packages/xorg-x11-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 xorg-x11-server: bugfix about CVE-2018-20839.patch

Browse Source 
Merge pull request !3 from openeuler-net/init
This commit is contained in:
openeuler-ci-bot 2020-01-03 10:39:40 +08:00 committed by Gitee
commit fa566881aa
2 changed files with 119 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
xorg-s11-server-CVE-2018-20839.patch Normal file
View File

@ -0,0 +1,111 @@
From 53bea0794281173dacf1511664779b3dcdbafa7b Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 23 Jul 2019 10:32:11 +1000
Subject: [PATCH] xfree86: always call KDSKBMODE on vt enter with logind
Where we're running with systemd-logind integration we have to assume that
logind may change the KDSKBMODE while we're VT-switched away. If that happens
and we return, our keyboard input may leak to the console.
Fix this by always calling K_OFF/K_RAW on VT switch back. We don't update
the current settings though, so on shutdown we will restore to settings we had
on init. Given the assumption is that if something messes with our vt, it will
mess again anyway, it's not worth the bother.
Fixes #857
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
hw/xfree86/os-support/linux/linux.h | 1 +
hw/xfree86/os-support/linux/lnx_init.c | 44 ++++++++++++++------
hw/xfree86/os-support/linux/systemd-logind.c | 2 +
3 files changed, 34 insertions(+), 13 deletions(-)
diff --git a/hw/xfree86/os-support/linux/linux.h b/hw/xfree86/os-support/linux/linux.h
index 83506fd38..7c9dd67bc 100644
--- a/hw/xfree86/os-support/linux/linux.h
+++ b/hw/xfree86/os-support/linux/linux.h
@@ -28,5 +28,6 @@
int linux_parse_vt_settings(int may_fail);
int linux_get_keeptty(void);
+void linux_block_tty_kbd(void);
#endif
diff --git a/hw/xfree86/os-support/linux/lnx_init.c b/hw/xfree86/os-support/linux/lnx_init.c
index 111b3b4e4..fcf575149 100644
--- a/hw/xfree86/os-support/linux/lnx_init.c
+++ b/hw/xfree86/os-support/linux/lnx_init.c
@@ -169,6 +169,36 @@ linux_get_keeptty(void)
return KeepTty;
}
+void
+linux_block_tty_kbd(void)
+{
+ static Bool first_time = TRUE;
+ int ret;
+
+ if (xf86Info.ShareVTs)
+ return;
+
+ /* disable kernel special keys and buffering */
+ SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_OFF));
+ if (ret < 0)
+ {
+ /* fine, just disable special keys */
+ SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_RAW));
+ if (ret < 0)
+ FatalError("xf86OpenConsole: KDSKBMODE K_RAW failed %s\n",
+ strerror(errno));
+
+ /* ... and drain events, else the kernel gets angry. This
+ * is only necessary once on init but not after every VT switch.
+ */
+ if (first_time)
+ {
+ xf86SetConsoleHandler(drain_console, NULL);
+ first_time = FALSE;
+ }
+ }
+}
+
void
xf86OpenConsole(void)
{
@@ -258,19 +288,7 @@ xf86OpenConsole(void)
tcgetattr(xf86Info.consoleFd, &tty_attr);
SYSCALL(ioctl(xf86Info.consoleFd, KDGKBMODE, &tty_mode));
- /* disable kernel special keys and buffering */
- SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_OFF));
- if (ret < 0)
- {
- /* fine, just disable special keys */
- SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_RAW));
- if (ret < 0)
- FatalError("xf86OpenConsole: KDSKBMODE K_RAW failed %s\n",
- strerror(errno));
-
- /* ... and drain events, else the kernel gets angry */
- xf86SetConsoleHandler(drain_console, NULL);
- }
+ linux_block_tty_kbd();
nTty = tty_attr;
nTty.c_iflag = (IGNPAR | IGNBRK) & (~PARMRK) & (~ISTRIP);
diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c
index 93428ba73..577548e44 100644
--- a/hw/xfree86/os-support/linux/systemd-logind.c
+++ b/hw/xfree86/os-support/linux/systemd-logind.c
@@ -255,6 +255,8 @@ systemd_logind_vtenter(void)
xf86VTEnter();
info->vt_active = TRUE;
+ linux_block_tty_kbd();
+
/* Activate any input devices which were resumed before the drm nodes */
for (pInfo = xf86InputDevs; pInfo; pInfo = pInfo->next)
if ((pInfo->flags & XI86_SERVER_FD) && pInfo->fd != -1)
--
2.22.2

9
xorg-x11-server.spec
View File

@ -16,7 +16,7 @@
Name: xorg-x11-server Name: xorg-x11-server
Version: 1.20.1 Version: 1.20.1
Release: 11 Release: 12
Summary: X.Org X11 X server Summary: X.Org X11 X server
License: MIT and GPLv2 License: MIT and GPLv2
URL: https://www.x.org URL: https://www.x.org
@ -54,6 +54,7 @@ Patch10: 0001-glx-check-for-indirect-context-in-CreateContextAttri.patch
Patch6000: 0026-glamor_egl-Don-t-initialize-on-llvmpipe.patch Patch6000: 0026-glamor_egl-Don-t-initialize-on-llvmpipe.patch
Patch6001: 0027-glamor-egl-Avoid-crashing-on-broken-configurations.patch Patch6001: 0027-glamor-egl-Avoid-crashing-on-broken-configurations.patch
Patch6003: xorg-s11-server-CVE-2018-20839.patch
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git
BuildRequires: systemtap-sdt-devel libtool pkgconfig xorg-x11-util-macros xorg-x11-proto-devel BuildRequires: systemtap-sdt-devel libtool pkgconfig xorg-x11-util-macros xorg-x11-proto-devel
@ -288,6 +289,12 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%{_libdir}/xorg/protocol.txt %{_libdir}/xorg/protocol.txt
%changelog %changelog
* Thu Jan 3 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.20.1-12
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:bugfix about CVE-2018-20839.patch
* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.20.1-11 * Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.20.1-11
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA