }
++
++ if (!dev_in_devices_list)
+ return FALSE;
+
+ TouchEndPhysicallyActiveTouches(dev);
+@@ -511,6 +517,9 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
+ LeaveWindow(dev);
+ SetFocusOut(dev);
+
++ for (prev = &inputInfo.devices;
++ *prev && (*prev != dev); prev = &(*prev)->next);
++
+ *prev = dev->next;
+ dev->next = inputInfo.off_devices;
+ inputInfo.off_devices = dev;
+--
+GitLab
+
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.02.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.02.patch
new file mode 100644
index 000000000..de7422442
--- /dev/null
+++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.02.patch
@@ -0,0 +1,53 @@
+From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Fri, 5 Jan 2024 09:40:27 +1000
+Subject: [PATCH] dix: when disabling a master, float disabled slaved devices
+ too
+
+Disabling a master device floats all slave devices but we didn't do this
+to already-disabled slave devices. As a result those devices kept their
+reference to the master device resulting in access to already freed
+memory if the master device was removed before the corresponding slave
+device.
+
+And to match this behavior, also forcibly reset that pointer during
+CloseDownDevices().
+
+Related to CVE-2024-21886, ZDI-CAN-22840
+---
+ dix/devices.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/dix/devices.c b/dix/devices.c
+index 389d28a23c..84a6406d13 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
+ flags[other->id] |= XISlaveDetached;
+ }
+ }
++
++ for (other = inputInfo.off_devices; other; other = other->next) {
++ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) {
++ AttachDevice(NULL, other, NULL);
++ flags[other->id] |= XISlaveDetached;
++ }
++ }
+ }
+ else {
+ for (other = inputInfo.devices; other; other = other->next) {
+@@ -1088,6 +1095,11 @@ CloseDownDevices(void)
+ dev->master = NULL;
+ }
+
++ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
++ if (!IsMaster(dev) && !IsFloating(dev))
++ dev->master = NULL;
++ }
++
+ CloseDeviceList(&inputInfo.devices);
+ CloseDeviceList(&inputInfo.off_devices);
+
+--
+GitLab
+
diff --git a/extra/source/tigervnc/tigervnc.SlackBuild b/extra/source/tigervnc/tigervnc.SlackBuild
index 6df803a4a..bb1f64348 100755
--- a/extra/source/tigervnc/tigervnc.SlackBuild
+++ b/extra/source/tigervnc/tigervnc.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=tigervnc
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
XORGVER=${XORGVER:-$(echo xorg-server-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4_slack15.0}
+BUILD=${BUILD:-5_slack15.0}
# Do we build the java applet (needs jdk)?
JAVA_APPLET=${JAVA_APPLET:-"OFF"}
@@ -115,6 +115,17 @@ tar xvf $CWD/xorg-server-$XORGVER.tar.?z --strip-components=1 -C unix/xserver ||
zcat $CWD/patches/xorg-server/CVE-2023-1393.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/xorg-server/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/xorg-server/CVE-2023-5380.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2023-6377.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2023-6478.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2023-6816.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-0408.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-0409.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-21885.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/patches/xorg-server/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || exit 1
autoreconf -vif || exit 1
) || exit 1
diff --git a/recompress.sh b/recompress.sh
index 17334d110..1a9b18efc 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -22,16 +22,24 @@ gzip ./extra/source/tigervnc/patches/tigervnc.pam.d.diff
gzip ./extra/source/tigervnc/patches/force_protocol_3.3_for_UVNCSC.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-46342.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2023-5380.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-21885.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-46343.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.02.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2023-6377.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2023-6478.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0408.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch
gzip ./extra/source/tigervnc/patches/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-3553.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-46340.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2023-0494.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.02.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-46340.correction.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-46344.patch
gzip ./extra/source/tigervnc/patches/xorg-server/0001-autobind-GPUs-to-the-screen.patch
gzip ./extra/source/tigervnc/patches/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch
gzip ./extra/source/tigervnc/patches/xorg-server/857.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-21886.01.patch
gzip ./extra/source/tigervnc/patches/xorg-server/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-3551.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-4283.patch
@@ -39,9 +47,12 @@ gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2023-1393.patch
gzip ./extra/source/tigervnc/patches/xorg-server/fix-nouveau-segfault.diff
gzip ./extra/source/tigervnc/patches/xorg-server/fix-pci-segfault.diff
gzip ./extra/source/tigervnc/patches/xorg-server/x11.startwithblackscreen.diff
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.01.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2023-6816.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-46341.patch
gzip ./extra/source/tigervnc/patches/xorg-server/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch
gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2022-3550.patch
+gzip ./extra/source/tigervnc/patches/xorg-server/CVE-2024-0409.patch
gzip ./extra/source/tigervnc/patches/xorg-server/06_use-intel-only-on-pre-gen4.diff
gzip ./extra/source/tigervnc/patches/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch
gzip ./extra/source/tigervnc/patches/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch
generated by cgit v1.2.3 (git 2.26.2) at 2024-05-08 12:50:32 +0000