!3 xorg-x11-server： bugfix about CVE-2018-20839.patch

Merge pull request !3 from openeuler-net/init
2020-01-03 10:39:40 +08:00 · 2020-01-03 10:39:40 +08:00 · fa566881aa
commit fa566881aa
parent a3f655e157 1c2aadf682
2 changed files with 119 additions and 1 deletions
--- a/xorg-s11-server-CVE-2018-20839.patch
+++ b/xorg-s11-server-CVE-2018-20839.patch
@ -0,0 +1,111 @@
+From 53bea0794281173dacf1511664779b3dcdbafa7b Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 23 Jul 2019 10:32:11 +1000
+Subject: [PATCH] xfree86: always call KDSKBMODE on vt enter with logind
+
+Where we're running with systemd-logind integration we have to assume that
+logind may change the KDSKBMODE while we're VT-switched away. If that happens
+and we return, our keyboard input may leak to the console.
+
+Fix this by always calling K_OFF/K_RAW on VT switch back. We don't update
+the current settings though, so on shutdown we will restore to settings we had
+on init. Given the assumption is that if something messes with our vt, it will
+mess again anyway, it's not worth the bother.
+
+Fixes #857
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ hw/xfree86/os-support/linux/linux.h          |  1 +
+ hw/xfree86/os-support/linux/lnx_init.c       | 44 ++++++++++++++------
+ hw/xfree86/os-support/linux/systemd-logind.c |  2 +
+ 3 files changed, 34 insertions(+), 13 deletions(-)
+
+diff --git a/hw/xfree86/os-support/linux/linux.h b/hw/xfree86/os-support/linux/linux.h
+index 83506fd38..7c9dd67bc 100644
+--- a/hw/xfree86/os-support/linux/linux.h
+++ b/hw/xfree86/os-support/linux/linux.h
+@@ -28,5 +28,6 @@
+ 
+ int linux_parse_vt_settings(int may_fail);
+ int linux_get_keeptty(void);
+void linux_block_tty_kbd(void);
+ 
+ #endif
+diff --git a/hw/xfree86/os-support/linux/lnx_init.c b/hw/xfree86/os-support/linux/lnx_init.c
+index 111b3b4e4..fcf575149 100644
+--- a/hw/xfree86/os-support/linux/lnx_init.c
+++ b/hw/xfree86/os-support/linux/lnx_init.c
+@@ -169,6 +169,36 @@ linux_get_keeptty(void)
+     return KeepTty;
+ }
+ 
+void
+linux_block_tty_kbd(void)
+{
+    static Bool first_time = TRUE;
+    int ret;
+
+    if (xf86Info.ShareVTs)
+        return;
+
+    /* disable kernel special keys and buffering */
+    SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_OFF));
+    if (ret < 0)
+    {
+        /* fine, just disable special keys */
+        SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_RAW));
+        if (ret < 0)
+            FatalError("xf86OpenConsole: KDSKBMODE K_RAW failed %s\n",
+                       strerror(errno));
+
+        /* ... and drain events, else the kernel gets angry. This
+         * is only necessary once on init but not after every VT switch.
+         */
+        if (first_time)
+        {
+            xf86SetConsoleHandler(drain_console, NULL);
+            first_time = FALSE;
+        }
+    }
+}
+
+ void
+ xf86OpenConsole(void)
+ {
+@@ -258,19 +288,7 @@ xf86OpenConsole(void)
+             tcgetattr(xf86Info.consoleFd, &tty_attr);
+             SYSCALL(ioctl(xf86Info.consoleFd, KDGKBMODE, &tty_mode));
+ 
+-            /* disable kernel special keys and buffering */
+-            SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_OFF));
+-            if (ret < 0)
+-            {
+-                /* fine, just disable special keys */
+-                SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSKBMODE, K_RAW));
+-                if (ret < 0)
+-                    FatalError("xf86OpenConsole: KDSKBMODE K_RAW failed %s\n",
+-                               strerror(errno));
+-
+-                /* ... and drain events, else the kernel gets angry */
+-                xf86SetConsoleHandler(drain_console, NULL);
+-            }
+            linux_block_tty_kbd();
+ 
+             nTty = tty_attr;
+             nTty.c_iflag = (IGNPAR | IGNBRK) & (~PARMRK) & (~ISTRIP);
+diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c
+index 93428ba73..577548e44 100644
+--- a/hw/xfree86/os-support/linux/systemd-logind.c
+++ b/hw/xfree86/os-support/linux/systemd-logind.c
+@@ -255,6 +255,8 @@ systemd_logind_vtenter(void)
+     xf86VTEnter();
+     info->vt_active = TRUE;
+ 
+    linux_block_tty_kbd();
+
+     /* Activate any input devices which were resumed before the drm nodes */
+     for (pInfo = xf86InputDevs; pInfo; pInfo = pInfo->next)
+         if ((pInfo->flags & XI86_SERVER_FD) && pInfo->fd != -1)
+-- 
+2.22.2
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@ -16,7 +16,7 @@

 Name:           xorg-x11-server
 Version:        1.20.1
-Release:        11
+Release:        12
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@ -54,6 +54,7 @@ Patch10:        0001-glx-check-for-indirect-context-in-CreateContextAttri.patch

 Patch6000:      0026-glamor_egl-Don-t-initialize-on-llvmpipe.patch
 Patch6001:      0027-glamor-egl-Avoid-crashing-on-broken-configurations.patch
+Patch6003:	xorg-s11-server-CVE-2018-20839.patch

 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig xorg-x11-util-macros xorg-x11-proto-devel
@ -288,6 +289,12 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_libdir}/xorg/protocol.txt

 %changelog
+* Thu Jan 3 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.20.1-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:bugfix about CVE-2018-20839.patch
+
 * Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.20.1-11
 - Type:bugfix
 - ID:NA