Compare commits
No commits in common. "fe715b5cdd9efb718db2269c090d9574d21c3552" and "bbb83358c3e94eb97f2c5a319cf23474b250a842" have entirely different histories.
fe715b5cdd
...
bbb83358c3
@ -1,58 +0,0 @@
|
||||
From 65977c33a6735b0ffc7d2c691243452f75c1f68c Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Date: Wed, 27 Nov 2024 14:41:45 +0100
|
||||
Subject: [PATCH] xkb: Fix buffer overflow in XkbVModMaskText()
|
||||
|
||||
The code in XkbVModMaskText() allocates a fixed sized buffer on the
|
||||
stack and copies the virtual mod name.
|
||||
|
||||
There's actually two issues in the code that can lead to a buffer
|
||||
overflow.
|
||||
|
||||
First, the bound check mixes pointers and integers using misplaced
|
||||
parenthesis, defeating the bound check.
|
||||
|
||||
But even though, if the check fails, the data is still copied, so the
|
||||
stack overflow will occur regardless.
|
||||
|
||||
Change the logic to skip the copy entirely if the bound check fails.
|
||||
|
||||
(cherry picked from xorg/xserver@11fcda8753e994e15eb915d28cf487660ec8e722)
|
||||
|
||||
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
---
|
||||
src/xkbtext.c | 16 ++++++++--------
|
||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/xkbtext.c b/src/xkbtext.c
|
||||
index 4459ca7..59429b2 100644
|
||||
--- a/src/xkbtext.c
|
||||
+++ b/src/xkbtext.c
|
||||
@@ -190,14 +190,14 @@ XkbVModMaskText(Display * dpy,
|
||||
len = strlen(tmp) + 1 + (str == buf ? 0 : 1);
|
||||
if (format == XkbCFile)
|
||||
len += 4;
|
||||
- if ((str - (buf + len)) <= BUFFER_SIZE) {
|
||||
- if (str != buf) {
|
||||
- if (format == XkbCFile)
|
||||
- *str++ = '|';
|
||||
- else
|
||||
- *str++ = '+';
|
||||
- len--;
|
||||
- }
|
||||
+ if ((str - buf) + len > BUFFER_SIZE)
|
||||
+ continue; /* Skip */
|
||||
+ if (str != buf) {
|
||||
+ if (format == XkbCFile)
|
||||
+ *str++ = '|';
|
||||
+ else
|
||||
+ *str++ = '+';
|
||||
+ len--;
|
||||
}
|
||||
if (format == XkbCFile)
|
||||
sprintf(str, "%sMask", tmp);
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
libxkbfile1
|
||||
provides "xorg-x11-libxkbfile-<targettype> = 7.6_<version>"
|
||||
obsoletes "xorg-x11-libxkbfile-<targettype> < 7.6_<version>"
|
||||
libxkbfile-devel
|
||||
requires -libxkbfile-<targettype>
|
||||
requires "libxkbfile1-<targettype> = <version>"
|
||||
provides "xorg-x11-libxkbfile-devel-<targettype> = 7.6_<version>"
|
||||
obsoletes "xorg-x11-libxkbfile-devel-<targettype> < 7.6_<version>"
|
||||
BIN
libxkbfile-1.1.0.tar.bz2
Normal file
BIN
libxkbfile-1.1.0.tar.bz2
Normal file
Binary file not shown.
Binary file not shown.
@ -1,16 +1,12 @@
|
||||
%define lname libxkbfile1
|
||||
Name: libxkbfile
|
||||
Version: 1.1.2
|
||||
Release: 2
|
||||
Version: 1.1.0
|
||||
Release: 2
|
||||
Summary: X11 keyboard file manipulation library
|
||||
License: MIT
|
||||
URL: https://www.x.org
|
||||
Source0: https://www.x.org/releases/individual/lib/%{name}-%{version}.tar.xz
|
||||
Source1: baselibs.conf
|
||||
Source0: https://www.x.org/releases/individual/lib/%{name}-%{version}.tar.bz2
|
||||
|
||||
Patch6000: backport-CVE-2025-26595.patch
|
||||
|
||||
BuildRequires: autoconf >= 2.60 automake libtool pkgconfig pkgconfig(kbproto) pkgconfig(x11) pkgconfig(xorg-macros) >= 1.8
|
||||
BuildRequires: gcc xorg-x11-proto-devel libX11-devel
|
||||
|
||||
%description
|
||||
Libxkbfile is used by the X servers and utilities to parse the XKB
|
||||
@ -27,20 +23,16 @@ This package is the development files for %{name}.
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
|
||||
%build
|
||||
%configure --disable-static
|
||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||
%configure
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
%delete_la_and_a
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license COPYING
|
||||
@ -54,21 +46,6 @@ find %{buildroot} -type f -name "*.la" -delete -print
|
||||
%{_libdir}/%{name}.so
|
||||
|
||||
%changelog
|
||||
* Thu Feb 27 2025 lingsheng <lingsheng1@h-partners.com> - 1.1.2-2
|
||||
- fix CVE-2025-26595
|
||||
|
||||
* Tue Feb 14 2023 lilong <lilong@kylinos.cn> - 1.1.2-1
|
||||
- Upgrade to 1.1.2
|
||||
|
||||
* Wed Oct 26 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.1.0-5
|
||||
- Rebuild for next release
|
||||
|
||||
* Thu Feb 18 2021 jinzhimin <jinzhimin2@huawei.com> - 1.1.0-4
|
||||
- rebuild libxkbfile
|
||||
|
||||
* Thu Feb 18 2021 jinzhimin <jinzhimin2@huawei.com> - 1.1.0-3
|
||||
- add check in spec
|
||||
|
||||
* Mon Oct 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.0-2
|
||||
- Type:enhancement
|
||||
- Id:NA
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
version_control: git
|
||||
src_repo: https://gitlab.freedesktop.org/xorg/lib/libxmu.git
|
||||
src_repo: git@gitlab.freedesktop.org:xorg/lib/libxkbfile.git
|
||||
tag_prefix: libxkbfile-
|
||||
seperator: "."
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user