diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-12-19 21:18:22 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-12-19 23:42:51 +0100 |
| commit | 4f53dfead2169d2c8e9d22b1cdb5ed71083fb9b4 (patch) | |
| tree | 7caae70efb3c70ce9998a5f3db2b19fdc5862d28 /source | |
| parent | 57959418015d2328d4c126c8a06068c84c83c1c3 (diff) | |
| download | current-4f53dfead2169d2c8e9d22b1cdb5ed71083fb9b4.tar.gz current-4f53dfead2169d2c8e9d22b1cdb5ed71083fb9b4.tar.xz | |
Mon Dec 19 21:18:22 UTC 202220221219211822
a/logrotate-3.21.0-x86_64-1.txz: Upgraded.
kde/gwenview-22.12.0-x86_64-2.txz: Rebuilt.
Recompiled against cfitsio-4.2.0.
kde/kstars-3.6.2-x86_64-2.txz: Rebuilt.
Recompiled against cfitsio-4.2.0.
l/cfitsio-4.2.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/gsettings-desktop-schemas-43.0-x86_64-1.txz: Upgraded.
l/gtk4-4.8.2-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.6-x86_64-1.txz: Upgraded.
This release fixes an invalid event type mask in XTestSwapFakeInput which
was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix
for CVE-2022-46340.
x/xorg-server-xephyr-21.1.6-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.6-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.6-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-22.1.7-x86_64-1.txz: Upgraded.
This release fixes an invalid event type mask in XTestSwapFakeInput which
was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix
for CVE-2022-46340.
testing/packages/rust-1.66.0-x86_64-1.txz: Added.
Diffstat (limited to 'source')
| -rw-r--r-- | source/kde/kde/build/gwenview | 2 | ||||
| -rw-r--r-- | source/kde/kde/build/kstars | 2 | ||||
| -rw-r--r-- | source/x/x11/patch/xorg-server.patch | 5 | ||||
| -rw-r--r-- | source/x/x11/patch/xorg-server/CVE-2022-3550.patch | 34 | ||||
| -rw-r--r-- | source/x/x11/patch/xorg-server/CVE-2022-3551.patch | 59 |
5 files changed, 2 insertions, 100 deletions
diff --git a/source/kde/kde/build/gwenview b/source/kde/kde/build/gwenview index d00491fd7..0cfbf0888 100644 --- a/source/kde/kde/build/gwenview +++ b/source/kde/kde/build/gwenview @@ -1 +1 @@ -1 +2 diff --git a/source/kde/kde/build/kstars b/source/kde/kde/build/kstars index d00491fd7..0cfbf0888 100644 --- a/source/kde/kde/build/kstars +++ b/source/kde/kde/build/kstars @@ -1 +1 @@ -1 +2 diff --git a/source/x/x11/patch/xorg-server.patch b/source/x/x11/patch/xorg-server.patch index b0c4f28bc..b75c4cf40 100644 --- a/source/x/x11/patch/xorg-server.patch +++ b/source/x/x11/patch/xorg-server.patch @@ -21,8 +21,3 @@ zcat $CWD/patch/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-Ge # Only use Intel DDX with pre-gen4 hardware. Newer hardware will the the modesetting driver by default: zcat $CWD/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -# Patch some more security issues: -zcat $CWD/patch/xorg-server/CVE-2022-3550.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/CVE-2022-3551.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -# This one doesn't apply properly, but it's for OSX anyway :) -#zcat $CWD/patch/xorg-server/CVE-2022-3553.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/source/x/x11/patch/xorg-server/CVE-2022-3550.patch b/source/x/x11/patch/xorg-server/CVE-2022-3550.patch deleted file mode 100644 index 3461b0749..000000000 --- a/source/x/x11/patch/xorg-server/CVE-2022-3550.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001 -From: Peter Hutterer <peter.hutterer@who-t.net> -Date: Tue, 5 Jul 2022 12:06:20 +1000 -Subject: xkb: proof GetCountedString against request length attacks - -GetCountedString did a check for the whole string to be within the -request buffer but not for the initial 2 bytes that contain the length -field. A swapped client could send a malformed request to trigger a -swaps() on those bytes, writing into random memory. - -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> ---- - xkb/xkb.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index f42f59ef3..1841cff26 100644 ---- a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) - CARD16 len; - - wire = *wire_inout; -+ -+ if (client->req_len < -+ bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) -+ return BadValue; -+ - len = *(CARD16 *) wire; - if (client->swapped) { - swaps(&len); --- -cgit v1.2.1 - diff --git a/source/x/x11/patch/xorg-server/CVE-2022-3551.patch b/source/x/x11/patch/xorg-server/CVE-2022-3551.patch deleted file mode 100644 index e41db9286..000000000 --- a/source/x/x11/patch/xorg-server/CVE-2022-3551.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer <peter.hutterer@who-t.net> -Date: Wed, 13 Jul 2022 11:23:09 +1000 -Subject: xkb: fix some possible memleaks in XkbGetKbdByName - -GetComponentByName returns an allocated string, so let's free that if we -fail somewhere. - -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> ---- - xkb/xkb.c | 26 ++++++++++++++++++++------ - 1 file changed, 20 insertions(+), 6 deletions(-) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index 4692895db..b79a269e3 100644 ---- a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) - xkb = dev->key->xkbInfo->desc; - status = Success; - str = (unsigned char *) &stuff[1]; -- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ -- return BadMatch; -+ { -+ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ -+ if (keymap) { -+ free(keymap); -+ return BadMatch; -+ } -+ } - names.keycodes = GetComponentSpec(&str, TRUE, &status); - names.types = GetComponentSpec(&str, TRUE, &status); - names.compat = GetComponentSpec(&str, TRUE, &status); - names.symbols = GetComponentSpec(&str, TRUE, &status); - names.geometry = GetComponentSpec(&str, TRUE, &status); -- if (status != Success) -+ if (status == Success) { -+ len = str - ((unsigned char *) stuff); -+ if ((XkbPaddedSize(len) / 4) != stuff->length) -+ status = BadLength; -+ } -+ -+ if (status != Success) { -+ free(names.keycodes); -+ free(names.types); -+ free(names.compat); -+ free(names.symbols); -+ free(names.geometry); - return status; -- len = str - ((unsigned char *) stuff); -- if ((XkbPaddedSize(len) / 4) != stuff->length) -- return BadLength; -+ } - - CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); - CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); --- -cgit v1.2.1 - |