diff --git a/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch b/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch new file mode 100644 index 0000000..f1cdf9c --- /dev/null +++ b/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch @@ -0,0 +1,25 @@ +@@ -, +, @@ +--- + xkb/xkb.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) +--- a/xkb/xkb.c ++++ a/xkb/xkb.c +@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev, + XkbSymInterpretPtr sym; + unsigned int skipped = 0; + +- if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) { +- compat->num_si = req->firstSI + req->nSI; ++ if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) { ++ compat->num_si = compat->size_si = req->firstSI + req->nSI; + compat->sym_interpret = reallocarray(compat->sym_interpret, +- compat->num_si, ++ compat->size_si, + sizeof(XkbSymInterpretRec)); + if (!compat->sym_interpret) { +- compat->num_si = 0; ++ compat->num_si = compat->size_si = 0; + return BadAlloc; + } + } +-- diff --git a/xwayland.changes b/xwayland.changes index 64c917f..bc20846 100644 --- a/xwayland.changes +++ b/xwayland.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Oct 19 21:57:59 UTC 2024 - Stefan Dirsch + +- U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch + * Heap-based buffer overflow privilege escalation in _XkbSetCompatMap + (CVE-2024-9632, bsc#1231565) + ------------------------------------------------------------------- Wed Jan 17 10:20:50 UTC 2024 - Stefan Dirsch diff --git a/xwayland.spec b/xwayland.spec index 03e2a93..de54872 100644 --- a/xwayland.spec +++ b/xwayland.spec @@ -33,6 +33,7 @@ Group: System/X11/Servers/XF86_4 Source0: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz Source1: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig Source2: xwayland.keyring +Patch1231565: U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch BuildRequires: meson BuildRequires: ninja BuildRequires: pkgconfig