From 7e474ca02163565a95e274fb7eb2434b36f10277 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AF=9B=E7=84=B1=E5=B9=B3?= Date: Fri, 18 Apr 2025 07:25:41 +0000 Subject: [PATCH 1/2] fix CVE-2022-49737 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 毛焱平 --- backport-CVE-2022-49737.patch | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 backport-CVE-2022-49737.patch diff --git a/backport-CVE-2022-49737.patch b/backport-CVE-2022-49737.patch new file mode 100644 index 0000000..9b0363e --- /dev/null +++ b/backport-CVE-2022-49737.patch @@ -0,0 +1,33 @@ +From 350ce9f0aff0278b6d3ad70415a11ff33b09afdf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 18 Apr 2025 10:17:34 +0800 +Subject: [PATCH] backport-CVE-2022-49737 + +--- + dix/devices.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/dix/devices.c b/dix/devices.c +index 0b3e7c4..7f0e741 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -2646,6 +2646,8 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master) + if (IsFloating(dev) && !master && dev->enabled) + return Success; + ++ input_lock(); ++ + /* free the existing sprite. */ + if (IsFloating(dev) && dev->spriteInfo->paired == dev) { + screen = miPointerGetScreen(dev); +@@ -2686,6 +2688,7 @@ AttachDevice(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr master) + RecalculateMasterButtons(master); + } + ++ input_unlock(); + /* XXX: in theory, the MD should change back to its old, original + * classes when the last SD is detached. Thanks to the XTEST devices, + * we'll always have an SD attached until the MD is removed. +-- +2.33.0 + -- Gitee From 6078f1e2f1b69d6fe0e34f2a83db11092b3e9364 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AF=9B=E7=84=B1=E5=B9=B3?= Date: Fri, 18 Apr 2025 07:28:02 +0000 Subject: [PATCH 2/2] fix CVE-2022-49737 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 毛焱平 --- xorg-x11-server.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 24a717e..032f425 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -16,7 +16,7 @@ Name: xorg-x11-server Version: 1.20.11 -Release: 37 +Release: 38 Summary: X.Org X11 X server License: MIT and GPLv2 URL: https://www.x.org @@ -140,6 +140,7 @@ Patch6053: backport-CVE-2025-26598.patch Patch6054: backport-CVE-2025-26599.patch Patch6055: backport-CVE-2025-26600.patch Patch6056: backport-CVE-2025-26601.patch +Patch6057: backport-CVE-2022-49737.patch BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc BuildRequires: systemtap-sdt-devel libtool pkgconfig @@ -481,6 +482,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man*/* %changelog +* Fri Apr 18 2025 maoyanping - 1.20.11-38 +- fix CVE-2022-49737 + * Sun Mar 09 2025 Funda Wang - 1.20.11-37 - fix CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599 -- Gitee