import tigervnc-1.12.0-5.el9_1.1
This commit is contained in:
parent
c745c7318a
commit
c554d472c6
@ -0,0 +1,35 @@
|
|||||||
|
From 7150ba655c0cc08fa6ded309b81265bb672f2869 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
|
Date: Wed, 25 Jan 2023 11:41:40 +1000
|
||||||
|
Subject: [PATCH xserver] Xi: fix potential use-after-free in
|
||||||
|
DeepCopyPointerClasses
|
||||||
|
|
||||||
|
CVE-2023-0494, ZDI-CAN 19596
|
||||||
|
|
||||||
|
This vulnerability was discovered by:
|
||||||
|
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||||
|
|
||||||
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
|
---
|
||||||
|
Xi/exevents.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Xi/exevents.c b/Xi/exevents.c
|
||||||
|
index 217baa9561..dcd4efb3bc 100644
|
||||||
|
--- a/Xi/exevents.c
|
||||||
|
+++ b/Xi/exevents.c
|
||||||
|
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
|
||||||
|
memcpy(to->button->xkb_acts, from->button->xkb_acts,
|
||||||
|
sizeof(XkbAction));
|
||||||
|
}
|
||||||
|
- else
|
||||||
|
+ else {
|
||||||
|
free(to->button->xkb_acts);
|
||||||
|
+ to->button->xkb_acts = NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
memcpy(to->button->labels, from->button->labels,
|
||||||
|
from->button->numButtons * sizeof(Atom));
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: tigervnc
|
Name: tigervnc
|
||||||
Version: 1.12.0
|
Version: 1.12.0
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}.1
|
||||||
Summary: A TigerVNC remote display system
|
Summary: A TigerVNC remote display system
|
||||||
|
|
||||||
%global _hardened_build 1
|
%global _hardened_build 1
|
||||||
@ -35,6 +35,9 @@ Patch100: tigervnc-xserver120.patch
|
|||||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||||
Patch101: 0001-rpath-hack.patch
|
Patch101: 0001-rpath-hack.patch
|
||||||
|
|
||||||
|
# CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
|
||||||
|
Patch110: xorg-x11-server-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
|
BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
|
||||||
@ -158,6 +161,7 @@ for all in `find . -type f -perm -001`; do
|
|||||||
done
|
done
|
||||||
%patch100 -p1 -b .xserver120-rebased
|
%patch100 -p1 -b .xserver120-rebased
|
||||||
%patch101 -p1 -b .rpath
|
%patch101 -p1 -b .rpath
|
||||||
|
%patch110 -p1 -b .Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
|
||||||
popd
|
popd
|
||||||
|
|
||||||
%patch1 -p1 -b .use-gnome-as-default-session
|
%patch1 -p1 -b .use-gnome-as-default-session
|
||||||
@ -345,6 +349,10 @@ fi
|
|||||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-5
|
||||||
|
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
|
||||||
|
Resolves: bz#2167060
|
||||||
|
|
||||||
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
|
* Tue May 31 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
|
||||||
- Add BR: libXdamage, libXfixes, libXrandr
|
- Add BR: libXdamage, libXfixes, libXrandr
|
||||||
Resolves: bz#2091833
|
Resolves: bz#2091833
|
||||||
|
Loading…
Reference in New Issue
Block a user