From 4ee2e4ff29cd84397c6fe176be8e23f610267742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AF=9B=E7=84=B1=E5=B9=B3?= Date: Fri, 18 Apr 2025 02:39:51 +0000 Subject: [PATCH 1/2] fix CVE-2022-49737 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reference:https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0 Signed-off-by: 毛焱平 --- backport-CVE-2022-49737.patch | 33 +++++++++++++++++++++++++++++++++ xorg-x11-server.spec | 6 +++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2022-49737.patch diff --git a/backport-CVE-2022-49737.patch b/backport-CVE-2022-49737.patch new file mode 100644 index 0000000..8f6939a --- /dev/null +++ b/backport-CVE-2022-49737.patch @@ -0,0 +1,33 @@ +From 350ce9f0aff0278b6d3ad70415a11ff33b09afdf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 18 Apr 2025 10:17:34 +0800 +Subject: [PATCH] backport-CVE-2022-49737 + +--- + dix/devices.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/dix/devices.c b/dix/devices.c +index 0b3e7c4..7f0e741 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -2646,6 +2646,8 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master) + if (IsFloating(dev) && !master && dev->enabled) + return Success; + ++ input_lock(); ++ + /* free the existing sprite. */ + if (IsFloating(dev) && dev->spriteInfo->paired == dev) { + screen = miPointerGetScreen(dev); +@@ -2686,6 +2688,7 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master) + RecalculateMasterButtons(master); + } + ++ input_unlock(); + /* XXX: in theory, the MD should change back to its old, original + * classes when the last SD is detached. Thanks to the XTEST devices, + * we'll always have an SD attached until the MD is removed. +-- +2.33.0 + diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 24a717e..032f425 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -16,7 +16,7 @@ Name: xorg-x11-server Version: 1.20.11 -Release: 37 +Release: 38 Summary: X.Org X11 X server License: MIT and GPLv2 URL: https://www.x.org @@ -140,6 +140,7 @@ Patch6053: backport-CVE-2025-26598.patch Patch6054: backport-CVE-2025-26599.patch Patch6055: backport-CVE-2025-26600.patch Patch6056: backport-CVE-2025-26601.patch +Patch6057: backport-CVE-2022-49737.patch BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc BuildRequires: systemtap-sdt-devel libtool pkgconfig @@ -481,6 +482,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man*/* %changelog +* Fri Apr 18 2025 maoyanping - 1.20.11-38 +- fix CVE-2022-49737 + * Sun Mar 09 2025 Funda Wang - 1.20.11-37 - fix CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599 -- Gitee From ef5c58a97f9b817dd3ed48742c1984a13b8408c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AF=9B=E7=84=B1=E5=B9=B3?= Date: Fri, 18 Apr 2025 03:11:57 +0000 Subject: [PATCH 2/2] update backport-CVE-2022-49737.patch. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 毛焱平 --- backport-CVE-2022-49737.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/backport-CVE-2022-49737.patch b/backport-CVE-2022-49737.patch index 8f6939a..3a5088c 100644 --- a/backport-CVE-2022-49737.patch +++ b/backport-CVE-2022-49737.patch @@ -13,8 +13,8 @@ index 0b3e7c4..7f0e741 100644 +++ b/dix/devices.c @@ -2646,6 +2646,8 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master) if (IsFloating(dev) && !master && dev->enabled) - return Success; - + return Success; + + input_lock(); + /* free the existing sprite. */ @@ -22,8 +22,8 @@ index 0b3e7c4..7f0e741 100644 screen = miPointerGetScreen(dev); @@ -2686,6 +2688,7 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master) RecalculateMasterButtons(master); - } - + } + + input_unlock(); /* XXX: in theory, the MD should change back to its old, original * classes when the last SD is detached. Thanks to the XTEST devices, -- Gitee