fix CVE-2022-3551,CVE-2022-3553
This commit is contained in:
wangkerong
parent
14c9308cc6
commit
dae2610b0b
@ -1,21 +1,24 @@
|
|||||||
From d7ac1fb14657f278fcc32863aa99eb32a2069d58 Mon Sep 17 00:00:00 2001
|
From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
|
||||||
From: rpm-build <rpm-build>
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
Date: Mon, 24 Oct 2022 17:06:15 +0800
|
Date: Wed, 13 Jul 2022 11:23:09 +1000
|
||||||
Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
|
Subject: xkb: fix some possible memleaks in XkbGetKbdByName
|
||||||
|
|
||||||
GetComponentByName returns an allocated string, so let's free that if we
|
GetComponentByName returns an allocated string, so let's free that if we
|
||||||
fail somewhere.
|
fail somewhere.
|
||||||
|
|
||||||
Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
|
|
||||||
|
Conflict:NA
|
||||||
|
Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2
|
||||||
---
|
---
|
||||||
xkb/xkb.c | 24 ++++++++++++++++++++----
|
xkb/xkb.c | 26 ++++++++++++++++++++------
|
||||||
1 file changed, 20 insertions(+), 4 deletions(-)
|
1 file changed, 20 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/xkb/xkb.c b/xkb/xkb.c
|
diff --git a/xkb/xkb.c b/xkb/xkb.c
|
||||||
index 4dccc62..123671a 100644
|
index 4692895db..b79a269e3 100644
|
||||||
--- a/xkb/xkb.c
|
--- a/xkb/xkb.c
|
||||||
+++ b/xkb/xkb.c
|
+++ b/xkb/xkb.c
|
||||||
@@ -5936,19 +5936,35 @@ ProcXkbGetKbdByName(ClientPtr client)
|
@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
|
||||||
xkb = dev->key->xkbInfo->desc;
|
xkb = dev->key->xkbInfo->desc;
|
||||||
status = Success;
|
status = Success;
|
||||||
str = (unsigned char *) &stuff[1];
|
str = (unsigned char *) &stuff[1];
|
||||||
@ -47,14 +50,13 @@ index 4dccc62..123671a 100644
|
|||||||
+ free(names.symbols);
|
+ free(names.symbols);
|
||||||
+ free(names.geometry);
|
+ free(names.geometry);
|
||||||
return status;
|
return status;
|
||||||
len = str - ((unsigned char *) stuff);
|
- len = str - ((unsigned char *) stuff);
|
||||||
if ((XkbPaddedSize(len) / 4) != stuff->length)
|
- if ((XkbPaddedSize(len) / 4) != stuff->length)
|
||||||
return BadLength;
|
- return BadLength;
|
||||||
-
|
|
||||||
+ }
|
+ }
|
||||||
|
|
||||||
CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
|
CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
|
||||||
CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
|
CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
|
||||||
|
|
||||||
--
|
--
|
||||||
2.33.0
|
cgit v1.2.1
|
||||||
|
|
||||||
46
backport-CVE-2022-3553.patch
Normal file
46
backport-CVE-2022-3553.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From dfd057996b26420309c324ec844a5ba6dd07eda3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
||||||
|
Date: Sat, 2 Jul 2022 14:17:18 -0700
|
||||||
|
Subject: xquartz: Fix a possible crash when editing the Application menu due
|
||||||
|
to mutaing immutable arrays
|
||||||
|
|
||||||
|
Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object
|
||||||
|
|
||||||
|
Application Specific Backtrace 0:
|
||||||
|
0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242
|
||||||
|
1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48
|
||||||
|
2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194
|
||||||
|
3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0
|
||||||
|
4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119
|
||||||
|
5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169
|
||||||
|
|
||||||
|
Fixes: https://github.com/XQuartz/XQuartz/issues/267
|
||||||
|
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
||||||
|
|
||||||
|
Conflict:NA
|
||||||
|
Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3
|
||||||
|
---
|
||||||
|
hw/xquartz/X11Controller.m | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m
|
||||||
|
index 3b55bb6a5..e9a939312 100644
|
||||||
|
--- a/hw/xquartz/X11Controller.m
|
||||||
|
+++ b/hw/xquartz/X11Controller.m
|
||||||
|
@@ -469,8 +469,11 @@ extern char *bundle_id_prefix;
|
||||||
|
self.table_apps = table_apps;
|
||||||
|
|
||||||
|
NSArray * const apps = self.apps;
|
||||||
|
- if (apps != nil)
|
||||||
|
- [table_apps addObjectsFromArray:apps];
|
||||||
|
+ if (apps != nil) {
|
||||||
|
+ for (NSArray <NSString *> * row in apps) {
|
||||||
|
+ [table_apps addObject:row.mutableCopy];
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
|
||||||
|
columns = [apps_table tableColumns];
|
||||||
|
[[columns objectAtIndex:0] setIdentifier:@"0"];
|
||||||
|
--
|
||||||
|
cgit v1.2.1
|
||||||
|
|
||||||
@ -283,7 +283,6 @@ include/xkb-config.h
|
|||||||
include/xorg-config.h
|
include/xorg-config.h
|
||||||
include/xorg-server.h
|
include/xorg-server.h
|
||||||
include/xwin-config.h
|
include/xwin-config.h
|
||||||
include/dix-config.h
|
|
||||||
mfb/mfbbltC.c
|
mfb/mfbbltC.c
|
||||||
mfb/mfbbltCI.c
|
mfb/mfbbltCI.c
|
||||||
mfb/mfbbltG.c
|
mfb/mfbbltG.c
|
||||||
|
|||||||
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
Name: xorg-x11-server
|
Name: xorg-x11-server
|
||||||
Version: 1.20.11
|
Version: 1.20.11
|
||||||
Release: 11
|
Release: 12
|
||||||
Summary: X.Org X11 X server
|
Summary: X.Org X11 X server
|
||||||
License: MIT and GPLv2
|
License: MIT and GPLv2
|
||||||
URL: https://www.x.org
|
URL: https://www.x.org
|
||||||
@ -89,10 +89,11 @@ Patch6004: backport-rename-bool-to-boolean.patch
|
|||||||
Patch6005: backport-0001-CVE-2022-2319.patch
|
Patch6005: backport-0001-CVE-2022-2319.patch
|
||||||
Patch6006: backport-0002-CVE-2022-2319.patch
|
Patch6006: backport-0002-CVE-2022-2319.patch
|
||||||
Patch6007: backport-CVE-2022-2320.patch
|
Patch6007: backport-CVE-2022-2320.patch
|
||||||
Patch6008: CVE-2022-3551.patch
|
Patch6008: backport-CVE-2022-3551.patch
|
||||||
%ifarch sw_64
|
%ifarch sw_64
|
||||||
Patch6009: xorg-server-1.20.11-sw.patch
|
Patch6009: xorg-server-1.20.11-sw.patch
|
||||||
%endif
|
%endif
|
||||||
|
Patch6010: backport-CVE-2022-3553.patch
|
||||||
|
|
||||||
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc
|
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc
|
||||||
BuildRequires: systemtap-sdt-devel libtool pkgconfig
|
BuildRequires: systemtap-sdt-devel libtool pkgconfig
|
||||||
@ -436,6 +437,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
|
|||||||
%{_mandir}/man*/*
|
%{_mandir}/man*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 18 2022 wangkerong <wangkerong@h-partners.com> -1.20.11-12
|
||||||
|
- fix CVE-2022-3551,CVE-2022-3553
|
||||||
|
|
||||||
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.20.11-11
|
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.20.11-11
|
||||||
- Add sw64 architecture
|
- Add sw64 architecture
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user