diff --git a/CVE-2022-3551.patch b/backport-CVE-2022-3551.patch similarity index 66% rename from CVE-2022-3551.patch rename to backport-CVE-2022-3551.patch index 6d7116f35c95f116d162210da36396283be4d905..40270f9b446fcbb7a6fdef2b59da52117622971d 100644 --- a/CVE-2022-3551.patch +++ b/backport-CVE-2022-3551.patch @@ -1,21 +1,24 @@ -From d7ac1fb14657f278fcc32863aa99eb32a2069d58 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 24 Oct 2022 17:06:15 +0800 -Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName +From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Wed, 13 Jul 2022 11:23:09 +1000 +Subject: xkb: fix some possible memleaks in XkbGetKbdByName GetComponentByName returns an allocated string, so let's free that if we fail somewhere. -Signed-off-by: Peter Hutterer's avatarPeter Hutterer +Signed-off-by: Peter Hutterer + +Conflict:NA +Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2 --- - xkb/xkb.c | 24 ++++++++++++++++++++---- - 1 file changed, 20 insertions(+), 4 deletions(-) + xkb/xkb.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/xkb/xkb.c b/xkb/xkb.c -index 4dccc62..123671a 100644 +index 4692895db..b79a269e3 100644 --- a/xkb/xkb.c +++ b/xkb/xkb.c -@@ -5936,19 +5936,35 @@ ProcXkbGetKbdByName(ClientPtr client) +@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) xkb = dev->key->xkbInfo->desc; status = Success; str = (unsigned char *) &stuff[1]; @@ -47,14 +50,13 @@ index 4dccc62..123671a 100644 + free(names.symbols); + free(names.geometry); return status; - len = str - ((unsigned char *) stuff); - if ((XkbPaddedSize(len) / 4) != stuff->length) - return BadLength; -- +- len = str - ((unsigned char *) stuff); +- if ((XkbPaddedSize(len) / 4) != stuff->length) +- return BadLength; + } + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); - -- -2.33.0 +cgit v1.2.1 diff --git a/backport-CVE-2022-3553.patch b/backport-CVE-2022-3553.patch new file mode 100644 index 0000000000000000000000000000000000000000..19b3c8808094fcd970bd600179b6e0491e573db2 --- /dev/null +++ b/backport-CVE-2022-3553.patch @@ -0,0 +1,46 @@ +From dfd057996b26420309c324ec844a5ba6dd07eda3 Mon Sep 17 00:00:00 2001 +From: Jeremy Huddleston Sequoia +Date: Sat, 2 Jul 2022 14:17:18 -0700 +Subject: xquartz: Fix a possible crash when editing the Application menu due + to mutaing immutable arrays + +Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object + +Application Specific Backtrace 0: +0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242 +1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48 +2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194 +3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0 +4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119 +5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169 + +Fixes: https://github.com/XQuartz/XQuartz/issues/267 +Signed-off-by: Jeremy Huddleston Sequoia + +Conflict:NA +Reference:https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3 +--- + hw/xquartz/X11Controller.m | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m +index 3b55bb6a5..e9a939312 100644 +--- a/hw/xquartz/X11Controller.m ++++ b/hw/xquartz/X11Controller.m +@@ -469,8 +469,11 @@ extern char *bundle_id_prefix; + self.table_apps = table_apps; + + NSArray * const apps = self.apps; +- if (apps != nil) +- [table_apps addObjectsFromArray:apps]; ++ if (apps != nil) { ++ for (NSArray * row in apps) { ++ [table_apps addObject:row.mutableCopy]; ++ } ++ } + + columns = [apps_table tableColumns]; + [[columns objectAtIndex:0] setIdentifier:@"0"]; +-- +cgit v1.2.1 + diff --git a/gitignore b/gitignore index cd3b1d27a5ccd3aa4aea5a4fd21c1780be4e71ed..524cfc63b0c8ff3a6b0067aed51ce27e2dbf4ebb 100644 --- a/gitignore +++ b/gitignore @@ -283,7 +283,6 @@ include/xkb-config.h include/xorg-config.h include/xorg-server.h include/xwin-config.h -include/dix-config.h mfb/mfbbltC.c mfb/mfbbltCI.c mfb/mfbbltG.c diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 105e38ee218e2d1c969512aa5dcc390ca4eef026..37b0da7d954303086e8f7fb731dcdfc26187f06b 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -16,7 +16,7 @@ Name: xorg-x11-server Version: 1.20.11 -Release: 11 +Release: 12 Summary: X.Org X11 X server License: MIT and GPLv2 URL: https://www.x.org @@ -89,10 +89,11 @@ Patch6004: backport-rename-bool-to-boolean.patch Patch6005: backport-0001-CVE-2022-2319.patch Patch6006: backport-0002-CVE-2022-2319.patch Patch6007: backport-CVE-2022-2320.patch -Patch6008: CVE-2022-3551.patch +Patch6008: backport-CVE-2022-3551.patch %ifarch sw_64 Patch6009: xorg-server-1.20.11-sw.patch %endif +Patch6010: backport-CVE-2022-3553.patch BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc BuildRequires: systemtap-sdt-devel libtool pkgconfig @@ -436,6 +437,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man*/* %changelog +* Fri Nov 18 2022 wangkerong -1.20.11-12 +- fix CVE-2022-3551,CVE-2022-3553 + * Wed Oct 26 2022 wuzx - 1.20.11-11 - Add sw64 architecture