xserver: Branch 'server-21.1-branch' - 2 commits
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Oct 29 16:02:20 UTC 2024
configure.ac | 4 ++--
meson.build | 4 ++--
xkb/xkb.c | 8 ++++----
3 files changed, 8 insertions(+), 8 deletions(-)
New commits:
commit b25ad9b8f0ebcc3ebe09ce9991410c60f3a8b2ce
Author: José Expósito <jexposit at redhat.com>
Date: Tue Oct 29 14:40:34 2024 +0100
xserver 21.1.14
Signed-off-by: José Expósito <jexposit at redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1734>
diff --git a/configure.ac b/configure.ac
index 7d442c214..80c603719 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,8 +26,8 @@ dnl
dnl Process this file with autoconf to create configure.
AC_PREREQ(2.60)
-AC_INIT([xorg-server], 21.1.13, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server)
-RELEASE_DATE="2024-04-12"
+AC_INIT([xorg-server], 21.1.14, [https://gitlab.freedesktop.org/xorg/xserver/issues], xorg-server)
+RELEASE_DATE="2024-10-29"
RELEASE_NAME="Caramel Ice Cream"
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/meson.build b/meson.build
index 9e54a0a6f..f022a7aa4 100644
--- a/meson.build
+++ b/meson.build
@@ -3,10 +3,10 @@ project('xserver', 'c',
'buildtype=debugoptimized',
'c_std=gnu99',
],
- version: '21.1.13',
+ version: '21.1.14',
meson_version: '>= 0.47.0',
)
-release_date = '2024-04-12'
+release_date = '2024-10-29'
add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc'])
cc = meson.get_compiler('c')
commit ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Thu Oct 10 10:37:28 2024 +0200
xkb: Fix buffer overflow in _XkbSetCompatMap()
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
CVE-2024-9632, ZDI-CAN-24756
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
Tested-by: Peter Hutterer <peter.hutterer at who-t.net>
Reviewed-by: José Expósito <jexposit at redhat.com>
(cherry picked from commit 85b776571487f52e756f68a069c768757369bfe3)
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1734>
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 276dc1938..7da00a0c8 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2992,13 +2992,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
XkbSymInterpretPtr sym;
unsigned int skipped = 0;
- if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
- compat->num_si = req->firstSI + req->nSI;
+ if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+ compat->num_si = compat->size_si = req->firstSI + req->nSI;
compat->sym_interpret = reallocarray(compat->sym_interpret,
- compat->num_si,
+ compat->size_si,
sizeof(XkbSymInterpretRec));
if (!compat->sym_interpret) {
- compat->num_si = 0;
+ compat->num_si = compat->size_si = 0;
return BadAlloc;
}
}
More information about the xorg-commit
mailing list