libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)

This commit is contained in:
Peter Hutterer 2020-08-26 09:08:09 +10:00
parent abe139c3ce
commit d75fa801ef
3 changed files with 6 additions and 69 deletions

View File

@ -1,52 +0,0 @@
From 4e08eddcbd4ce67fc3879ac9ed67a9c75ef99780 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 11 Dec 2019 14:12:27 +1000
Subject: [PATCH libX11] Handle ssharp in XConvertCase()
lowercase: LATIN SMALL LETTER SHARP S (U+00DF)
uppercase: LATIN CAPITAL LETTER SHARP S (U+1E9E)
The uppercase sharp s (XK_ssharp) is a relatively recent addition to unicode
but was added to the relevant keyboard layouts in xkeyboard-config-2.25
(d1411e5e95c)
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/issues/144
Alas, the CapsLock behavior was broken on the finnish layout (maybe others).
This was due to xkbcomp using XConvertCase() to determine whether a key
requires the type FOUR_LEVEL_ALPHABETIC or FOUR_LEVEL_SEMIALPHABETIC.
Let's make this function return the right lower/upper symbols for the sharp s
and hope that the world won't get any worse because of it.
https://gitlab.freedesktop.org/xorg/lib/libx11/issues/110
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
src/KeyBind.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/KeyBind.c b/src/KeyBind.c
index d7c78b37..225581ca 100644
--- a/src/KeyBind.c
+++ b/src/KeyBind.c
@@ -466,6 +466,8 @@ UCSConvertCase( register unsigned code,
*upper = 0x0178;
else if (code == 0x00b5) /* micro sign */
*upper = 0x039c;
+ else if (code == 0x00df) /* ssharp */
+ *upper = 0x1e9e;
return;
}
@@ -595,6 +597,8 @@ UCSConvertCase( register unsigned code,
}
else if (code == 0x1e9b)
*upper = 0x1e60;
+ else if (code == 0x1e9e)
+ *lower = XK_ssharp;
}
/* Greek Extended, U+1F00 to U+1FFF */
--
2.23.0

View File

@ -4,8 +4,8 @@
Summary: Core X11 protocol client library Summary: Core X11 protocol client library
Name: libX11 Name: libX11
Version: 1.6.9 Version: 1.6.12
Release: 5%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} Release: 1%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
License: MIT License: MIT
URL: http://www.x.org URL: http://www.x.org
@ -18,14 +18,6 @@ Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.
%endif %endif
Patch2: dont-forward-keycode-0.patch Patch2: dont-forward-keycode-0.patch
Patch3: 0001-Handle-ssharp-in-XConvertCase.patch
# CVE 2020-14344
Patch11: 0001-Fix-signed-length-values-in-_XimGetAttributeID.patch
Patch12: 0002-fix-integer-overflows-in-_XimAttributeToValue.patch
Patch13: 0003-Fix-more-unchecked-lengths.patch
Patch14: 0004-Zero-out-buffers-in-functions.patch
Patch15: 0005-Change-the-data_len-parameter-of-_XimAttributeToValu.patch
BuildRequires: xorg-x11-util-macros >= 1.11 BuildRequires: xorg-x11-util-macros >= 1.11
BuildRequires: pkgconfig(xproto) >= 7.0.15 BuildRequires: pkgconfig(xproto) >= 7.0.15
@ -64,12 +56,6 @@ libX11/libxcb interoperability library
%prep %prep
%setup -q -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}} %setup -q -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}}
%patch2 -p1 -b .dont-forward-keycode-0 %patch2 -p1 -b .dont-forward-keycode-0
%patch3 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%build %build
autoreconf -v --install --force autoreconf -v --install --force
@ -135,6 +121,9 @@ make %{?_smp_mflags} check
%{_mandir}/man5/*.5* %{_mandir}/man5/*.5*
%changelog %changelog
* Wed Aug 26 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.6.12-1
- libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
* Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.6.9-5 * Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.6.9-5
- Fix server reply validation issue in XIM (CVE 2020-14344) - Fix server reply validation issue in XIM (CVE 2020-14344)

View File

@ -1 +1 @@
SHA512 (libX11-1.6.9.tar.bz2) = fc18f0dc17ade1fc37402179f52e1f2b9c7b7d3a1a9590fea13046eb0c5193b4796289431cd99388eac01e8e59de77db45d2c9675d4f05ef8cf3ba6382c3dd31 SHA512 (libX11-1.6.12.tar.bz2) = 79df7d61d9009b0dd3b65f67a62189aa0a43799c01026b3d2d534092596a0b67f246af5e398a89eb1ccc61a27335f81be8262b8a39768a76f62d862cd7415a47