!8 fix CVE-2020-14363
From: @chengguipeng_xian Reviewed-by: @orange-snn Signed-off-by: @orange-snn
This commit is contained in:
openeuler-ci-bot
Gitee
commit
f0cc800fad
28
CVE-2020-14363.patch
Normal file
28
CVE-2020-14363.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Thu, 13 Aug 2020 18:02:58 +0200
|
||||
Subject: [PATCH] Fix an integer overflow in init_om()
|
||||
CVE-2020-14363
|
||||
This can lead to a double free later, as reported by Jayden Rivers.
|
||||
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
---
|
||||
modules/om/generic/omGeneric.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
|
||||
index c44acb88..406cec93 100644
|
||||
--- a/modules/om/generic/omGeneric.c
|
||||
+++ b/modules/om/generic/omGeneric.c
|
||||
@@ -1908,7 +1908,8 @@ init_om(
|
||||
char **required_list;
|
||||
XOrientation *orientation;
|
||||
char **value, buf[BUFSIZ], *bufptr;
|
||||
- int count = 0, num = 0, length = 0;
|
||||
+ int count = 0, num = 0;
|
||||
+ unsigned int length = 0;
|
||||
|
||||
_XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
|
||||
if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
|
||||
--
|
||||
GitLab
|
||||
|
||||
10
libX11.spec
10
libX11.spec
@ -1,6 +1,6 @@
|
||||
Name: libX11
|
||||
Version: 1.6.9
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: Core X11 protocol client library
|
||||
License: MIT
|
||||
URL: http://www.x.org
|
||||
@ -8,6 +8,8 @@ Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.
|
||||
|
||||
Patch1: dont-forward-keycode-0.patch
|
||||
Patch2: CVE-2020-14344.patch
|
||||
Patch3: CVE-2020-14363.patch
|
||||
|
||||
BuildRequires: xorg-x11-util-macros >= 1.11 xorg-x11-proto-devel perl-Pod-Usage libXau-devel
|
||||
BuildRequires: libxcb-devel >= 1.2 libXdmcp-devel xorg-x11-xtrans-devel >= 1.0.3-4
|
||||
|
||||
@ -73,6 +75,12 @@ make %{?_smp_mflags} check
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Fri Sep 30 2020 chengguipeng<chenguipeng1@huawei.com> - 1.6.9-4
|
||||
- Type:bugfix
|
||||
- Id:NA
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2020-14363
|
||||
|
||||
* Tue Sep 8 2020 zhanghua <zhanghua40@huawei.com> - 1.6.9-3
|
||||
- Type:bugfix
|
||||
- Id:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user