pool/xorg-x11-server
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xorg-x11-server/u_xorg-wrapper-Drop-supplemental-group-IDs.patch
Stefan Dirsch f15e897874 - U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch 
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
  * Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
  * Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
  * Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
  * Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
  * Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
  U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
  * Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
  * Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
  U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
  U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
  U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
  * Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=907
2025-02-25 18:04:55 +00:00

79 lines
2.8 KiB
Diff
Raw Blame History

From: Egbert Eich <eich@suse.de>
Date: Tue Apr 12 15:52:37 2016 +0200
Subject: [PATCH]xorg-wrapper: Drop supplemental group IDs
Patch-mainline: to be upstreamed
References:
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
hw/xfree86/xorg-wrapper.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
Index: xorg-server-1.20.5/hw/xfree86/xorg-wrapper.c
===================================================================
--- xorg-server-1.20.5.orig/hw/xfree86/xorg-wrapper.c
+++ xorg-server-1.20.5/hw/xfree86/xorg-wrapper.c
@@ -35,6 +35,8 @@
#include <string.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
+#include <pwd.h>
+#include <grp.h>
#ifdef HAVE_SYS_SYSMACROS_H
#include <sys/sysmacros.h>
#endif
@@ -255,6 +257,52 @@ int main(int argc, char *argv[])
if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) {
gid_t realgid = getgid();
uid_t realuid = getuid();
+ int ngroups = 0;
+ gid_t *groups = NULL;
+ long int initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ size_t len;
+ struct passwd result, *resultp;
+ char *buffer;
+ int e;
+
+ if (initlen == -1)
+ len = 1024;
+ else
+ len = (size_t) initlen;
+ if ((buffer = malloc(len)) < 0) {
+ fprintf(stderr, "%s: Could not allocate memory: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ }
+ if ((e = getpwuid_r(realuid, &result, buffer, len, &resultp)) > 0) {
+ fprintf(stderr, "%s: Could not get user name: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ } else if (resultp == NULL) {
+ fprintf(stderr, "%s: Could not find user name for UID %d\n",
+ progname, realuid);
+ exit (1);
+ }
+ if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) {
+ if ((groups = malloc(sizeof(gid_t) * ngroups)) == NULL) {
+ fprintf(stderr, "%s: Could not allocate memory: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ }
+ if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) {
+ fprintf(stderr, "%s: Could not get supplementary group list\n",
+ progname);
+ ngroups = 0;
+ }
+ }
+ if (setgroups(ngroups, groups) == -1) {
+ fprintf(stderr, "%s: Could not set groups: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ }
+ memset(buffer, 0, len);
+ free(buffer);
+ free(groups);
if (setresgid(-1, realgid, realgid) != 0) {
fprintf(stderr, "%s: Could not drop setgid privileges: %s\n",
Reference in New Issue View Git Blame Copy Permalink