Sync from SUSE:ALP:Source:Standard:1.0 xorg-x11-server revision 0c31833553c9a900f1667126355be0b6

2024-12-05 14:19:29 +01:00 · 2024-12-05 14:19:29 +01:00 · d7ab1031b4
commit d7ab1031b4
parent 27d5552db2
3 changed files with 36 additions and 0 deletions
--- a/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
+++ b/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
@ -0,0 +1,25 @@
+@@ -, +, @@ 
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+--- a/xkb/xkb.c	
+++ a/xkb/xkb.c	
+@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+ 
+-        if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
+-            compat->num_si = req->firstSI + req->nSI;
+        if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+            compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-                                                 compat->num_si,
+                                                 compat->size_si,
+                                                  sizeof(XkbSymInterpretRec));
+             if (!compat->sym_interpret) {
+-                compat->num_si = 0;
+                compat->num_si = compat->size_si = 0;
+                 return BadAlloc;
+             }
+         }
+-- 
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat Oct 19 22:35:02 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
+
+- U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
+  * Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
+    (CVE-2024-9632, bsc#1231565)
+
 -------------------------------------------------------------------
 Mon Feb 12 09:58:50 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>

--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@ -241,6 +241,8 @@ Patch1960:      u_sync-pci-ids-with-Mesa.patch

 Patch1218176:   u_miCloseScreen_check_for_null_pScreen_dev_private.patch

+Patch1231565:   U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
+
 %description
 This package contains the X.Org Server.

@ -398,6 +400,8 @@ sh %{SOURCE92} --verify . %{SOURCE91}

 %patch1218176 -p1

+%patch1231565 -p1
+
 %build
 # We have some -z now related errors during X default startup (boo#1197994):
 # - when loading modesetting: gbm_bo_get_plane_count