diff options
| author | Vijay Anusuri <vanusuri@mvista.com> | 2025-03-05 19:02:10 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-03-08 06:22:56 -0800 |
| commit | cfa84dcc1a4921cccb06fca369a8a42f376ec3e6 (patch) | |
| tree | 50eccfe872e3c98334cefb86b28fd81a93900af0 | |
| parent | 2063d1265e30f5baebf303a4eb2b368260da1ff8 (diff) | |
| download | poky-cfa84dcc1a4921cccb06fca369a8a42f376ec3e6.tar.gz | |
xwayland: Fix CVE-2025-26597
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949
(From OE-Core rev: 6e19f26f4f152316badf3668b74cfc50d8d12528)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch | 46 | ||||
| -rw-r--r-- | meta/recipes-graphics/xwayland/xwayland_23.2.5.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch new file mode 100644 index 0000000000..b0735d0b46 --- /dev/null +++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch | |||
| @@ -0,0 +1,46 @@ | |||
| 1 | From 0e4ed94952b255c04fe910f6a1d9c852878dcd64 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Olivier Fourdan <ofourdan@redhat.com> | ||
| 3 | Date: Thu, 28 Nov 2024 14:09:04 +0100 | ||
| 4 | Subject: [PATCH] xkb: Fix buffer overflow in XkbChangeTypesOfKey() | ||
| 5 | |||
| 6 | If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the | ||
| 7 | key syms to 0 but leave the key actions unchanged. | ||
| 8 | |||
| 9 | If later, the same function is called with a non-zero value for nGroups, | ||
| 10 | this will cause a buffer overflow because the key actions are of the wrong | ||
| 11 | size. | ||
| 12 | |||
| 13 | To avoid the issue, make sure to resize both the key syms and key actions | ||
| 14 | when nGroups is 0. | ||
| 15 | |||
| 16 | CVE-2025-26597, ZDI-CAN-25683 | ||
| 17 | |||
| 18 | This vulnerability was discovered by: | ||
| 19 | Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | ||
| 20 | |||
| 21 | Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> | ||
| 22 | Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> | ||
| 23 | Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828> | ||
| 24 | |||
| 25 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949] | ||
| 26 | CVE: CVE-2025-26597 | ||
| 27 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 28 | --- | ||
| 29 | xkb/XKBMisc.c | 1 + | ||
| 30 | 1 file changed, 1 insertion(+) | ||
| 31 | |||
| 32 | diff --git a/xkb/XKBMisc.c b/xkb/XKBMisc.c | ||
| 33 | index abbfed90eb..fd180fad2c 100644 | ||
| 34 | --- a/xkb/XKBMisc.c | ||
| 35 | +++ b/xkb/XKBMisc.c | ||
| 36 | @@ -553,6 +553,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb, | ||
| 37 | i = XkbSetNumGroups(i, 0); | ||
| 38 | xkb->map->key_sym_map[key].group_info = i; | ||
| 39 | XkbResizeKeySyms(xkb, key, 0); | ||
| 40 | + XkbResizeKeyActions(xkb, key, 0); | ||
| 41 | return Success; | ||
| 42 | } | ||
| 43 | |||
| 44 | -- | ||
| 45 | GitLab | ||
| 46 | |||
diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb index 63803a7a44..7f94c5e2e2 100644 --- a/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb +++ b/meta/recipes-graphics/xwayland/xwayland_23.2.5.bb | |||
| @@ -15,6 +15,7 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \ | |||
| 15 | file://CVE-2025-26594-2.patch \ | 15 | file://CVE-2025-26594-2.patch \ |
| 16 | file://CVE-2025-26595.patch \ | 16 | file://CVE-2025-26595.patch \ |
| 17 | file://CVE-2025-26596.patch \ | 17 | file://CVE-2025-26596.patch \ |
| 18 | file://CVE-2025-26597.patch \ | ||
| 18 | " | 19 | " |
| 19 | SRC_URI[sha256sum] = "33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90" | 20 | SRC_URI[sha256sum] = "33ec7ff2687a59faaa52b9b09aa8caf118e7ecb6aed8953f526a625ff9f4bd90" |
| 20 | 21 | ||