diff options
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch')
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch new file mode 100644 index 0000000000..9763e0b562 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Olivier Fourdan <ofourdan@redhat.com> | ||
3 | Date: Wed, 6 Dec 2023 11:51:56 +0100 | ||
4 | Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor | ||
5 | |||
6 | The cursor in DIX is actually split in two parts, the cursor itself and | ||
7 | the cursor bits, each with their own devPrivates. | ||
8 | |||
9 | The cursor itself includes the cursor bits, meaning that the cursor bits | ||
10 | devPrivates in within structure of the cursor. | ||
11 | |||
12 | Both Xephyr and Xwayland were using the private key for the cursor bits | ||
13 | to store the data for the cursor, and when using XSELINUX which comes | ||
14 | with its own special devPrivates, the data stored in that cursor bits' | ||
15 | devPrivates would interfere with the XSELINUX devPrivates data and the | ||
16 | SELINUX security ID would point to some other unrelated data, causing a | ||
17 | crash in the XSELINUX code when trying to (re)use the security ID. | ||
18 | |||
19 | CVE-2024-0409 | ||
20 | |||
21 | Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> | ||
22 | Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> | ||
23 | |||
24 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7] | ||
25 | CVE: CVE-2024-0409 | ||
26 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
27 | --- | ||
28 | hw/kdrive/ephyr/ephyrcursor.c | 2 +- | ||
29 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
30 | |||
31 | diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c | ||
32 | index f991899..3f192d0 100644 | ||
33 | --- a/hw/kdrive/ephyr/ephyrcursor.c | ||
34 | +++ b/hw/kdrive/ephyr/ephyrcursor.c | ||
35 | @@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = { | ||
36 | Bool | ||
37 | ephyrCursorInit(ScreenPtr screen) | ||
38 | { | ||
39 | - if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS, | ||
40 | + if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR, | ||
41 | sizeof(ephyrCursorRec))) | ||
42 | return FALSE; | ||
43 | |||
44 | -- | ||
45 | 2.25.1 | ||
46 | |||