From a193c0224a4100f2e75bfff40b0832758affeb45 Mon Sep 17 00:00:00 2001
From: Vijay Anusuri <vanusuri@mvista.com>
Date: Mon, 6 Nov 2023 21:04:23 +0530
Subject: xserver-xorg: Fix for CVE-2023-5574

Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/1953f460b9ad1a9cdf0fcce70f6ad3310b713d5f
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/b6fe3f924aecac6d6e311673511ce61aa2f7a81f
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab2c58ba4719fc31c19c7829b06bdba8a88bd586]

(From OE-Core rev: 9291d7e7aca8ff93d036770e4fb42901c3ea1d60)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../xserver-xorg/CVE-2023-5574-2.patch             | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch

(limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch')

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch
new file mode 100644
index 0000000000..2cdef752c7
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5574-2.patch
@@ -0,0 +1,42 @@
+From b6fe3f924aecac6d6e311673511ce61aa2f7a81f Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu, 12 Oct 2023 12:42:06 +1000
+Subject: [PATCH] mi: fix CloseScreen initialization order
+
+If SHM is enabled it will set the CloseScreen pointer, only to be
+overridden by the hardcoded miCloseScreen pointer. Do this the other way
+round, miCloseScreen is the bottom of our stack.
+
+Direct leak of 48 byte(s) in 2 object(s) allocated from:
+  #0 0x7f5ea3ad8cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: d8f3addefe29e892d775c30eb364afd3c2484ca5))
+  #1 0x70adfb in ShmInitScreenPriv ../Xext/shm.c:213
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b6fe3f924aecac6d6e311673511ce61aa2f7a81f]
+CVE: CVE-2023-5574
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ mi/miscrinit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mi/miscrinit.c b/mi/miscrinit.c
+index 3bb52b1bc6..b88938c9ae 100644
+--- a/mi/miscrinit.c
++++ b/mi/miscrinit.c
+@@ -249,10 +249,10 @@ miScreenInit(ScreenPtr pScreen, void *pbits,  /* pointer to screen bits */
+     pScreen->numVisuals = numVisuals;
+     pScreen->visuals = visuals;
+     if (width) {
++        pScreen->CloseScreen = miCloseScreen;
+ #ifdef MITSHM
+         ShmRegisterFbFuncs(pScreen);
+ #endif
+-        pScreen->CloseScreen = miCloseScreen;
+     }
+     /* else CloseScreen */
+     /* QueryBestSize */
+-- 
+GitLab
+
-- 
cgit v1.2.3-54-g00ecf