Sync from SUSE:SLFO:Main xwayland revision d08466c3d9d84d71d1b8748e1e9d6311

2024-11-12 12:21:28 +01:00 · 2024-11-12 12:21:28 +01:00 · fa4ff89b60
commit fa4ff89b60
parent e16a4b50fe
3 changed files with 33 additions and 0 deletions
--- a/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
+++ b/U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
@ -0,0 +1,25 @@
+@@ -, +, @@ 
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+--- a/xkb/xkb.c	
+++ a/xkb/xkb.c	
+@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+ 
+-        if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
+-            compat->num_si = req->firstSI + req->nSI;
+        if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+            compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-                                                 compat->num_si,
+                                                 compat->size_si,
+                                                  sizeof(XkbSymInterpretRec));
+             if (!compat->sym_interpret) {
+-                compat->num_si = 0;
+                compat->num_si = compat->size_si = 0;
+                 return BadAlloc;
+             }
+         }
+-- 
--- a/xwayland.changes
+++ b/xwayland.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat Oct 19 21:26:32 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
+
+- U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
+  * Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
+    (CVE-2024-9632, bsc#1231565)
+
 -------------------------------------------------------------------
 Wed Apr 10 13:50:16 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>

--- a/xwayland.spec
+++ b/xwayland.spec
@ -37,6 +37,7 @@ Patch1222309:   U_CVE-2024-31080-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapp
 Patch1222310:   U_CVE-2024-31081-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
 Patch1222312:   U_CVE-2024-31083-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
 Patch1222442:   U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
+Patch1231565:   U_xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
 BuildRequires:  meson
 BuildRequires:  ninja
 BuildRequires:  pkgconfig