Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-28 08:02:25 +01:00
Code Issues Projects Releases Packages Wiki Activity

Thu Oct 26 19:55:16 UTC 2023

Browse source 
patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  Use-after-free bug in DestroyWindow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2023-10-26 19:55:16 +00:00 committed by Eric Hameleers
parent 6f3fcdc1d3
commit 61c8c898a8
16 changed files with 416 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
ChangeLog.rss
View file

@ -11,9 +11,52 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Tue, 24 Oct 2023 22:26:20 GMT</pubDate>
<lastBuildDate>Wed, 25 Oct 2023 11:30:25 GMT</lastBuildDate>
<pubDate>Thu, 26 Oct 2023 19:55:16 GMT</pubDate>
<lastBuildDate>Fri, 27 Oct 2023 11:30:27 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
<title>Thu, 26 Oct 2023 19:55:16 GMT</title>
<pubDate>Thu, 26 Oct 2023 19:55:16 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20231026195516</link>
<guid isPermaLink="false">20231026195516</guid>
<description>
<![CDATA[<pre>
patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
https://www.cve.org/CVERecord?id=CVE-2023-5721
https://www.cve.org/CVERecord?id=CVE-2023-5732
https://www.cve.org/CVERecord?id=CVE-2023-5724
https://www.cve.org/CVERecord?id=CVE-2023-5725
https://www.cve.org/CVERecord?id=CVE-2023-5726
https://www.cve.org/CVERecord?id=CVE-2023-5727
https://www.cve.org/CVERecord?id=CVE-2023-5728
https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Tue, 24 Oct 2023 22:26:20 GMT</title>
<pubDate>Tue, 24 Oct 2023 22:26:20 GMT</pubDate>

35
ChangeLog.txt
View file

@ -1,3 +1,38 @@
Thu Oct 26 19:55:16 UTC 2023
patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
https://www.cve.org/CVERecord?id=CVE-2023-5721
https://www.cve.org/CVERecord?id=CVE-2023-5732
https://www.cve.org/CVERecord?id=CVE-2023-5724
https://www.cve.org/CVERecord?id=CVE-2023-5725
https://www.cve.org/CVERecord?id=CVE-2023-5726
https://www.cve.org/CVERecord?id=CVE-2023-5727
https://www.cve.org/CVERecord?id=CVE-2023-5728
https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
+--------------------------+
Tue Oct 24 22:26:20 UTC 2023
patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.

119
FILELIST.TXT
View file

@ -1,20 +1,20 @@
Tue Oct 24 22:30:36 UTC 2023
Thu Oct 26 19:59:57 UTC 2023
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2023-10-24 22:26 .
drwxr-xr-x 12 root root 4096 2023-10-26 19:55 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1195123 2023-10-22 19:33 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-10-22 19:33 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1195123 2023-10-24 22:30 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-10-24 22:30 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 2056133 2023-10-24 22:26 ./ChangeLog.txt
-rw-r--r-- 1 root root 2057937 2023-10-26 19:55 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1562947 2023-10-22 19:33 ./FILELIST.TXT
-rw-r--r-- 1 root root 1562947 2023-10-24 22:30 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@ -752,13 +752,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
-rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
drwxr-xr-x 4 root root 4096 2023-10-24 22:30 ./patches
-rw-r--r-- 1 root root 86255 2023-10-24 22:30 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-10-24 22:30 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 117784 2023-10-24 22:30 ./patches/FILE_LIST
-rw-r--r-- 1 root root 13191172 2023-10-24 22:30 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 62618 2023-10-24 22:30 ./patches/PACKAGES.TXT
drwxr-xr-x 3 root root 24576 2023-10-24 22:30 ./patches/packages
drwxr-xr-x 4 root root 4096 2023-10-26 19:59 ./patches
-rw-r--r-- 1 root root 86534 2023-10-26 19:59 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-10-26 19:59 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 118114 2023-10-26 19:59 ./patches/FILE_LIST
-rw-r--r-- 1 root root 13195472 2023-10-26 19:59 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 62618 2023-10-26 19:59 ./patches/PACKAGES.TXT
drwxr-xr-x 3 root root 24576 2023-10-26 19:59 ./patches/packages
-rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -928,9 +928,9 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 564 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1838968 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 663 2023-10-24 18:41 ./patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 60734184 2023-10-24 18:41 ./patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-24 18:41 ./patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 663 2023-10-26 03:29 ./patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 60737480 2023-10-26 03:29 ./patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-26 03:29 ./patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 451 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1598024 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz.asc
@ -1033,21 +1033,21 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 377 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 801956 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 670 2023-03-29 18:44 ./patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt
-rw-r--r-- 1 root root 1779708 2023-03-29 18:44 ./patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-03-29 18:44 ./patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz.asc
-rw-r--r-- 1 root root 370 2023-03-29 18:44 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt
-rw-r--r-- 1 root root 868684 2023-03-29 18:44 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-03-29 18:44 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz.asc
-rw-r--r-- 1 root root 592 2023-03-29 18:44 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt
-rw-r--r-- 1 root root 605096 2023-03-29 18:44 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-03-29 18:44 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz.asc
-rw-r--r-- 1 root root 689 2023-03-29 18:44 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt
-rw-r--r-- 1 root root 731508 2023-03-29 18:44 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-03-29 18:44 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz.asc
-rw-r--r-- 1 root root 816 2023-03-29 18:44 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt
-rw-r--r-- 1 root root 816820 2023-03-29 18:44 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-03-29 18:44 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz.asc
-rw-r--r-- 1 root root 670 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
-rw-r--r-- 1 root root 1779800 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz.asc
-rw-r--r-- 1 root root 370 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
-rw-r--r-- 1 root root 869132 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz.asc
-rw-r--r-- 1 root root 592 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
-rw-r--r-- 1 root root 605108 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz.asc
-rw-r--r-- 1 root root 689 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
-rw-r--r-- 1 root root 731384 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz.asc
-rw-r--r-- 1 root root 816 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
-rw-r--r-- 1 root root 816792 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz.asc
-rw-r--r-- 1 root root 463 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 9161204 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz.asc
@ -1060,7 +1060,7 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 93 root root 4096 2023-10-24 22:02 ./patches/source
drwxr-xr-x 93 root root 4096 2023-10-26 19:04 ./patches/source
drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython
-rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
-rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -1530,7 +1530,7 @@ drwxr-xr-x 2 root root 4096 2023-01-06 19:30 ./patches/source/mozilla-nss
-rw-r--r-- 1 root root 37770371 2023-01-05 18:00 ./patches/source/mozilla-nss/nss-3.87.tar.lz
-rw-r--r-- 1 root root 2488 2012-04-29 21:05 ./patches/source/mozilla-nss/nss-config.in
-rw-r--r-- 1 root root 1023 2018-02-27 06:12 ./patches/source/mozilla-nss/slack-desc
drwxr-xr-x 4 root root 4096 2023-10-24 17:43 ./patches/source/mozilla-thunderbird
drwxr-xr-x 4 root root 4096 2023-10-26 02:43 ./patches/source/mozilla-thunderbird
drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./patches/source/mozilla-thunderbird/autoconf
-rw-r--r-- 1 root root 5869 2016-07-03 18:04 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz
-rw-r--r-- 1 root root 300116 1999-01-15 21:03 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13.tar.xz
@ -1555,8 +1555,8 @@ drwxr-xr-x 2 root root 4096 2023-10-24 18:53 ./patches/source/mozilla-thun
-rw-r--r-- 1 root root 3378 2005-03-08 05:13 ./patches/source/mozilla-thunderbird/mozilla-thunderbird.desktop
-rw-r--r-- 1 root root 1130 2018-02-27 06:47 ./patches/source/mozilla-thunderbird/slack-desc
-rw-r--r-- 1 root root 330 2019-08-27 16:35 ./patches/source/mozilla-thunderbird/tb.ui.scrollToClick.diff.gz
-rw-r--r-- 1 root root 531269876 2023-10-24 12:39 ./patches/source/mozilla-thunderbird/thunderbird-115.4.0.source.tar.xz
-rw-r--r-- 1 root root 833 2023-10-24 12:39 ./patches/source/mozilla-thunderbird/thunderbird-115.4.0.source.tar.xz.asc
-rw-r--r-- 1 root root 537988108 2023-10-25 17:21 ./patches/source/mozilla-thunderbird/thunderbird-115.4.1.source.tar.xz
-rw-r--r-- 1 root root 833 2023-10-25 17:21 ./patches/source/mozilla-thunderbird/thunderbird-115.4.1.source.tar.xz.asc
drwxr-xr-x 2 root root 4096 2022-07-21 17:44 ./patches/source/net-snmp
-rw-r--r-- 1 root root 356 2021-12-21 18:38 ./patches/source/net-snmp/doinst.sh.gz
-rw-r--r-- 1 root root 607 2018-07-20 09:39 ./patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch.gz
@ -1935,7 +1935,7 @@ drwxr-xr-x 2 root root 4096 2022-11-16 19:13 ./patches/source/xfce4-settin
-rw-r--r-- 1 root root 83 2022-11-09 20:26 ./patches/source/xfce4-settings/xfce4-settings.url
-rw-r--r-- 1 root root 543 2012-07-19 19:32 ./patches/source/xfce4-settings/xfce4-settings.xft.defaults.diff.gz
drwxr-xr-x 10 root root 4096 2022-07-12 20:19 ./patches/source/xorg-server
drwxr-xr-x 2 root root 4096 2023-03-29 18:18 ./patches/source/xorg-server-xwayland
drwxr-xr-x 2 root root 4096 2023-10-25 18:36 ./patches/source/xorg-server-xwayland
-rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
-rw-r--r-- 1 root root 2243 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz
-rw-r--r-- 1 root root 1923 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz
@ -1951,13 +1951,14 @@ drwxr-xr-x 2 root root 4096 2023-03-29 18:18 ./patches/source/xorg-server-
-rw-r--r-- 1 root root 1049 2022-12-14 19:23 ./patches/source/xorg-server-xwayland/CVE-2022-46344.patch.gz
-rw-r--r-- 1 root root 605 2023-02-07 19:33 ./patches/source/xorg-server-xwayland/CVE-2023-0494.patch.gz
-rw-r--r-- 1 root root 792 2023-03-29 18:09 ./patches/source/xorg-server-xwayland/CVE-2023-1393.patch.gz
-rw-r--r-- 1 root root 1127 2023-10-25 18:35 ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch.gz
-rw-r--r-- 1 root root 1287 2021-04-18 18:21 ./patches/source/xorg-server-xwayland/slack-desc
-rwxr-xr-x 1 root root 6481 2023-03-29 18:18 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
-rwxr-xr-x 1 root root 6585 2023-10-25 18:37 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
-rw-r--r-- 1 root root 1261712 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz
-rw-r--r-- 1 root root 95 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz.sig
-rw-r--r-- 1 root root 376 2021-01-16 18:58 ./patches/source/xorg-server/arch.use.flags
drwxr-xr-x 2 root root 4096 2013-04-18 22:42 ./patches/source/xorg-server/build
-rw-r--r-- 1 root root 12 2023-03-29 18:14 ./patches/source/xorg-server/build/xorg-server
-rw-r--r-- 1 root root 12 2023-10-25 18:41 ./patches/source/xorg-server/build/xorg-server
drwxr-xr-x 2 root root 4096 2022-07-12 19:51 ./patches/source/xorg-server/configure
-rw-r--r-- 1 root root 3140 2021-12-26 22:45 ./patches/source/xorg-server/configure/xorg-server
drwxr-xr-x 2 root root 4096 2013-04-18 22:43 ./patches/source/xorg-server/doinst.sh
@ -1967,8 +1968,8 @@ drwxr-xr-x 2 root root 4096 2022-07-12 19:52 ./patches/source/xorg-server/
-rw-r--r-- 1 root root 1189 2018-05-03 12:16 ./patches/source/xorg-server/noarch
-rw-r--r-- 1 root root 833 2019-12-09 18:56 ./patches/source/xorg-server/package-blacklist
drwxr-xr-x 3 root root 4096 2023-02-07 20:15 ./patches/source/xorg-server/patch
drwxr-xr-x 2 root root 4096 2023-03-29 18:15 ./patches/source/xorg-server/patch/xorg-server
-rw-r--r-- 1 root root 4885 2023-03-29 18:15 ./patches/source/xorg-server/patch/xorg-server.patch
drwxr-xr-x 2 root root 4096 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server
-rw-r--r-- 1 root root 5193 2023-10-25 18:41 ./patches/source/xorg-server/patch/xorg-server.patch
-rw-r--r-- 1 root root 623 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz
-rw-r--r-- 1 root root 3846 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch.gz
-rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
@ -1989,6 +1990,8 @@ drwxr-xr-x 2 root root 4096 2023-03-29 18:15 ./patches/source/xorg-server/
-rw-r--r-- 1 root root 1049 2022-12-14 19:23 ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46344.patch.gz
-rw-r--r-- 1 root root 605 2023-02-07 19:33 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch.gz
-rw-r--r-- 1 root root 792 2023-03-29 18:09 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch.gz
-rw-r--r-- 1 root root 1127 2023-10-25 18:35 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch.gz
-rw-r--r-- 1 root root 1534 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch.gz
-rw-r--r-- 1 root root 298 2018-05-30 05:02 ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff.gz
-rw-r--r-- 1 root root 357 2020-09-11 18:38 ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff.gz
-rw-r--r-- 1 root root 340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz
@ -2742,10 +2745,10 @@ drwxr-xr-x 2 root root 16384 2022-02-02 08:24 ./slackware64/d
-rw-r--r-- 1 root root 9905788 2021-08-25 18:28 ./slackware64/d/gcc-gfortran-11.2.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2021-08-25 18:28 ./slackware64/d/gcc-gfortran-11.2.0-x86_64-2.txz.asc
-rw-r--r-- 1 root root 414 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txt
-rw-r--r-- 1 root root 17424960 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz.asc
-rw-r--r-- 1 root root 572 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txt
-rw-r--r-- 1 root root 15856348 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txz
-rw-r--r-- 1 root root 17424960 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz.asc
-rw-r--r-- 1 root root 572 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txt
-rw-r--r-- 1 root root 15856348 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txz.asc
-rw-r--r-- 1 root root 489 2021-08-25 18:28 ./slackware64/d/gcc-objc-11.2.0-x86_64-2.txt
-rw-r--r-- 1 root root 11604124 2021-08-25 18:28 ./slackware64/d/gcc-objc-11.2.0-x86_64-2.txz
@ -5475,10 +5478,10 @@ drwxr-xr-x 2 root root 32768 2022-02-01 04:47 ./slackware64/n
-rw-r--r-- 1 root root 322 2021-06-15 18:38 ./slackware64/n/nfs-utils-2.5.4-x86_64-1.txt
-rw-r--r-- 1 root root 383188 2021-06-15 18:38 ./slackware64/n/nfs-utils-2.5.4-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-06-15 18:38 ./slackware64/n/nfs-utils-2.5.4-x86_64-1.txz.asc
-rw-r--r-- 1 root root 535 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txt
-rw-r--r-- 1 root root 328396 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 297 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txt
-rw-r--r-- 1 root root 535 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txt
-rw-r--r-- 1 root root 328396 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 297 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txt
-rw-r--r-- 1 root root 106148 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txz.asc
-rw-r--r-- 1 root root 649 2021-08-08 18:51 ./slackware64/n/nmap-7.92-x86_64-1.txt
@ -8554,11 +8557,11 @@ drwxr-xr-x 2 root root 4096 2022-01-02 01:00 ./source/ap/usbmuxd
-rw-r--r-- 1 root root 182 2015-04-18 18:30 ./source/ap/usbmuxd/doinst.sh.gz
-rwxr-xr-x 1 root root 2022 2020-07-09 18:37 ./source/ap/usbmuxd/fetch-usbmuxd.sh
-rw-r--r-- 1 root root 735 2018-02-27 06:13 ./source/ap/usbmuxd/slack-desc
-rw-r--r-- 1 root root 53008 2021-09-25 01:29 ./source/ap/usbmuxd/usbmuxd-20210925_e3a3180.tar.xz
-rwxr-xr-x 1 root root 4256 2022-01-02 01:00 ./source/ap/usbmuxd/usbmuxd.SlackBuild
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/vbetool
-rw-r--r-- 1 root root 830 2018-02-27 06:12 ./source/ap/vbetool/slack-desc
-rw-r--r-- 1 root root 24915 2015-12-20 20:37 ./source/ap/vbetool/vbetool-1.2.2.tar.gz
-rw-r--r-- 1 root root 53008 2021-09-25 01:29 ./source/ap/usbmuxd/usbmuxd-20210925_e3a3180.tar.xz
-rwxr-xr-x 1 root root 4256 2022-01-02 01:00 ./source/ap/usbmuxd/usbmuxd.SlackBuild
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/vbetool
-rw-r--r-- 1 root root 830 2018-02-27 06:12 ./source/ap/vbetool/slack-desc
-rw-r--r-- 1 root root 24915 2015-12-20 20:37 ./source/ap/vbetool/vbetool-1.2.2.tar.gz
-rwxr-xr-x 1 root root 3202 2021-02-13 05:31 ./source/ap/vbetool/vbetool.SlackBuild
-rw-r--r-- 1 root root 129 2008-11-24 18:23 ./source/ap/vbetool/vbetool.info
drwxr-xr-x 2 root root 4096 2022-01-29 19:09 ./source/ap/vim
@ -15059,11 +15062,11 @@ drwxr-xr-x 2 root root 4096 2009-08-01 05:00 ./source/x/x11/doinst.sh
-rw-r--r-- 1 root root 283 2018-06-05 22:11 ./source/x/x11/doinst.sh/font-cronyx-cyrillic
-rw-r--r-- 1 root root 341 2018-06-05 22:11 ./source/x/x11/doinst.sh/font-cursor-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:11 ./source/x/x11/doinst.sh/font-daewoo-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-dec-misc
-rw-r--r-- 1 root root 277 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-ibm-type1
-rw-r--r-- 1 root root 341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-isas-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-jis-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-micro-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-dec-misc
-rw-r--r-- 1 root root 277 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-ibm-type1
-rw-r--r-- 1 root root 341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-isas-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-jis-misc
-rw-r--r-- 1 root root 341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-micro-misc
-rw-r--r-- 1 root root 283 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-misc-cyrillic
-rw-r--r-- 1 root root 365 2018-06-05 22:14 ./source/x/x11/doinst.sh/font-misc-ethiopic
-rw-r--r-- 1 root root 273 2018-06-05 22:14 ./source/x/x11/doinst.sh/font-misc-meltho

0
patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txt → patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txt
View file

0
patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt → patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
View file

0
patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt → patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
View file

0
patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt → patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
View file

0
patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt → patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
View file

0
patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt → patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
View file

81
patches/source/xorg-server-xwayland/CVE-2023-5367.patch Normal file
View file

@ -0,0 +1,81 @@
From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 3 Oct 2023 11:53:05 +1000
Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
The handling of appending/prepending properties was incorrect, with at
least two bugs: the property length was set to the length of the new
part only, i.e. appending or prepending N elements to a property with P
existing elements always resulted in the property having N elements
instead of N + P.
Second, when pre-pending a value to a property, the offset for the old
values was incorrect, leaving the new property with potentially
uninitalized values and/or resulting in OOB memory writes.
For example, prepending a 3 element value to a 5 element property would
result in this 8 value array:
[N, N, N, ?, ?, P, P, P ] P, P
^OOB write
The XI2 code is a copy/paste of the RandR code, so the bug exists in
both.
CVE-2023-5367, ZDI-CAN-22153
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xi/xiproperty.c | 4 ++--
randr/rrproperty.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
index 066ba21fba..d315f04d0e 100644
--- a/Xi/xiproperty.c
+++ b/Xi/xiproperty.c
@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
XIDestroyDeviceProperty(prop);
return BadAlloc;
}
- new_value.size = len;
+ new_value.size = total_len;
new_value.type = type;
new_value.format = format;
@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
case PropModePrepend:
new_data = new_value.data;
old_data = (void *) (((char *) new_value.data) +
- (prop_value->size * size_in_bytes));
+ (len * size_in_bytes));
break;
}
if (new_data)
diff --git a/randr/rrproperty.c b/randr/rrproperty.c
index c2fb9585c6..25469f57b2 100644
--- a/randr/rrproperty.c
+++ b/randr/rrproperty.c
@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
RRDestroyOutputProperty(prop);
return BadAlloc;
}
- new_value.size = len;
+ new_value.size = total_len;
new_value.type = type;
new_value.format = format;
@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
case PropModePrepend:
new_data = new_value.data;
old_data = (void *) (((char *) new_value.data) +
- (prop_value->size * size_in_bytes));
+ (len * size_in_bytes));
break;
}
if (new_data)
--
GitLab

7
patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
View file

@ -1,6 +1,6 @@
#!/bin/bash
# Copyright 2016, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA
# Copyright 2016, 2018, 2019, 2023 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=xorg-server-xwayland
SRCNAM=xwayland
VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-7_slack15.0}
BUILD=${BUILD:-8_slack15.0}
# Default font paths to be used by the X server:
DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic"
@ -110,6 +110,9 @@ zcat $CWD/CVE-2023-1393.patch.gz | patch -p1 --verbose || exit 1
# This prevents a crash with recent NVIDIA drivers.
zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1
# Patch another security issue:
zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1
# Configure, build, and install:
export CFLAGS="$SLKCFLAGS"
export CXXFLAGS="$SLKCFLAGS"

2
patches/source/xorg-server/build/xorg-server
View file

@ -1 +1 @@
8_slack15.0
9_slack15.0

5
patches/source/xorg-server/patch/xorg-server.patch
View file

@ -59,3 +59,8 @@ zcat $CWD/patch/xorg-server/857.patch.gz | patch -p1 --verbose || { touch ${SLAC
# Patch another security issue:
zcat $CWD/patch/xorg-server/CVE-2023-1393.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
# Patch more security issues:
zcat $CWD/patch/xorg-server/CVE-2023-5367.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2023-5380.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }

81
patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch Normal file
View file

@ -0,0 +1,81 @@
From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 3 Oct 2023 11:53:05 +1000
Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
The handling of appending/prepending properties was incorrect, with at
least two bugs: the property length was set to the length of the new
part only, i.e. appending or prepending N elements to a property with P
existing elements always resulted in the property having N elements
instead of N + P.
Second, when pre-pending a value to a property, the offset for the old
values was incorrect, leaving the new property with potentially
uninitalized values and/or resulting in OOB memory writes.
For example, prepending a 3 element value to a 5 element property would
result in this 8 value array:
[N, N, N, ?, ?, P, P, P ] P, P
^OOB write
The XI2 code is a copy/paste of the RandR code, so the bug exists in
both.
CVE-2023-5367, ZDI-CAN-22153
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xi/xiproperty.c | 4 ++--
randr/rrproperty.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
index 066ba21fba..d315f04d0e 100644
--- a/Xi/xiproperty.c
+++ b/Xi/xiproperty.c
@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
XIDestroyDeviceProperty(prop);
return BadAlloc;
}
- new_value.size = len;
+ new_value.size = total_len;
new_value.type = type;
new_value.format = format;
@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
case PropModePrepend:
new_data = new_value.data;
old_data = (void *) (((char *) new_value.data) +
- (prop_value->size * size_in_bytes));
+ (len * size_in_bytes));
break;
}
if (new_data)
diff --git a/randr/rrproperty.c b/randr/rrproperty.c
index c2fb9585c6..25469f57b2 100644
--- a/randr/rrproperty.c
+++ b/randr/rrproperty.c
@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
RRDestroyOutputProperty(prop);
return BadAlloc;
}
- new_value.size = len;
+ new_value.size = total_len;
new_value.type = type;
new_value.format = format;
@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
case PropModePrepend:
new_data = new_value.data;
old_data = (void *) (((char *) new_value.data) +
- (prop_value->size * size_in_bytes));
+ (len * size_in_bytes));
break;
}
if (new_data)
--
GitLab

99
patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch Normal file
View file

@ -0,0 +1,99 @@
From 564ccf2ce9616620456102727acb8b0256b7bbd7 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 5 Oct 2023 12:19:45 +1000
Subject: [PATCH] mi: reset the PointerWindows reference on screen switch
PointerWindows[] keeps a reference to the last window our sprite
entered - changes are usually handled by CheckMotion().
If we switch between screens via XWarpPointer our
dev->spriteInfo->sprite->win is set to the new screen's root window.
If there's another window at the cursor location CheckMotion() will
trigger the right enter/leave events later. If there is not, it skips
that process and we never trigger LeaveWindow() - PointerWindows[] for
the device still refers to the previous window.
If that window is destroyed we have a dangling reference that will
eventually cause a use-after-free bug when checking the window hierarchy
later.
To trigger this, we require:
- two protocol screens
- XWarpPointer to the other screen's root window
- XDestroyWindow before entering any other window
This is a niche bug so we hack around it by making sure we reset the
PointerWindows[] entry so we cannot have a dangling pointer. This
doesn't handle Enter/Leave events correctly but the previous code didn't
either.
CVE-2023-5380, ZDI-CAN-21608
This vulnerability was discovered by:
Sri working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
---
dix/enterleave.h | 2 --
include/eventstr.h | 3 +++
mi/mipointer.c | 17 +++++++++++++++--
3 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/dix/enterleave.h b/dix/enterleave.h
index 4b833d8a3b..e8af924c68 100644
--- a/dix/enterleave.h
+++ b/dix/enterleave.h
@@ -58,8 +58,6 @@ extern void DeviceFocusEvent(DeviceIntPtr dev,
extern void EnterWindow(DeviceIntPtr dev, WindowPtr win, int mode);
-extern void LeaveWindow(DeviceIntPtr dev);
-
extern void CoreFocusEvent(DeviceIntPtr kbd,
int type, int mode, int detail, WindowPtr pWin);
diff --git a/include/eventstr.h b/include/eventstr.h
index 93308f9b24..a9926eaeef 100644
--- a/include/eventstr.h
+++ b/include/eventstr.h
@@ -335,4 +335,7 @@ union _InternalEvent {
GestureEvent gesture_event;
};
+extern void
+LeaveWindow(DeviceIntPtr dev);
+
#endif
diff --git a/mi/mipointer.c b/mi/mipointer.c
index a638f25d4a..8cf0035140 100644
--- a/mi/mipointer.c
+++ b/mi/mipointer.c
@@ -397,8 +397,21 @@ miPointerWarpCursor(DeviceIntPtr pDev, ScreenPtr pScreen, int x, int y)
#ifdef PANORAMIX
&& noPanoramiXExtension
#endif
- )
- UpdateSpriteForScreen(pDev, pScreen);
+ ) {
+ DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER);
+ /* Hack for CVE-2023-5380: if we're moving
+ * screens PointerWindows[] keeps referring to the
+ * old window. If that gets destroyed we have a UAF
+ * bug later. Only happens when jumping from a window
+ * to the root window on the other screen.
+ * Enter/Leave events are incorrect for that case but
+ * too niche to fix.
+ */
+ LeaveWindow(pDev);
+ if (master)
+ LeaveWindow(master);
+ UpdateSpriteForScreen(pDev, pScreen);
+ }
}
/**
--
GitLab
B

3
recompress.sh
View file

@ -1198,6 +1198,7 @@ gzip ./patches/source/xorg-server-xwayland/CVE-2022-46341.patch
gzip ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-3550.patch
gzip ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch
gzip ./patches/source/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch
gzip ./patches/source/seamonkey/doinst.sh
gzip ./patches/source/seamonkey/double_t.x86.diff
@ -1240,6 +1241,7 @@ gzip ./patches/source/sdl/libsdl-1.2.15-resizing.patch
gzip ./patches/source/emacs/d48bb4874bc6cd3e69c7a15fc3c91cc141025c51.patch
gzip ./patches/source/emacs/doinst.sh
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46342.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46343.patch
gzip ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch
@ -1263,6 +1265,7 @@ gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3550.patch
gzip ./patches/source/xorg-server/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff
gzip ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch
gzip ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch
gzip ./patches/source/zstd/zstd.dont.link.pzstd.to.static.libzstd.a.diff
gzip ./patches/source/ksh93/doinst.sh
gzip ./patches/source/xscreensaver/setuid.c