fix CVE-2022-3551,CVE-2022-3553
This commit is contained in:
wangkerong
parent
14c9308cc6
commit
dae2610b0b
@ -1,21 +1,24 @@
|
||||
From d7ac1fb14657f278fcc32863aa99eb32a2069d58 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 24 Oct 2022 17:06:15 +0800
|
||||
Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
|
||||
From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Date: Wed, 13 Jul 2022 11:23:09 +1000
|
||||
Subject: xkb: fix some possible memleaks in XkbGetKbdByName
|
||||
|
||||
GetComponentByName returns an allocated string, so let's free that if we
|
||||
fail somewhere.
|
||||
|
||||
Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
|
||||
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2
|
||||
---
|
||||
xkb/xkb.c | 24 ++++++++++++++++++++----
|
||||
1 file changed, 20 insertions(+), 4 deletions(-)
|
||||
xkb/xkb.c | 26 ++++++++++++++++++++------
|
||||
1 file changed, 20 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/xkb/xkb.c b/xkb/xkb.c
|
||||
index 4dccc62..123671a 100644
|
||||
index 4692895db..b79a269e3 100644
|
||||
--- a/xkb/xkb.c
|
||||
+++ b/xkb/xkb.c
|
||||
@@ -5936,19 +5936,35 @@ ProcXkbGetKbdByName(ClientPtr client)
|
||||
@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
|
||||
xkb = dev->key->xkbInfo->desc;
|
||||
status = Success;
|
||||
str = (unsigned char *) &stuff[1];
|
||||
@ -47,14 +50,13 @@ index 4dccc62..123671a 100644
|
||||
+ free(names.symbols);
|
||||
+ free(names.geometry);
|
||||
return status;
|
||||
len = str - ((unsigned char *) stuff);
|
||||
if ((XkbPaddedSize(len) / 4) != stuff->length)
|
||||
return BadLength;
|
||||
-
|
||||
- len = str - ((unsigned char *) stuff);
|
||||
- if ((XkbPaddedSize(len) / 4) != stuff->length)
|
||||
- return BadLength;
|
||||
+ }
|
||||
|
||||
CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
|
||||
CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
|
||||
|
||||
--
|
||||
2.33.0
|
||||
cgit v1.2.1
|
||||
|
||||
46
backport-CVE-2022-3553.patch
Normal file
46
backport-CVE-2022-3553.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From dfd057996b26420309c324ec844a5ba6dd07eda3 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
||||
Date: Sat, 2 Jul 2022 14:17:18 -0700
|
||||
Subject: xquartz: Fix a possible crash when editing the Application menu due
|
||||
to mutaing immutable arrays
|
||||
|
||||
Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object
|
||||
|
||||
Application Specific Backtrace 0:
|
||||
0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242
|
||||
1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48
|
||||
2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194
|
||||
3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0
|
||||
4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119
|
||||
5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169
|
||||
|
||||
Fixes: https://github.com/XQuartz/XQuartz/issues/267
|
||||
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3
|
||||
---
|
||||
hw/xquartz/X11Controller.m | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m
|
||||
index 3b55bb6a5..e9a939312 100644
|
||||
--- a/hw/xquartz/X11Controller.m
|
||||
+++ b/hw/xquartz/X11Controller.m
|
||||
@@ -469,8 +469,11 @@ extern char *bundle_id_prefix;
|
||||
self.table_apps = table_apps;
|
||||
|
||||
NSArray * const apps = self.apps;
|
||||
- if (apps != nil)
|
||||
- [table_apps addObjectsFromArray:apps];
|
||||
+ if (apps != nil) {
|
||||
+ for (NSArray <NSString *> * row in apps) {
|
||||
+ [table_apps addObject:row.mutableCopy];
|
||||
+ }
|
||||
+ }
|
||||
|
||||
columns = [apps_table tableColumns];
|
||||
[[columns objectAtIndex:0] setIdentifier:@"0"];
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
||||
@ -283,7 +283,6 @@ include/xkb-config.h
|
||||
include/xorg-config.h
|
||||
include/xorg-server.h
|
||||
include/xwin-config.h
|
||||
include/dix-config.h
|
||||
mfb/mfbbltC.c
|
||||
mfb/mfbbltCI.c
|
||||
mfb/mfbbltG.c
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
Name: xorg-x11-server
|
||||
Version: 1.20.11
|
||||
Release: 11
|
||||
Release: 12
|
||||
Summary: X.Org X11 X server
|
||||
License: MIT and GPLv2
|
||||
URL: https://www.x.org
|
||||
@ -89,10 +89,11 @@ Patch6004: backport-rename-bool-to-boolean.patch
|
||||
Patch6005: backport-0001-CVE-2022-2319.patch
|
||||
Patch6006: backport-0002-CVE-2022-2319.patch
|
||||
Patch6007: backport-CVE-2022-2320.patch
|
||||
Patch6008: CVE-2022-3551.patch
|
||||
Patch6008: backport-CVE-2022-3551.patch
|
||||
%ifarch sw_64
|
||||
Patch6009: xorg-server-1.20.11-sw.patch
|
||||
%endif
|
||||
Patch6010: backport-CVE-2022-3553.patch
|
||||
|
||||
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc
|
||||
BuildRequires: systemtap-sdt-devel libtool pkgconfig
|
||||
@ -436,6 +437,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
|
||||
%{_mandir}/man*/*
|
||||
|
||||
%changelog
|
||||
* Fri Nov 18 2022 wangkerong <wangkerong@h-partners.com> -1.20.11-12
|
||||
- fix CVE-2022-3551,CVE-2022-3553
|
||||
|
||||
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.20.11-11
|
||||
- Add sw64 architecture
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user