diff --git a/backport-CVE-2022-3550.patch b/backport-CVE-2022-3550.patch new file mode 100644 index 0000000..edb244c --- /dev/null +++ b/backport-CVE-2022-3550.patch @@ -0,0 +1,28 @@ +From f908421d43959a44ff940fd89fd0e35150cfe3f9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 26 May 2023 15:10:01 +0800 +Subject: [PATCH] xkb: proof GetCountedString against request length attacks + +--- + xkb/xkb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index aa98578..87b73df 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5138,6 +5138,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) + CARD16 len; + + wire = *wire_inout; ++ ++ if (client->req_len < ++ bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) ++ return BadValue; ++ + len = *(CARD16 *) wire; + if (client->swapped) { + swaps(&len); +-- +2.20.1 + diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 86277e3..dec2578 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -16,7 +16,7 @@ Name: xorg-x11-server Version: 1.20.8 -Release: 18 +Release: 19 Summary: X.Org X11 X server License: MIT and GPLv2 URL: https://www.x.org @@ -105,6 +105,7 @@ Patch6015: backport-CVE-2022-46344.patch Patch6016: backport-CVE-2022-4283.patch Patch6017: backport-CVE-2023-0494.patch Patch6018: backport-CVE-2023-1393.patch +Patch6019: backport-CVE-2022-3550.patch BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git gcc BuildRequires: systemtap-sdt-devel libtool pkgconfig @@ -347,6 +348,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_libdir}/xorg/protocol.txt %changelog +* Fri May 26 2023 leeffo -1.20.8-19 +- fix CVE-2022-3550 + * Thu Apr 13 2023 liweiganga -1.20.8-18 - fix CVE-2023-1393 @@ -403,7 +407,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete - SUG:NA - DESC:fix CVE-2021-3472 -* Mon Feb 01 2020 yeah_wang - 1.20.8-4 +* Mon Feb 01 2021 yeah_wang - 1.20.8-4 - Type:CVE - Id:CVE-2020-14347 CVE-2020-14360 CVE-2020-25712 - SUG:NA