1
0

Accepting request 1060975 from X11:XOrg

- rename u_xorg-server-oob-read-enqueue-event.patch to 
  U_xorg-server-oob-read-enqueue-event.patch since it's already
  upstream

- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
  out-of-bounds read in EnqueueEvent.

OBS-URL: https://build.opensuse.org/request/show/1060975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=416
This commit is contained in:
Dominique Leuenberger 2023-01-26 12:57:05 +00:00 committed by Git OBS Bridge
commit d6612caf84
3 changed files with 45 additions and 3 deletions

View File

@ -0,0 +1,29 @@
From 2ef5ef57bd37a8bec2ac454053b283c6f87c3b40 Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@suse.com>
Date: Wed, 25 Jan 2023 02:02:48 +0000
Subject: [PATCH] dix: Use CopyPartialInternalEvent in EnqueueEvent
The event might be a DeviceEvent allocated on the stack, in
AccessXKeyboardEvent for instance. Fixes out-of-bounds read.
Signed-off-by: Mike Gorse <mgorse@suse.com>
---
dix/events.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dix/events.c b/dix/events.c
index 782ed35dc..86f5357e8 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1215,7 +1215,7 @@ EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
qe->pScreen = pSprite->hotPhys.pScreen;
qe->months = currentTime.months;
qe->event = (InternalEvent *) (qe + 1);
- memcpy(qe->event, event, eventlen);
+ CopyPartialInternalEvent(qe->event, (InternalEvent *)event);
xorg_list_append(&qe->next, &syncEvents.pending);
}
--
2.39.0

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Wed Jan 25 16:02:23 UTC 2023 - Stefan Dirsch <sndirsch@suse.com>
- rename u_xorg-server-oob-read-enqueue-event.patch to
U_xorg-server-oob-read-enqueue-event.patch since it's already
upstream
-------------------------------------------------------------------
Wed Jan 25 03:15:56 UTC 2023 - Michael Gorse <mgorse@suse.com>
- Add u_xorg-server-oob-read-enqueue-event.patch: fix an
out-of-bounds read in EnqueueEvent.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 19 19:54:11 UTC 2022 - dmueller@suse.com Mon Dec 19 19:54:11 UTC 2022 - dmueller@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package xorg-x11-server # spec file for package xorg-x11-server
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -207,9 +207,8 @@ Patch11: n_xorg-wrapper-rename-Xorg.patch
Patch12: n_xorg-wrapper-anybody.patch Patch12: n_xorg-wrapper-anybody.patch
Patch100: u_01-Improved-ConfineToShape.patch Patch100: u_01-Improved-ConfineToShape.patch
Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
# PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions
Patch104: u_xorg-server-xdmcp.patch Patch104: u_xorg-server-xdmcp.patch
Patch105: U_xorg-server-oob-read-enqueue-event.patch
Patch117: xorg-x11-server-byte-order.patch Patch117: xorg-x11-server-byte-order.patch
@ -371,6 +370,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%patch100 -p1 %patch100 -p1
#%patch101 -p1 #%patch101 -p1
%patch104 -p1 %patch104 -p1
%patch105 -p1
%patch117 -p1 %patch117 -p1
%patch160 -p1 %patch160 -p1
%patch208 -p1 %patch208 -p1