diff options
Diffstat (limited to 'source/x')
-rw-r--r-- | source/x/xorg-server-xwayland/CVE-2022-3550.patch | 34 | ||||
-rw-r--r-- | source/x/xorg-server-xwayland/CVE-2022-3551.patch | 59 | ||||
-rwxr-xr-x | source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild | 14 |
3 files changed, 8 insertions, 99 deletions
diff --git a/source/x/xorg-server-xwayland/CVE-2022-3550.patch b/source/x/xorg-server-xwayland/CVE-2022-3550.patch deleted file mode 100644 index 3461b0749..000000000 --- a/source/x/xorg-server-xwayland/CVE-2022-3550.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001 -From: Peter Hutterer <peter.hutterer@who-t.net> -Date: Tue, 5 Jul 2022 12:06:20 +1000 -Subject: xkb: proof GetCountedString against request length attacks - -GetCountedString did a check for the whole string to be within the -request buffer but not for the initial 2 bytes that contain the length -field. A swapped client could send a malformed request to trigger a -swaps() on those bytes, writing into random memory. - -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> ---- - xkb/xkb.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index f42f59ef3..1841cff26 100644 ---- a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) - CARD16 len; - - wire = *wire_inout; -+ -+ if (client->req_len < -+ bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) -+ return BadValue; -+ - len = *(CARD16 *) wire; - if (client->swapped) { - swaps(&len); --- -cgit v1.2.1 - diff --git a/source/x/xorg-server-xwayland/CVE-2022-3551.patch b/source/x/xorg-server-xwayland/CVE-2022-3551.patch deleted file mode 100644 index e41db9286..000000000 --- a/source/x/xorg-server-xwayland/CVE-2022-3551.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer <peter.hutterer@who-t.net> -Date: Wed, 13 Jul 2022 11:23:09 +1000 -Subject: xkb: fix some possible memleaks in XkbGetKbdByName - -GetComponentByName returns an allocated string, so let's free that if we -fail somewhere. - -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> ---- - xkb/xkb.c | 26 ++++++++++++++++++++------ - 1 file changed, 20 insertions(+), 6 deletions(-) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index 4692895db..b79a269e3 100644 ---- a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) - xkb = dev->key->xkbInfo->desc; - status = Success; - str = (unsigned char *) &stuff[1]; -- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ -- return BadMatch; -+ { -+ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ -+ if (keymap) { -+ free(keymap); -+ return BadMatch; -+ } -+ } - names.keycodes = GetComponentSpec(&str, TRUE, &status); - names.types = GetComponentSpec(&str, TRUE, &status); - names.compat = GetComponentSpec(&str, TRUE, &status); - names.symbols = GetComponentSpec(&str, TRUE, &status); - names.geometry = GetComponentSpec(&str, TRUE, &status); -- if (status != Success) -+ if (status == Success) { -+ len = str - ((unsigned char *) stuff); -+ if ((XkbPaddedSize(len) / 4) != stuff->length) -+ status = BadLength; -+ } -+ -+ if (status != Success) { -+ free(names.keycodes); -+ free(names.types); -+ free(names.compat); -+ free(names.symbols); -+ free(names.geometry); - return status; -- len = str - ((unsigned char *) stuff); -- if ((XkbPaddedSize(len) / 4) != stuff->length) -- return BadLength; -+ } - - CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); - CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); --- -cgit v1.2.1 - diff --git a/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild index b0da0fe1d..06948306c 100755 --- a/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild +++ b/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2016, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2016, 2018, 2019, 2022 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=xorg-server-xwayland SRCNAM=xwayland VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Default font paths to be used by the X server: DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" @@ -80,10 +80,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Patch more security issues: -zcat $CWD/CVE-2022-3550.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2022-3551.patch.gz | patch -p1 --verbose || exit 1 - # Configure, build, and install: export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS" @@ -155,6 +151,12 @@ if [ -r ChangeLog ]; then touch -r ChangeLog $DOCSDIR/ChangeLog fi +# Relocate some docs: +mv $PKG/usr/share/doc/xorg-server/* $PKG/usr/doc/$PKGNAM-$VERSION +rmdir $PKG/usr/share/doc/xorg-server +rmdir $PKG/usr/share/doc +rmdir $PKG/usr/share + mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc |