import libX11-1.6.8-4.el8
This commit is contained in:
		
							parent
							
								
									77b3927063
								
							
						
					
					
						commit
						af1ec27069
					
				
							
								
								
									
										37
									
								
								SOURCES/0001-Fix-an-integer-overflow-in-init_om.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								SOURCES/0001-Fix-an-integer-overflow-in-init_om.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | ||||
| From 2c67fab8415a1d32395de87f056bc5f3b37fedb0 Mon Sep 17 00:00:00 2001 | ||||
| From: Matthieu Herrb <matthieu@herrb.eu> | ||||
| Date: Thu, 13 Aug 2020 18:02:58 +0200 | ||||
| Subject: [PATCH] Fix an integer overflow in init_om() | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| CVE-2020-14363 | ||||
| 
 | ||||
| This can lead to a double free later, as reported by Jayden Rivers. | ||||
| 
 | ||||
| Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> | ||||
| 
 | ||||
| (cherry picked from commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d) | ||||
| Signed-off-by: Michel Dänzer <mdaenzer@redhat.com> | ||||
| ---
 | ||||
|  modules/om/generic/omGeneric.c | 3 ++- | ||||
|  1 file changed, 2 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
 | ||||
| index 22f826ec..bcfb9ab8 100644
 | ||||
| --- a/modules/om/generic/omGeneric.c
 | ||||
| +++ b/modules/om/generic/omGeneric.c
 | ||||
| @@ -1908,7 +1908,8 @@ init_om(
 | ||||
|      char **required_list; | ||||
|      XOrientation *orientation; | ||||
|      char **value, buf[BUFSIZ], *bufptr; | ||||
| -    int count = 0, num = 0, length = 0;
 | ||||
| +    int count = 0, num = 0;
 | ||||
| +    unsigned int length = 0;
 | ||||
|   | ||||
|      _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count); | ||||
|      if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) | ||||
| -- 
 | ||||
| 2.28.0 | ||||
| 
 | ||||
| @ -5,7 +5,7 @@ | ||||
| Summary: Core X11 protocol client library | ||||
| Name: libX11 | ||||
| Version: 1.6.8 | ||||
| Release: 3%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} | ||||
| Release: 4%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} | ||||
| License: MIT | ||||
| Group: System Environment/Libraries | ||||
| URL: http://www.x.org | ||||
| @ -22,6 +22,9 @@ Patch2: dont-forward-keycode-0.patch | ||||
| Patch3: 0001-Fix-XTS-regression-in-XCopyColormapAndFree.patch | ||||
| Patch4: 0001-Fix-poll_for_response-race-condition.patch | ||||
| 
 | ||||
| # CVE-2020-14363 | ||||
| Patch5: 0001-Fix-an-integer-overflow-in-init_om.patch | ||||
| 
 | ||||
| BuildRequires: xorg-x11-util-macros >= 1.11 | ||||
| BuildRequires: pkgconfig(xproto) >= 7.0.15 | ||||
| BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-4 | ||||
| @ -64,6 +67,7 @@ libX11/libxcb interoperability library | ||||
| %patch2 -p1 -b .dont-forward-keycode-0 | ||||
| %patch3 -p1 -b .copycolormapandfree | ||||
| %patch4 -p1 -b .race | ||||
| %patch5 -p1 -b .fix-an-integer-overflow-in-init_om | ||||
| 
 | ||||
| %build | ||||
| autoreconf -v --install --force | ||||
| @ -128,6 +132,9 @@ make %{?_smp_mflags} check | ||||
| %{_mandir}/man5/*.5* | ||||
| 
 | ||||
| %changelog | ||||
| * Tue Nov  3 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.6.8-4 | ||||
| - Fix CVE-2020-14363 (#1873923) | ||||
| 
 | ||||
| * Mon Feb 24 2020 Adam Jackson <ajax@redhat.com> - 1.6.8-3 | ||||
| - Fix race condition in poll_for_reponse | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user