wok-current diff xorg-server/stuff/CVE-2024-0409.patch @ rev 25672
patch tazpkg, upgrade core pkgs first
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Sun Mar 03 17:58:42 2024 +0000 (6 months ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/xorg-server/stuff/CVE-2024-0409.patch Sun Mar 03 17:58:42 2024 +0000 1.3 @@ -0,0 +1,56 @@ 1.4 +From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001 1.5 +From: Olivier Fourdan <ofourdan@redhat.com> 1.6 +Date: Wed, 6 Dec 2023 11:51:56 +0100 1.7 +Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor 1.8 + 1.9 +The cursor in DIX is actually split in two parts, the cursor itself and 1.10 +the cursor bits, each with their own devPrivates. 1.11 + 1.12 +The cursor itself includes the cursor bits, meaning that the cursor bits 1.13 +devPrivates in within structure of the cursor. 1.14 + 1.15 +Both Xephyr and Xwayland were using the private key for the cursor bits 1.16 +to store the data for the cursor, and when using XSELINUX which comes 1.17 +with its own special devPrivates, the data stored in that cursor bits' 1.18 +devPrivates would interfere with the XSELINUX devPrivates data and the 1.19 +SELINUX security ID would point to some other unrelated data, causing a 1.20 +crash in the XSELINUX code when trying to (re)use the security ID. 1.21 + 1.22 +CVE-2024-0409 1.23 + 1.24 +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> 1.25 +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> 1.26 +--- 1.27 + hw/kdrive/ephyr/ephyrcursor.c | 2 +- 1.28 + hw/xwayland/xwayland-cursor.c | 2 +- 1.29 + 2 files changed, 2 insertions(+), 2 deletions(-) 1.30 + 1.31 +diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c 1.32 +index f991899c50..3f192d034a 100644 1.33 +--- a/hw/kdrive/ephyr/ephyrcursor.c 1.34 ++++ b/hw/kdrive/ephyr/ephyrcursor.c 1.35 +@@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = { 1.36 + Bool 1.37 + ephyrCursorInit(ScreenPtr screen) 1.38 + { 1.39 +- if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS, 1.40 ++ if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR, 1.41 + sizeof(ephyrCursorRec))) 1.42 + return FALSE; 1.43 + 1.44 +diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c 1.45 +index e3c1aaa50c..bd94b0cfbb 100644 1.46 +--- a/hw/xwayland/xwayland-cursor.c 1.47 ++++ b/hw/xwayland/xwayland-cursor.c 1.48 +@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = { 1.49 + Bool 1.50 + xwl_screen_init_cursor(struct xwl_screen *xwl_screen) 1.51 + { 1.52 +- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0)) 1.53 ++ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0)) 1.54 + return FALSE; 1.55 + 1.56 + return miPointerInitialize(xwl_screen->screen, 1.57 +-- 1.58 +GitLab 1.59 +