Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-29 08:36:40 +01:00
Code Issues Projects Releases Packages Wiki Activity

Tue Jan 16 20:49:28 UTC 2024

Browse source 
patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two medium severity security issues:
  Fix more timing side-channel inside RSA-PSK key exchange.
  Fix assertion failure when verifying a certificate chain with a cycle of
  cross signatures.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-0553
    https://www.cve.org/CVERecord?id=CVE-2024-0567
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
  Reattaching to different master device may lead to out-of-bounds memory access.
  Heap buffer overflow in XISendDeviceHierarchyEvent.
  Heap buffer overflow in DisableDevice.
  SELinux context corruption.
  SELinux unlabeled GLX PBuffer.
  For more information, see:
    https://lists.x.org/archives/xorg/2024-January/061525.html
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-0408
    https://www.cve.org/CVERecord?id=CVE-2024-0409
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
  Reattaching to different master device may lead to out-of-bounds memory access.
  Heap buffer overflow in XISendDeviceHierarchyEvent.
  Heap buffer overflow in DisableDevice.
  SELinux unlabeled GLX PBuffer.
  For more information, see:
    https://lists.x.org/archives/xorg/2024-January/061525.html
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-0408
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2024-01-16 20:49:28 +00:00 committed by Eric Hameleers
parent caf0fadb3f
commit 95fd8ef935
31 changed files with 1796 additions and 164 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
ChangeLog.rss
View file

@ -11,9 +11,63 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Wed, 10 Jan 2024 20:25:54 GMT</pubDate>
<lastBuildDate>Thu, 11 Jan 2024 12:30:19 GMT</lastBuildDate>
<pubDate>Tue, 16 Jan 2024 20:49:28 GMT</pubDate>
<lastBuildDate>Wed, 17 Jan 2024 12:30:23 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
<title>Tue, 16 Jan 2024 20:49:28 GMT</title>
<pubDate>Tue, 16 Jan 2024 20:49:28 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20240116204928</link>
<guid isPermaLink="false">20240116204928</guid>
<description>
<![CDATA[<pre>
patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Wed, 10 Jan 2024 20:25:54 GMT</title>
<pubDate>Wed, 10 Jan 2024 20:25:54 GMT</pubDate>

46
ChangeLog.txt
View file

@ -1,3 +1,49 @@
Tue Jan 16 20:49:28 UTC 2024
patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
+--------------------------+
Wed Jan 10 20:25:54 UTC 2024
patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.

338
FILELIST.TXT
View file

@ -1,20 +1,20 @@
Wed Jan 10 20:26:45 UTC 2024
Tue Jan 16 20:52:12 UTC 2024
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2024-01-10 20:25 .
drwxr-xr-x 12 root root 4096 2024-01-16 20:49 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1209617 2024-01-09 20:53 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2024-01-09 20:53 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1210139 2024-01-10 20:27 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2024-01-10 20:27 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 2079681 2024-01-10 20:25 ./ChangeLog.txt
-rw-r--r-- 1 root root 2082003 2024-01-16 20:49 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1583782 2024-01-09 20:52 ./FILELIST.TXT
-rw-r--r-- 1 root root 1584480 2024-01-10 20:26 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@ -770,13 +770,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
-rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
drwxr-xr-x 4 root root 4096 2024-01-10 20:26 ./patches
-rw-r--r-- 1 root root 98175 2024-01-10 20:26 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2024-01-10 20:26 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 134557 2024-01-10 20:26 ./patches/FILE_LIST
-rw-r--r-- 1 root root 15241977 2024-01-10 20:26 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 72864 2024-01-10 20:26 ./patches/PACKAGES.TXT
drwxr-xr-x 5 root root 32768 2024-01-10 20:26 ./patches/packages
drwxr-xr-x 4 root root 4096 2024-01-16 20:52 ./patches
-rw-r--r-- 1 root root 99861 2024-01-16 20:52 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2024-01-16 20:52 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 136567 2024-01-16 20:52 ./patches/FILE_LIST
-rw-r--r-- 1 root root 15259626 2024-01-16 20:52 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 72865 2024-01-16 20:52 ./patches/PACKAGES.TXT
drwxr-xr-x 5 root root 32768 2024-01-16 20:52 ./patches/packages
-rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -855,9 +855,9 @@ drwxr-xr-x 5 root root 32768 2024-01-10 20:26 ./patches/packages
-rw-r--r-- 1 root root 598 2022-07-07 18:24 ./patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2368640 2022-07-07 18:24 ./patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-07-07 18:24 ./patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 492 2023-02-10 19:44 ./patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2855224 2023-02-10 19:44 ./patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-10 19:44 ./patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 492 2024-01-16 20:17 ./patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2794108 2024-01-16 20:17 ./patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-16 20:17 ./patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 314 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 111208 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz.asc
@ -1098,21 +1098,21 @@ drwxr-xr-x 2 root root 4096 2023-11-21 21:09 ./patches/packages/old-linux
-rw-r--r-- 1 root root 377 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 801956 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 670 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt
-rw-r--r-- 1 root root 1780124 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz.asc
-rw-r--r-- 1 root root 370 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt
-rw-r--r-- 1 root root 869204 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz.asc
-rw-r--r-- 1 root root 592 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt
-rw-r--r-- 1 root root 605124 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz.asc
-rw-r--r-- 1 root root 689 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt
-rw-r--r-- 1 root root 731156 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-12-13 20:09 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz.asc
-rw-r--r-- 1 root root 816 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt
-rw-r--r-- 1 root root 816656 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-12-13 20:12 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz.asc
-rw-r--r-- 1 root root 670 2024-01-16 19:51 ./patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txt
-rw-r--r-- 1 root root 1779656 2024-01-16 19:51 ./patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz.asc
-rw-r--r-- 1 root root 370 2024-01-16 19:51 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txt
-rw-r--r-- 1 root root 868556 2024-01-16 19:51 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz.asc
-rw-r--r-- 1 root root 592 2024-01-16 19:51 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txt
-rw-r--r-- 1 root root 604924 2024-01-16 19:51 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz.asc
-rw-r--r-- 1 root root 689 2024-01-16 19:51 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txt
-rw-r--r-- 1 root root 730724 2024-01-16 19:51 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-16 19:51 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz.asc
-rw-r--r-- 1 root root 816 2024-01-16 20:01 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txt
-rw-r--r-- 1 root root 816672 2024-01-16 20:01 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-16 20:01 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz.asc
-rw-r--r-- 1 root root 570 2024-01-10 20:20 ./patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1041872 2024-01-10 20:20 ./patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-10 20:20 ./patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz.asc
@ -1128,7 +1128,7 @@ drwxr-xr-x 2 root root 4096 2023-11-21 21:09 ./patches/packages/old-linux
-rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 101 root root 4096 2024-01-10 20:24 ./patches/source
drwxr-xr-x 101 root root 4096 2024-01-16 20:45 ./patches/source
drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython
-rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
-rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -1326,10 +1326,10 @@ drwxr-xr-x 2 root root 4096 2022-07-07 18:21 ./patches/source/gnupg2
-rw-r--r-- 1 root root 5158914 2022-07-06 18:20 ./patches/source/gnupg2/gnupg-2.2.36.tar.lz
-rwxr-xr-x 1 root root 4261 2022-07-07 18:21 ./patches/source/gnupg2/gnupg2.SlackBuild
-rw-r--r-- 1 root root 1052 2018-08-27 17:38 ./patches/source/gnupg2/slack-desc
drwxr-xr-x 2 root root 4096 2023-02-10 19:41 ./patches/source/gnutls
-rw-r--r-- 1 root root 6377212 2023-02-10 09:42 ./patches/source/gnutls/gnutls-3.7.9.tar.xz
-rw-r--r-- 1 root root 685 2023-02-10 09:42 ./patches/source/gnutls/gnutls-3.7.9.tar.xz.sig
-rwxr-xr-x 1 root root 4992 2022-07-29 19:02 ./patches/source/gnutls/gnutls.SlackBuild
drwxr-xr-x 2 root root 4096 2024-01-16 20:08 ./patches/source/gnutls
-rw-r--r-- 1 root root 6463720 2024-01-16 10:16 ./patches/source/gnutls/gnutls-3.8.3.tar.xz
-rw-r--r-- 1 root root 580 2024-01-16 10:16 ./patches/source/gnutls/gnutls-3.8.3.tar.xz.sig
-rwxr-xr-x 1 root root 4992 2024-01-16 20:14 ./patches/source/gnutls/gnutls.SlackBuild
-rw-r--r-- 1 root root 946 2018-02-27 06:13 ./patches/source/gnutls/slack-desc
drwxr-xr-x 2 root root 4096 2022-04-07 21:51 ./patches/source/gzip
-rw-r--r-- 1 root root 825548 2022-04-07 17:00 ./patches/source/gzip/gzip-1.12.tar.xz
@ -2090,7 +2090,7 @@ drwxr-xr-x 2 root root 4096 2022-11-16 19:13 ./patches/source/xfce4-setti
-rw-r--r-- 1 root root 83 2022-11-09 20:26 ./patches/source/xfce4-settings/xfce4-settings.url
-rw-r--r-- 1 root root 543 2012-07-19 19:32 ./patches/source/xfce4-settings/xfce4-settings.xft.defaults.diff.gz
drwxr-xr-x 10 root root 4096 2022-07-12 20:19 ./patches/source/xorg-server
drwxr-xr-x 2 root root 4096 2023-12-13 20:11 ./patches/source/xorg-server-xwayland
drwxr-xr-x 2 root root 4096 2024-01-16 19:52 ./patches/source/xorg-server-xwayland
-rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
-rw-r--r-- 1 root root 2243 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz
-rw-r--r-- 1 root root 1923 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz
@ -2109,13 +2109,22 @@ drwxr-xr-x 2 root root 4096 2023-12-13 20:11 ./patches/source/xorg-server
-rw-r--r-- 1 root root 1127 2023-10-25 18:35 ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch.gz
-rw-r--r-- 1 root root 1150 2023-12-13 20:03 ./patches/source/xorg-server-xwayland/CVE-2023-6377.patch.gz
-rw-r--r-- 1 root root 972 2023-12-13 20:03 ./patches/source/xorg-server-xwayland/CVE-2023-6478.patch.gz
-rw-r--r-- 1 root root 998 2024-01-16 19:41 ./patches/source/xorg-server-xwayland/CVE-2023-6816.patch.gz
-rw-r--r-- 1 root root 1388 2024-01-16 19:44 ./patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch.gz
-rw-r--r-- 1 root root 2299 2024-01-16 19:44 ./patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch.gz
-rw-r--r-- 1 root root 781 2024-01-16 19:44 ./patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch.gz
-rw-r--r-- 1 root root 1160 2024-01-16 19:47 ./patches/source/xorg-server-xwayland/CVE-2024-0408.patch.gz
-rw-r--r-- 1 root root 981 2024-01-16 19:46 ./patches/source/xorg-server-xwayland/CVE-2024-0409.patch.gz
-rw-r--r-- 1 root root 1351 2024-01-16 19:45 ./patches/source/xorg-server-xwayland/CVE-2024-21885.patch.gz
-rw-r--r-- 1 root root 1124 2024-01-16 19:45 ./patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch.gz
-rw-r--r-- 1 root root 859 2024-01-16 19:46 ./patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch.gz
-rw-r--r-- 1 root root 1287 2021-04-18 18:21 ./patches/source/xorg-server-xwayland/slack-desc
-rwxr-xr-x 1 root root 6746 2023-12-13 20:11 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
-rwxr-xr-x 1 root root 7440 2024-01-16 20:00 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
-rw-r--r-- 1 root root 1261712 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz
-rw-r--r-- 1 root root 95 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz.sig
-rw-r--r-- 1 root root 376 2021-01-16 18:58 ./patches/source/xorg-server/arch.use.flags
drwxr-xr-x 2 root root 4096 2013-04-18 22:42 ./patches/source/xorg-server/build
-rw-r--r-- 1 root root 13 2023-12-13 20:06 ./patches/source/xorg-server/build/xorg-server
-rw-r--r-- 1 root root 13 2024-01-16 19:48 ./patches/source/xorg-server/build/xorg-server
drwxr-xr-x 2 root root 4096 2022-07-12 19:51 ./patches/source/xorg-server/configure
-rw-r--r-- 1 root root 3140 2021-12-26 22:45 ./patches/source/xorg-server/configure/xorg-server
drwxr-xr-x 2 root root 4096 2013-04-18 22:43 ./patches/source/xorg-server/doinst.sh
@ -2125,8 +2134,8 @@ drwxr-xr-x 2 root root 4096 2022-07-12 19:52 ./patches/source/xorg-server
-rw-r--r-- 1 root root 1189 2018-05-03 12:16 ./patches/source/xorg-server/noarch
-rw-r--r-- 1 root root 833 2019-12-09 18:56 ./patches/source/xorg-server/package-blacklist
drwxr-xr-x 3 root root 4096 2023-02-07 20:15 ./patches/source/xorg-server/patch
drwxr-xr-x 2 root root 4096 2023-12-13 20:05 ./patches/source/xorg-server/patch/xorg-server
-rw-r--r-- 1 root root 5499 2023-12-13 20:05 ./patches/source/xorg-server/patch/xorg-server.patch
drwxr-xr-x 2 root root 4096 2024-01-16 19:48 ./patches/source/xorg-server/patch/xorg-server
-rw-r--r-- 1 root root 6790 2024-01-16 19:49 ./patches/source/xorg-server/patch/xorg-server.patch
-rw-r--r-- 1 root root 623 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz
-rw-r--r-- 1 root root 3846 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch.gz
-rw-r--r-- 1 root root 1175 2022-07-12 17:02 ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
@ -2151,6 +2160,15 @@ drwxr-xr-x 2 root root 4096 2023-12-13 20:05 ./patches/source/xorg-server
-rw-r--r-- 1 root root 1534 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch.gz
-rw-r--r-- 1 root root 1150 2023-12-13 20:03 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch.gz
-rw-r--r-- 1 root root 972 2023-12-13 20:03 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch.gz
-rw-r--r-- 1 root root 998 2024-01-16 19:41 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch.gz
-rw-r--r-- 1 root root 1388 2024-01-16 19:44 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch.gz
-rw-r--r-- 1 root root 2299 2024-01-16 19:44 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch.gz
-rw-r--r-- 1 root root 781 2024-01-16 19:44 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch.gz
-rw-r--r-- 1 root root 1160 2024-01-16 19:47 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch.gz
-rw-r--r-- 1 root root 981 2024-01-16 19:46 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch.gz
-rw-r--r-- 1 root root 1351 2024-01-16 19:45 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch.gz
-rw-r--r-- 1 root root 1124 2024-01-16 19:45 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch.gz
-rw-r--r-- 1 root root 859 2024-01-16 19:46 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch.gz
-rw-r--r-- 1 root root 298 2018-05-30 05:02 ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff.gz
-rw-r--r-- 1 root root 357 2020-09-11 18:38 ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff.gz
-rw-r--r-- 1 root root 340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz
@ -2659,33 +2677,33 @@ drwxr-xr-x 2 root root 20480 2022-02-02 04:20 ./slackware64/ap
-rw-r--r-- 1 root root 14191780 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-09-27 18:02 ./slackware64/ap/ghostscript-9.55.0-x86_64-1.txz.asc
-rw-r--r-- 1 root root 368 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txt
-rw-r--r-- 1 root root 3514504 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz.asc
-rw-r--r-- 1 root root 279 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txt
-rw-r--r-- 1 root root 189172 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz.asc
-rw-r--r-- 1 root root 429 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txt
-rw-r--r-- 1 root root 2273172 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz.asc
-rw-r--r-- 1 root root 592 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txt
-rw-r--r-- 1 root root 2764424 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz.asc
-rw-r--r-- 1 root root 459 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txt
-rw-r--r-- 1 root root 19096240 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz
-rw-r--r-- 1 root root 163 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz.asc
-rw-r--r-- 1 root root 481 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txt
-rw-r--r-- 1 root root 136168 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz.asc
-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/ap/install-packages
-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/ap/install.end
-rw-r--r-- 1 root root 488 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txt
-rw-r--r-- 1 root root 288072 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz
-rw-r--r-- 1 root root 163 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz.asc
-rw-r--r-- 1 root root 597 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txt
-rw-r--r-- 1 root root 347356 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz.asc
-rw-r--r-- 1 root root 381 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txt
-rw-r--r-- 1 root root 41548 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txz
-rw-r--r-- 1 root root 3514504 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:28 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-5.txz.asc
-rw-r--r-- 1 root root 279 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txt
-rw-r--r-- 1 root root 189172 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-03 17:50 ./slackware64/ap/gphoto2-2.5.28-x86_64-1.txz.asc
-rw-r--r-- 1 root root 429 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txt
-rw-r--r-- 1 root root 2273172 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/groff-1.22.4-x86_64-4.txz.asc
-rw-r--r-- 1 root root 592 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txt
-rw-r--r-- 1 root root 2764424 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:30 ./slackware64/ap/gutenprint-5.3.4-x86_64-3.txz.asc
-rw-r--r-- 1 root root 459 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txt
-rw-r--r-- 1 root root 19096240 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz
-rw-r--r-- 1 root root 163 2021-11-03 00:54 ./slackware64/ap/hplip-3.20.5-x86_64-6.txz.asc
-rw-r--r-- 1 root root 481 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txt
-rw-r--r-- 1 root root 136168 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-11-30 05:22 ./slackware64/ap/htop-3.1.2-x86_64-1.txz.asc
-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/ap/install-packages
-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/ap/install.end
-rw-r--r-- 1 root root 488 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txt
-rw-r--r-- 1 root root 288072 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz
-rw-r--r-- 1 root root 163 2022-01-19 17:54 ./slackware64/ap/inxi-3.3.12_1-noarch-1.txz.asc
-rw-r--r-- 1 root root 597 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txt
-rw-r--r-- 1 root root 347356 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-06-04 17:48 ./slackware64/ap/ispell-3.4.04-x86_64-1.txz.asc
-rw-r--r-- 1 root root 381 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txt
-rw-r--r-- 1 root root 41548 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txz
-rw-r--r-- 1 root root 163 2021-10-22 18:17 ./slackware64/ap/itstool-2.0.7-x86_64-2.txz.asc
-rw-r--r-- 1 root root 478 2021-02-13 11:31 ./slackware64/ap/jed-0.99_19-x86_64-5.txt
-rw-r--r-- 1 root root 530420 2021-02-13 11:31 ./slackware64/ap/jed-0.99_19-x86_64-5.txz
@ -5393,34 +5411,34 @@ drwxr-xr-x 2 root root 32768 2022-02-01 04:47 ./slackware64/n
-rw-r--r-- 1 root root 163 2022-01-05 20:04 ./slackware64/n/curl-7.81.0-x86_64-1.txz.asc
-rw-r--r-- 1 root root 373 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txt
-rw-r--r-- 1 root root 986628 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz.asc
-rw-r--r-- 1 root root 456 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txt
-rw-r--r-- 1 root root 104864 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz.asc
-rw-r--r-- 1 root root 515 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txt
-rw-r--r-- 1 root root 37192 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz.asc
-rw-r--r-- 1 root root 641 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txt
-rw-r--r-- 1 root root 1818824 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 493 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txt
-rw-r--r-- 1 root root 190792 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 443 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txt
-rw-r--r-- 1 root root 382016 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz.asc
-rw-r--r-- 1 root root 450 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txt
-rw-r--r-- 1 root root 3337528 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 423 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txt
-rw-r--r-- 1 root root 80700 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz.asc
-rw-r--r-- 1 root root 224 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txt
-rw-r--r-- 1 root root 259064 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz.asc
-rw-r--r-- 1 root root 318 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txt
-rw-r--r-- 1 root root 820708 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz.asc
-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/cyrus-sasl-2.1.27-x86_64-7.txz.asc
-rw-r--r-- 1 root root 456 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txt
-rw-r--r-- 1 root root 104864 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-04-18 18:03 ./slackware64/n/daemon-0.8-x86_64-1.txz.asc
-rw-r--r-- 1 root root 515 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txt
-rw-r--r-- 1 root root 37192 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 11:58 ./slackware64/n/dehydrated-0.7.0-noarch-3.txz.asc
-rw-r--r-- 1 root root 641 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txt
-rw-r--r-- 1 root root 1818824 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-05-29 17:24 ./slackware64/n/dhcp-4.4.2_P1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 493 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txt
-rw-r--r-- 1 root root 190792 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-10-24 17:59 ./slackware64/n/dhcpcd-9.4.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 443 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txt
-rw-r--r-- 1 root root 382016 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-09-09 17:11 ./slackware64/n/dnsmasq-2.86-x86_64-1.txz.asc
-rw-r--r-- 1 root root 450 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txt
-rw-r--r-- 1 root root 3337528 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2021-12-07 17:40 ./slackware64/n/dovecot-2.3.17.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 423 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txt
-rw-r--r-- 1 root root 80700 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/ebtables-2.0.11-x86_64-3.txz.asc
-rw-r--r-- 1 root root 224 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txt
-rw-r--r-- 1 root root 259064 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz
-rw-r--r-- 1 root root 163 2021-02-13 12:01 ./slackware64/n/elm-2.5.8-x86_64-7.txz.asc
-rw-r--r-- 1 root root 318 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txt
-rw-r--r-- 1 root root 820708 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-11-03 00:52 ./slackware64/n/epic5-2.1.6-x86_64-3.txz.asc
-rw-r--r-- 1 root root 440 2022-01-19 17:53 ./slackware64/n/ethtool-5.16-x86_64-1.txt
-rw-r--r-- 1 root root 179472 2022-01-19 17:53 ./slackware64/n/ethtool-5.16-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-19 17:53 ./slackware64/n/ethtool-5.16-x86_64-1.txz.asc
@ -8414,38 +8432,38 @@ drwxr-xr-x 2 root root 4096 2021-08-12 11:27 ./source/ap/linuxdoc-tools/so
-rw-r--r-- 1 root root 438044 2020-06-21 14:05 ./source/ap/linuxdoc-tools/sources/linuxdoc-tools_0.9.82.tar.xz
-rw-r--r-- 1 root root 712 2017-06-07 14:43 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2-gcc46.patch.xz
-rw-r--r-- 1 root root 643132 2017-06-07 14:49 ./source/ap/linuxdoc-tools/sources/openjade-1.3.2.tar.xz
-rw-r--r-- 1 root root 1528303 2021-07-27 12:02 ./source/ap/linuxdoc-tools/sources/opensp-1.5.2-38.fc35.src.rpm
-rw-r--r-- 1 root root 28136 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-NamespaceSupport-1.12-15.fc35.src.rpm
-rw-r--r-- 1 root root 49816 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-1.02-8.fc35.src.rpm
-rw-r--r-- 1 root root 37941 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-Base-1.09-15.fc35.src.rpm
-rw-r--r-- 1 root root 107408 2021-07-27 05:52 ./source/ap/linuxdoc-tools/sources/sgml-common-0.6.3-57.fc35.src.rpm
-rwxr-xr-x 1 root root 8342 2021-08-11 08:55 ./source/ap/linuxdoc-tools/sources/source.download
-rw-r--r-- 1 root root 138086 2021-07-27 06:39 ./source/ap/linuxdoc-tools/sources/xmlto-0.0.28-16.fc35.src.rpm
-rwxr-xr-x 1 root root 2909 2021-11-03 03:52 ./source/ap/linuxdoc-tools/trackbuild.linuxdoc-tools
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lm_sensors
-rw-r--r-- 1 root root 212074 2019-10-17 15:43 ./source/ap/lm_sensors/lm_sensors-3.6.0.tar.lz
-rwxr-xr-x 1 root root 4099 2021-02-13 05:31 ./source/ap/lm_sensors/lm_sensors.SlackBuild
-rw-r--r-- 1 root root 990 2018-11-26 20:25 ./source/ap/lm_sensors/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lsof
-rw-r--r-- 1 root root 778902 2020-11-10 19:00 ./source/ap/lsof/lsof-4.94.0.tar.lz
-rwxr-xr-x 1 root root 3441 2021-02-13 05:31 ./source/ap/lsof/lsof.SlackBuild
-rw-r--r-- 1 root root 97 2020-11-11 19:39 ./source/ap/lsof/lsof.url
-rw-r--r-- 1 root root 784 2018-02-27 06:12 ./source/ap/lsof/slack-desc
drwxr-xr-x 2 root root 4096 2021-05-06 19:12 ./source/ap/lsscsi
-rw-r--r-- 1 root root 148432 2021-05-05 21:53 ./source/ap/lsscsi/lsscsi-0.32.tar.lz
-rwxr-xr-x 1 root root 4171 2021-05-06 19:12 ./source/ap/lsscsi/lsscsi.SlackBuild
-rw-r--r-- 1 root root 36 2008-11-29 19:46 ./source/ap/lsscsi/lsscsi.url
-rw-r--r-- 1 root root 821 2018-02-27 06:12 ./source/ap/lsscsi/slack-desc
drwxr-xr-x 2 root root 4096 2021-11-12 18:35 ./source/ap/lxc
-rw-r--r-- 1 root root 254 2015-09-01 21:57 ./source/ap/lxc/doinst.sh.gz
-rwxr-xr-x 1 root root 2327 2020-07-09 18:37 ./source/ap/lxc/get-lxc.sh
-rw-r--r-- 1 root root 929976 2021-10-19 16:10 ./source/ap/lxc/lxc-4.0.11.tar.lz
-rw-r--r-- 1 root root 11756 2021-11-17 20:07 ./source/ap/lxc/lxc-slackware.in
-rwxr-xr-x 1 root root 6490 2021-11-17 20:07 ./source/ap/lxc/lxc.SlackBuild
-rw-r--r-- 1 root root 43 2021-11-10 23:12 ./source/ap/lxc/lxc.url
-rw-r--r-- 1 root root 1340 2017-06-21 17:56 ./source/ap/lxc/rc.lxc
-rw-r--r-- 1 root root 955 2019-02-12 20:15 ./source/ap/lxc/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/madplay
-rw-r--r-- 1 root root 1528303 2021-07-27 12:02 ./source/ap/linuxdoc-tools/sources/opensp-1.5.2-38.fc35.src.rpm
-rw-r--r-- 1 root root 28136 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-NamespaceSupport-1.12-15.fc35.src.rpm
-rw-r--r-- 1 root root 49816 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-1.02-8.fc35.src.rpm
-rw-r--r-- 1 root root 37941 2021-07-27 04:43 ./source/ap/linuxdoc-tools/sources/perl-XML-SAX-Base-1.09-15.fc35.src.rpm
-rw-r--r-- 1 root root 107408 2021-07-27 05:52 ./source/ap/linuxdoc-tools/sources/sgml-common-0.6.3-57.fc35.src.rpm
-rwxr-xr-x 1 root root 8342 2021-08-11 08:55 ./source/ap/linuxdoc-tools/sources/source.download
-rw-r--r-- 1 root root 138086 2021-07-27 06:39 ./source/ap/linuxdoc-tools/sources/xmlto-0.0.28-16.fc35.src.rpm
-rwxr-xr-x 1 root root 2909 2021-11-03 03:52 ./source/ap/linuxdoc-tools/trackbuild.linuxdoc-tools
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lm_sensors
-rw-r--r-- 1 root root 212074 2019-10-17 15:43 ./source/ap/lm_sensors/lm_sensors-3.6.0.tar.lz
-rwxr-xr-x 1 root root 4099 2021-02-13 05:31 ./source/ap/lm_sensors/lm_sensors.SlackBuild
-rw-r--r-- 1 root root 990 2018-11-26 20:25 ./source/ap/lm_sensors/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/lsof
-rw-r--r-- 1 root root 778902 2020-11-10 19:00 ./source/ap/lsof/lsof-4.94.0.tar.lz
-rwxr-xr-x 1 root root 3441 2021-02-13 05:31 ./source/ap/lsof/lsof.SlackBuild
-rw-r--r-- 1 root root 97 2020-11-11 19:39 ./source/ap/lsof/lsof.url
-rw-r--r-- 1 root root 784 2018-02-27 06:12 ./source/ap/lsof/slack-desc
drwxr-xr-x 2 root root 4096 2021-05-06 19:12 ./source/ap/lsscsi
-rw-r--r-- 1 root root 148432 2021-05-05 21:53 ./source/ap/lsscsi/lsscsi-0.32.tar.lz
-rwxr-xr-x 1 root root 4171 2021-05-06 19:12 ./source/ap/lsscsi/lsscsi.SlackBuild
-rw-r--r-- 1 root root 36 2008-11-29 19:46 ./source/ap/lsscsi/lsscsi.url
-rw-r--r-- 1 root root 821 2018-02-27 06:12 ./source/ap/lsscsi/slack-desc
drwxr-xr-x 2 root root 4096 2021-11-12 18:35 ./source/ap/lxc
-rw-r--r-- 1 root root 254 2015-09-01 21:57 ./source/ap/lxc/doinst.sh.gz
-rwxr-xr-x 1 root root 2327 2020-07-09 18:37 ./source/ap/lxc/get-lxc.sh
-rw-r--r-- 1 root root 929976 2021-10-19 16:10 ./source/ap/lxc/lxc-4.0.11.tar.lz
-rw-r--r-- 1 root root 11756 2021-11-17 20:07 ./source/ap/lxc/lxc-slackware.in
-rwxr-xr-x 1 root root 6490 2021-11-17 20:07 ./source/ap/lxc/lxc.SlackBuild
-rw-r--r-- 1 root root 43 2021-11-10 23:12 ./source/ap/lxc/lxc.url
-rw-r--r-- 1 root root 1340 2017-06-21 17:56 ./source/ap/lxc/rc.lxc
-rw-r--r-- 1 root root 955 2019-02-12 20:15 ./source/ap/lxc/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/ap/madplay
-rw-r--r-- 1 root root 285 2011-04-02 17:59 ./source/ap/madplay/madplay-0.15.2b-fix-segfault.patch.gz
-rw-r--r-- 1 root root 361360 2004-02-23 23:28 ./source/ap/madplay/madplay-0.15.2b.tar.xz
-rwxr-xr-x 1 root root 3198 2021-02-13 05:31 ./source/ap/madplay/madplay.SlackBuild
@ -14892,38 +14910,38 @@ drwxr-xr-x 2 root root 4096 2021-01-05 21:04 ./source/x/x11-skel/scripts
drwxr-xr-x 2 root root 12288 2021-11-29 19:51 ./source/x/x11/build
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/anthy
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/appres
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bdftopcf
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/beforelight
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bigreqsproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bitmap
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/compositeproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/damageproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dmxproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri2proto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri3proto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/editres
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/encodings
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/evieext
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/fixesproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-type1
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-alias
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-arabic-misc
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-ttf
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-type1
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-speedo
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-type1
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cronyx-cyrillic
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cursor-misc
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bdftopcf
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/beforelight
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bigreqsproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/bitmap
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/compositeproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/damageproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dmxproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri2proto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/dri3proto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/editres
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/encodings
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/evieext
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/fixesproto
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-adobe-utopia-type1
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-alias
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-arabic-misc
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-lucidatypewriter-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-ttf
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bh-type1
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-100dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-75dpi
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-speedo
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-bitstream-type1
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cronyx-cyrillic
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-cursor-misc
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-daewoo-misc
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-dec-misc
-rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/font-ibm-type1

0
patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txt → patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txt
View file

0
patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txt → patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txt
View file

0
patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txt → patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txt
View file

0
patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txt → patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txt
View file

0
patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txt → patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txt
View file

0
patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txt → patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txt
View file

51
patches/source/xorg-server-xwayland/CVE-2023-6816.patch Normal file
View file

@ -0,0 +1,51 @@
From 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 14 Dec 2023 11:29:49 +1000
Subject: [PATCH] dix: allocate enough space for logical button maps
Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for
each logical button currently down. Since buttons can be arbitrarily mapped
to anything up to 255 make sure we have enough bits for the maximum mapping.
CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/xiquerypointer.c | 3 +--
dix/enterleave.c | 5 +++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c
index 5b77b1a444..2b05ac5f39 100644
--- a/Xi/xiquerypointer.c
+++ b/Xi/xiquerypointer.c
@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client)
if (pDev->button) {
int i;
- rep.buttons_len =
- bytes_to_int32(bits_to_bytes(pDev->button->numButtons));
+ rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map up to 255 */
rep.length += rep.buttons_len;
buttons = calloc(rep.buttons_len, 4);
if (!buttons)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 867ec74363..ded8679d76 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail,
mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER);
- /* XI 2 event */
- btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
+ /* XI 2 event contains the logical button map - maps are CARD8
+ * so we need 256 bits for the possibly maximum mapping */
+ btlen = (mouse->button) ? bits_to_bytes(256) : 0;
btlen = bytes_to_int32(btlen);
len = sizeof(xXIFocusInEvent) + btlen * 4;
--
GitLab

83
patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch Normal file
View file

@ -0,0 +1,83 @@
From ece23be888a93b741aa1209d1dbf64636109d6a5 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 18 Dec 2023 14:27:50 +1000
Subject: [PATCH] dix: Allocate sufficient xEvents for our DeviceStateNotify
If a device has both a button class and a key class and numButtons is
zero, we can get an OOB write due to event under-allocation.
This function seems to assume a device has either keys or buttons, not
both. It has two virtually identical code paths, both of which assume
they're applying to the first event in the sequence.
A device with both a key and button class triggered a logic bug - only
one xEvent was allocated but the deviceStateNotify pointer was pushed on
once per type. So effectively this logic code:
int count = 1;
if (button && nbuttons > 32) count++;
if (key && nbuttons > 0) count++;
if (key && nkeys > 32) count++; // this is basically always true
// count is at 2 for our keys + zero button device
ev = alloc(count * sizeof(xEvent));
FixDeviceStateNotify(ev);
if (button)
FixDeviceStateNotify(ev++);
if (key)
FixDeviceStateNotify(ev++); // santa drops into the wrong chimney here
If the device has more than 3 valuators, the OOB is pushed back - we're
off by one so it will happen when the last deviceValuator event is
written instead.
Fix this by allocating the maximum number of events we may allocate.
Note that the current behavior is not protocol-correct anyway, this
patch fixes only the allocation issue.
Note that this issue does not trigger if the device has at least one
button. While the server does not prevent a button class with zero
buttons, it is very unlikely.
CVE-2024-0229, ZDI-CAN-22678
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
dix/enterleave.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index ded8679d76..17964b00a4 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -675,7 +675,8 @@ static void
DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
{
int evcount = 1;
- deviceStateNotify *ev, *sev;
+ deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3];
+ deviceStateNotify *ev;
deviceKeyStateNotify *kev;
deviceButtonStateNotify *bev;
@@ -714,7 +715,7 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
}
}
- sev = ev = xallocarray(evcount, sizeof(xEvent));
+ ev = sev;
FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first);
if (b != NULL) {
@@ -770,7 +771,6 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount,
DeviceStateNotifyMask, NullGrab);
- free(sev);
}
void
--
GitLab

217
patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch Normal file
View file

@ -0,0 +1,217 @@
From 219c54b8a3337456ce5270ded6a67bcde53553d5 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 18 Dec 2023 12:26:20 +1000
Subject: [PATCH] dix: fix DeviceStateNotify event calculation
The previous code only made sense if one considers buttons and keys to
be mutually exclusive on a device. That is not necessarily true, causing
a number of issues.
This function allocates and fills in the number of xEvents we need to
send the device state down the wire. This is split across multiple
32-byte devices including one deviceStateNotify event and optional
deviceKeyStateNotify, deviceButtonStateNotify and (possibly multiple)
deviceValuator events.
The previous behavior would instead compose a sequence
of [state, buttonstate, state, keystate, valuator...]. This is not
protocol correct, and on top of that made the code extremely convoluted.
Fix this by streamlining: add both button and key into the deviceStateNotify
and then append the key state and button state, followed by the
valuators. Finally, the deviceValuator events contain up to 6 valuators
per event but we only ever sent through 3 at a time. Let's double that
troughput.
CVE-2024-0229, ZDI-CAN-22678
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
dix/enterleave.c | 121 ++++++++++++++++++++---------------------------
1 file changed, 52 insertions(+), 69 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 17964b00a4..7b7ba1098b 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -615,9 +615,15 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->type = DeviceValuator;
ev->deviceid = dev->id;
- ev->num_valuators = nval < 3 ? nval : 3;
+ ev->num_valuators = nval < 6 ? nval : 6;
ev->first_valuator = first;
switch (ev->num_valuators) {
+ case 6:
+ ev->valuator2 = v->axisVal[first + 5];
+ case 5:
+ ev->valuator2 = v->axisVal[first + 4];
+ case 4:
+ ev->valuator2 = v->axisVal[first + 3];
case 3:
ev->valuator2 = v->axisVal[first + 2];
case 2:
@@ -626,7 +632,6 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->valuator0 = v->axisVal[first];
break;
}
- first += ev->num_valuators;
}
static void
@@ -646,7 +651,7 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k,
ev->num_buttons = b->numButtons;
memcpy((char *) ev->buttons, (char *) b->down, 4);
}
- else if (k) {
+ if (k) {
ev->classes_reported |= (1 << KeyClass);
ev->num_keys = k->xkbInfo->desc->max_key_code -
k->xkbInfo->desc->min_key_code;
@@ -670,15 +675,26 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k,
}
}
-
+/**
+ * The device state notify event is split across multiple 32-byte events.
+ * The first one contains the first 32 button state bits, the first 32
+ * key state bits, and the first 3 valuator values.
+ *
+ * If a device has more than that, the server sends out:
+ * - one deviceButtonStateNotify for buttons 32 and above
+ * - one deviceKeyStateNotify for keys 32 and above
+ * - one deviceValuator event per 6 valuators above valuator 4
+ *
+ * All events but the last one have the deviceid binary ORed with MORE_EVENTS,
+ */
static void
DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
{
+ /* deviceStateNotify, deviceKeyStateNotify, deviceButtonStateNotify
+ * and one deviceValuator for each 6 valuators */
+ deviceStateNotify sev[3 + (MAX_VALUATORS + 6)/6];
int evcount = 1;
- deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3];
- deviceStateNotify *ev;
- deviceKeyStateNotify *kev;
- deviceButtonStateNotify *bev;
+ deviceStateNotify *ev = sev;
KeyClassPtr k;
ButtonClassPtr b;
@@ -691,82 +707,49 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
if ((b = dev->button) != NULL) {
nbuttons = b->numButtons;
- if (nbuttons > 32)
+ if (nbuttons > 32) /* first 32 are encoded in deviceStateNotify */
evcount++;
}
if ((k = dev->key) != NULL) {
nkeys = k->xkbInfo->desc->max_key_code - k->xkbInfo->desc->min_key_code;
- if (nkeys > 32)
+ if (nkeys > 32) /* first 32 are encoded in deviceStateNotify */
evcount++;
- if (nbuttons > 0) {
- evcount++;
- }
}
if ((v = dev->valuator) != NULL) {
nval = v->numAxes;
-
- if (nval > 3)
- evcount++;
- if (nval > 6) {
- if (!(k && b))
- evcount++;
- if (nval > 9)
- evcount += ((nval - 7) / 3);
- }
+ /* first three are encoded in deviceStateNotify, then
+ * it's 6 per deviceValuator event */
+ evcount += ((nval - 3) + 6)/6;
}
- ev = sev;
- FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first);
-
- if (b != NULL) {
- FixDeviceStateNotify(dev, ev++, NULL, b, v, first);
- first += 3;
- nval -= 3;
- if (nbuttons > 32) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- bev = (deviceButtonStateNotify *) ev++;
- bev->type = DeviceButtonStateNotify;
- bev->deviceid = dev->id;
- memcpy((char *) &bev->buttons[4], (char *) &b->down[4],
- DOWN_LENGTH - 4);
- }
- if (nval > 0) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
- first += 3;
- nval -= 3;
- }
+ BUG_RETURN(evcount <= ARRAY_SIZE(sev));
+
+ FixDeviceStateNotify(dev, ev, k, b, v, first);
+
+ if (b != NULL && nbuttons > 32) {
+ deviceButtonStateNotify *bev = (deviceButtonStateNotify *) ++ev;
+ (ev - 1)->deviceid |= MORE_EVENTS;
+ bev->type = DeviceButtonStateNotify;
+ bev->deviceid = dev->id;
+ memcpy((char *) &bev->buttons[4], (char *) &b->down[4],
+ DOWN_LENGTH - 4);
}
- if (k != NULL) {
- FixDeviceStateNotify(dev, ev++, k, NULL, v, first);
- first += 3;
- nval -= 3;
- if (nkeys > 32) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- kev = (deviceKeyStateNotify *) ev++;
- kev->type = DeviceKeyStateNotify;
- kev->deviceid = dev->id;
- memmove((char *) &kev->keys[0], (char *) &k->down[4], 28);
- }
- if (nval > 0) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
- first += 3;
- nval -= 3;
- }
+ if (k != NULL && nkeys > 32) {
+ deviceKeyStateNotify *kev = (deviceKeyStateNotify *) ++ev;
+ (ev - 1)->deviceid |= MORE_EVENTS;
+ kev->type = DeviceKeyStateNotify;
+ kev->deviceid = dev->id;
+ memmove((char *) &kev->keys[0], (char *) &k->down[4], 28);
}
+ first = 3;
+ nval -= 3;
while (nval > 0) {
- FixDeviceStateNotify(dev, ev++, NULL, NULL, v, first);
- first += 3;
- nval -= 3;
- if (nval > 0) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
- first += 3;
- nval -= 3;
- }
+ ev->deviceid |= MORE_EVENTS;
+ FixDeviceValuator(dev, (deviceValuator *) ++ev, v, first);
+ first += 6;
+ nval -= 6;
}
DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount,
--
GitLab

37
patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch Normal file
View file

@ -0,0 +1,37 @@
From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 21 Dec 2023 13:48:10 +1000
Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of
buttons
There's a racy sequence where a master device may copy the button class
from the slave, without ever initializing numButtons. This leads to a
device with zero buttons but a button class which is invalid.
Let's copy the numButtons value from the source - by definition if we
don't have a button class yet we do not have any other slave devices
with more than this number of buttons anyway.
CVE-2024-0229, ZDI-CAN-22678
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/exevents.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/Xi/exevents.c b/Xi/exevents.c
index 54ea11a938..e161714682 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
to->button = calloc(1, sizeof(ButtonClassRec));
if (!to->button)
FatalError("[Xi] no memory for class shift.\n");
+ to->button->numButtons = from->button->numButtons;
}
else
classes->button = NULL;
--
GitLab

60
patches/source/xorg-server-xwayland/CVE-2024-0408.patch Normal file
View file

@ -0,0 +1,60 @@
From e5e8586a12a3ec915673edffa10dc8fe5e15dac3 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 6 Dec 2023 12:09:41 +0100
Subject: [PATCH] glx: Call XACE hooks on the GLX buffer
The XSELINUX code will label resources at creation by checking the
access mode. When the access mode is DixCreateAccess, it will call the
function to label the new resource SELinuxLabelResource().
However, GLX buffers do not go through the XACE hooks when created,
hence leaving the resource actually unlabeled.
When, later, the client tries to create another resource using that
drawable (like a GC for example), the XSELINUX code would try to use
the security ID of that object which has never been labeled, get a NULL
pointer and crash when checking whether the requested permissions are
granted for subject security ID.
To avoid the issue, make sure to call the XACE hooks when creating the
GLX buffers.
Credit goes to Donn Seeley <donn@xmission.com> for providing the patch.
CVE-2024-0408
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
---
glx/glxcmds.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index fc26a2e345..1e46d0c723 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -48,6 +48,7 @@
#include "indirect_util.h"
#include "protocol-versions.h"
#include "glxvndabi.h"
+#include "xace.h"
static char GLXServerVendorName[] = "SGI";
@@ -1392,6 +1393,13 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
if (!pPixmap)
return BadAlloc;
+ err = XaceHook(XACE_RESOURCE_ACCESS, client, glxDrawableId, RT_PIXMAP,
+ pPixmap, RT_NONE, NULL, DixCreateAccess);
+ if (err != Success) {
+ (*pGlxScreen->pScreen->DestroyPixmap) (pPixmap);
+ return err;
+ }
+
/* Assign the pixmap the same id as the pbuffer and add it as a
* resource so it and the DRI2 drawable will be reclaimed when the
* pbuffer is destroyed. */
--
GitLab

56
patches/source/xorg-server-xwayland/CVE-2024-0409.patch Normal file
View file

@ -0,0 +1,56 @@
From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 6 Dec 2023 11:51:56 +0100
Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor
The cursor in DIX is actually split in two parts, the cursor itself and
the cursor bits, each with their own devPrivates.
The cursor itself includes the cursor bits, meaning that the cursor bits
devPrivates in within structure of the cursor.
Both Xephyr and Xwayland were using the private key for the cursor bits
to store the data for the cursor, and when using XSELINUX which comes
with its own special devPrivates, the data stored in that cursor bits'
devPrivates would interfere with the XSELINUX devPrivates data and the
SELINUX security ID would point to some other unrelated data, causing a
crash in the XSELINUX code when trying to (re)use the security ID.
CVE-2024-0409
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
hw/kdrive/ephyr/ephyrcursor.c | 2 +-
hw/xwayland/xwayland-cursor.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c
index f991899c50..3f192d034a 100644
--- a/hw/kdrive/ephyr/ephyrcursor.c
+++ b/hw/kdrive/ephyr/ephyrcursor.c
@@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = {
Bool
ephyrCursorInit(ScreenPtr screen)
{
- if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS,
+ if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR,
sizeof(ephyrCursorRec)))
return FALSE;
diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
index e3c1aaa50c..bd94b0cfbb 100644
--- a/hw/xwayland/xwayland-cursor.c
+++ b/hw/xwayland/xwayland-cursor.c
@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = {
Bool
xwl_screen_init_cursor(struct xwl_screen *xwl_screen)
{
- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0))
+ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0))
return FALSE;
return miPointerInitialize(xwl_screen->screen,
--
GitLab

109
patches/source/xorg-server-xwayland/CVE-2024-21885.patch Normal file
View file

@ -0,0 +1,109 @@
From 4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 4 Jan 2024 10:01:24 +1000
Subject: [PATCH] Xi: flush hierarchy events after adding/removing master
devices
The `XISendDeviceHierarchyEvent()` function allocates space to store up
to `MAXDEVICES` (256) `xXIHierarchyInfo` structures in `info`.
If a device with a given ID was removed and a new device with the same
ID added both in the same operation, the single device ID will lead to
two info structures being written to `info`.
Since this case can occur for every device ID at once, a total of two
times `MAXDEVICES` info structures might be written to the allocation.
To avoid it, once one add/remove master is processed, send out the
device hierarchy event for the current state and continue. That event
thus only ever has exactly one of either added/removed in it (and
optionally slave attached/detached).
CVE-2024-21885, ZDI-CAN-22744
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/xichangehierarchy.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
index d2d985848d..72d00451e3 100644
--- a/Xi/xichangehierarchy.c
+++ b/Xi/xichangehierarchy.c
@@ -416,6 +416,11 @@ ProcXIChangeHierarchy(ClientPtr client)
size_t len; /* length of data remaining in request */
int rc = Success;
int flags[MAXDEVICES] = { 0 };
+ enum {
+ NO_CHANGE,
+ FLUSH,
+ CHANGED,
+ } changes = NO_CHANGE;
REQUEST(xXIChangeHierarchyReq);
REQUEST_AT_LEAST_SIZE(xXIChangeHierarchyReq);
@@ -465,8 +470,9 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = add_master(client, c, flags);
if (rc != Success)
goto unwind;
- }
+ changes = FLUSH;
break;
+ }
case XIRemoveMaster:
{
xXIRemoveMasterInfo *r = (xXIRemoveMasterInfo *) any;
@@ -475,8 +481,9 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = remove_master(client, r, flags);
if (rc != Success)
goto unwind;
- }
+ changes = FLUSH;
break;
+ }
case XIDetachSlave:
{
xXIDetachSlaveInfo *c = (xXIDetachSlaveInfo *) any;
@@ -485,8 +492,9 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = detach_slave(client, c, flags);
if (rc != Success)
goto unwind;
- }
+ changes = CHANGED;
break;
+ }
case XIAttachSlave:
{
xXIAttachSlaveInfo *c = (xXIAttachSlaveInfo *) any;
@@ -495,16 +503,25 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = attach_slave(client, c, flags);
if (rc != Success)
goto unwind;
+ changes = CHANGED;
+ break;
}
+ default:
break;
}
+ if (changes == FLUSH) {
+ XISendDeviceHierarchyEvent(flags);
+ memset(flags, 0, sizeof(flags));
+ changes = NO_CHANGE;
+ }
+
len -= any->length * 4;
any = (xXIAnyHierarchyChangeInfo *) ((char *) any + any->length * 4);
}
unwind:
-
- XISendDeviceHierarchyEvent(flags);
+ if (changes != NO_CHANGE)
+ XISendDeviceHierarchyEvent(flags);
return rc;
}
--
GitLab

70
patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch Normal file
View file

@ -0,0 +1,70 @@
From bc1fdbe46559dd947674375946bbef54dd0ce36b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Fri, 22 Dec 2023 18:28:31 +0100
Subject: [PATCH] Xi: do not keep linked list pointer during recursion
The `DisableDevice()` function is called whenever an enabled device
is disabled and it moves the device from the `inputInfo.devices` linked
list to the `inputInfo.off_devices` linked list.
However, its link/unlink operation has an issue during the recursive
call to `DisableDevice()` due to the `prev` pointer pointing to a
removed device.
This issue leads to a length mismatch between the total number of
devices and the number of device in the list, leading to a heap
overflow and, possibly, to local privilege escalation.
Simplify the code that checked whether the device passed to
`DisableDevice()` was in `inputInfo.devices` or not and find the
previous device after the recursion.
CVE-2024-21886, ZDI-CAN-22840
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
dix/devices.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/dix/devices.c b/dix/devices.c
index dca98c8d1b..389d28a23c 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -453,14 +453,20 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
{
DeviceIntPtr *prev, other;
BOOL enabled;
+ BOOL dev_in_devices_list = FALSE;
int flags[MAXDEVICES] = { 0 };
if (!dev->enabled)
return TRUE;
- for (prev = &inputInfo.devices;
- *prev && (*prev != dev); prev = &(*prev)->next);
- if (*prev != dev)
+ for (other = inputInfo.devices; other; other = other->next) {
+ if (other == dev) {
+ dev_in_devices_list = TRUE;
+ break;
+ }
+ }
+
+ if (!dev_in_devices_list)
return FALSE;
TouchEndPhysicallyActiveTouches(dev);
@@ -511,6 +517,9 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
LeaveWindow(dev);
SetFocusOut(dev);
+ for (prev = &inputInfo.devices;
+ *prev && (*prev != dev); prev = &(*prev)->next);
+
*prev = dev->next;
dev->next = inputInfo.off_devices;
inputInfo.off_devices = dev;
--
GitLab

53
patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch Normal file
View file

@ -0,0 +1,53 @@
From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Fri, 5 Jan 2024 09:40:27 +1000
Subject: [PATCH] dix: when disabling a master, float disabled slaved devices
too
Disabling a master device floats all slave devices but we didn't do this
to already-disabled slave devices. As a result those devices kept their
reference to the master device resulting in access to already freed
memory if the master device was removed before the corresponding slave
device.
And to match this behavior, also forcibly reset that pointer during
CloseDownDevices().
Related to CVE-2024-21886, ZDI-CAN-22840
---
dix/devices.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/dix/devices.c b/dix/devices.c
index 389d28a23c..84a6406d13 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
flags[other->id] |= XISlaveDetached;
}
}
+
+ for (other = inputInfo.off_devices; other; other = other->next) {
+ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) {
+ AttachDevice(NULL, other, NULL);
+ flags[other->id] |= XISlaveDetached;
+ }
+ }
}
else {
for (other = inputInfo.devices; other; other = other->next) {
@@ -1088,6 +1095,11 @@ CloseDownDevices(void)
dev->master = NULL;
}
+ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
+ if (!IsMaster(dev) && !IsFloating(dev))
+ dev->master = NULL;
+ }
+
CloseDeviceList(&inputInfo.devices);
CloseDeviceList(&inputInfo.off_devices);
--
GitLab

15
patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
View file

@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=xorg-server-xwayland
SRCNAM=xwayland
VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-9_slack15.0}
BUILD=${BUILD:-10_slack15.0}
# Default font paths to be used by the X server:
DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic"
@ -117,6 +117,19 @@ zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2023-6377.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2023-6478.patch.gz | patch -p1 --verbose || exit 1
# Patch more security issues:
zcat $CWD/CVE-2023-6816.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0408.patch.gz | patch -p1 --verbose || exit 1
# The vulnerable code is not present in xwayland-21.1.4:
#zcat $CWD/CVE-2024-0409.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-21885.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || exit 1
# Configure, build, and install:
export CFLAGS="$SLKCFLAGS"
export CXXFLAGS="$SLKCFLAGS"

2
patches/source/xorg-server/build/xorg-server
View file

@ -1 +1 @@
10_slack15.0
11_slack15.0

11
patches/source/xorg-server/patch/xorg-server.patch
View file

@ -67,3 +67,14 @@ zcat $CWD/patch/xorg-server/CVE-2023-5380.patch.gz | patch -p1 --verbose || { to
# Patch more security issues:
zcat $CWD/patch/xorg-server/CVE-2023-6377.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2023-6478.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
# Patch more security issues:
zcat $CWD/patch/xorg-server/CVE-2023-6816.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-0408.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-0409.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-21885.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
zcat $CWD/patch/xorg-server/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }

51
patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch Normal file
View file

@ -0,0 +1,51 @@
From 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 14 Dec 2023 11:29:49 +1000
Subject: [PATCH] dix: allocate enough space for logical button maps
Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for
each logical button currently down. Since buttons can be arbitrarily mapped
to anything up to 255 make sure we have enough bits for the maximum mapping.
CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/xiquerypointer.c | 3 +--
dix/enterleave.c | 5 +++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c
index 5b77b1a444..2b05ac5f39 100644
--- a/Xi/xiquerypointer.c
+++ b/Xi/xiquerypointer.c
@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client)
if (pDev->button) {
int i;
- rep.buttons_len =
- bytes_to_int32(bits_to_bytes(pDev->button->numButtons));
+ rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map up to 255 */
rep.length += rep.buttons_len;
buttons = calloc(rep.buttons_len, 4);
if (!buttons)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 867ec74363..ded8679d76 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail,
mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER);
- /* XI 2 event */
- btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
+ /* XI 2 event contains the logical button map - maps are CARD8
+ * so we need 256 bits for the possibly maximum mapping */
+ btlen = (mouse->button) ? bits_to_bytes(256) : 0;
btlen = bytes_to_int32(btlen);
len = sizeof(xXIFocusInEvent) + btlen * 4;
--
GitLab

83
patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch Normal file
View file

@ -0,0 +1,83 @@
From ece23be888a93b741aa1209d1dbf64636109d6a5 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 18 Dec 2023 14:27:50 +1000
Subject: [PATCH] dix: Allocate sufficient xEvents for our DeviceStateNotify
If a device has both a button class and a key class and numButtons is
zero, we can get an OOB write due to event under-allocation.
This function seems to assume a device has either keys or buttons, not
both. It has two virtually identical code paths, both of which assume
they're applying to the first event in the sequence.
A device with both a key and button class triggered a logic bug - only
one xEvent was allocated but the deviceStateNotify pointer was pushed on
once per type. So effectively this logic code:
int count = 1;
if (button && nbuttons > 32) count++;
if (key && nbuttons > 0) count++;
if (key && nkeys > 32) count++; // this is basically always true
// count is at 2 for our keys + zero button device
ev = alloc(count * sizeof(xEvent));
FixDeviceStateNotify(ev);
if (button)
FixDeviceStateNotify(ev++);
if (key)
FixDeviceStateNotify(ev++); // santa drops into the wrong chimney here
If the device has more than 3 valuators, the OOB is pushed back - we're
off by one so it will happen when the last deviceValuator event is
written instead.
Fix this by allocating the maximum number of events we may allocate.
Note that the current behavior is not protocol-correct anyway, this
patch fixes only the allocation issue.
Note that this issue does not trigger if the device has at least one
button. While the server does not prevent a button class with zero
buttons, it is very unlikely.
CVE-2024-0229, ZDI-CAN-22678
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
dix/enterleave.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index ded8679d76..17964b00a4 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -675,7 +675,8 @@ static void
DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
{
int evcount = 1;
- deviceStateNotify *ev, *sev;
+ deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3];
+ deviceStateNotify *ev;
deviceKeyStateNotify *kev;
deviceButtonStateNotify *bev;
@@ -714,7 +715,7 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
}
}
- sev = ev = xallocarray(evcount, sizeof(xEvent));
+ ev = sev;
FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first);
if (b != NULL) {
@@ -770,7 +771,6 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount,
DeviceStateNotifyMask, NullGrab);
- free(sev);
}
void
--
GitLab

217
patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch Normal file
View file

@ -0,0 +1,217 @@
From 219c54b8a3337456ce5270ded6a67bcde53553d5 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 18 Dec 2023 12:26:20 +1000
Subject: [PATCH] dix: fix DeviceStateNotify event calculation
The previous code only made sense if one considers buttons and keys to
be mutually exclusive on a device. That is not necessarily true, causing
a number of issues.
This function allocates and fills in the number of xEvents we need to
send the device state down the wire. This is split across multiple
32-byte devices including one deviceStateNotify event and optional
deviceKeyStateNotify, deviceButtonStateNotify and (possibly multiple)
deviceValuator events.
The previous behavior would instead compose a sequence
of [state, buttonstate, state, keystate, valuator...]. This is not
protocol correct, and on top of that made the code extremely convoluted.
Fix this by streamlining: add both button and key into the deviceStateNotify
and then append the key state and button state, followed by the
valuators. Finally, the deviceValuator events contain up to 6 valuators
per event but we only ever sent through 3 at a time. Let's double that
troughput.
CVE-2024-0229, ZDI-CAN-22678
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
dix/enterleave.c | 121 ++++++++++++++++++++---------------------------
1 file changed, 52 insertions(+), 69 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 17964b00a4..7b7ba1098b 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -615,9 +615,15 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->type = DeviceValuator;
ev->deviceid = dev->id;
- ev->num_valuators = nval < 3 ? nval : 3;
+ ev->num_valuators = nval < 6 ? nval : 6;
ev->first_valuator = first;
switch (ev->num_valuators) {
+ case 6:
+ ev->valuator2 = v->axisVal[first + 5];
+ case 5:
+ ev->valuator2 = v->axisVal[first + 4];
+ case 4:
+ ev->valuator2 = v->axisVal[first + 3];
case 3:
ev->valuator2 = v->axisVal[first + 2];
case 2:
@@ -626,7 +632,6 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->valuator0 = v->axisVal[first];
break;
}
- first += ev->num_valuators;
}
static void
@@ -646,7 +651,7 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k,
ev->num_buttons = b->numButtons;
memcpy((char *) ev->buttons, (char *) b->down, 4);
}
- else if (k) {
+ if (k) {
ev->classes_reported |= (1 << KeyClass);
ev->num_keys = k->xkbInfo->desc->max_key_code -
k->xkbInfo->desc->min_key_code;
@@ -670,15 +675,26 @@ FixDeviceStateNotify(DeviceIntPtr dev, deviceStateNotify * ev, KeyClassPtr k,
}
}
-
+/**
+ * The device state notify event is split across multiple 32-byte events.
+ * The first one contains the first 32 button state bits, the first 32
+ * key state bits, and the first 3 valuator values.
+ *
+ * If a device has more than that, the server sends out:
+ * - one deviceButtonStateNotify for buttons 32 and above
+ * - one deviceKeyStateNotify for keys 32 and above
+ * - one deviceValuator event per 6 valuators above valuator 4
+ *
+ * All events but the last one have the deviceid binary ORed with MORE_EVENTS,
+ */
static void
DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
{
+ /* deviceStateNotify, deviceKeyStateNotify, deviceButtonStateNotify
+ * and one deviceValuator for each 6 valuators */
+ deviceStateNotify sev[3 + (MAX_VALUATORS + 6)/6];
int evcount = 1;
- deviceStateNotify sev[6 + (MAX_VALUATORS + 2)/3];
- deviceStateNotify *ev;
- deviceKeyStateNotify *kev;
- deviceButtonStateNotify *bev;
+ deviceStateNotify *ev = sev;
KeyClassPtr k;
ButtonClassPtr b;
@@ -691,82 +707,49 @@ DeliverStateNotifyEvent(DeviceIntPtr dev, WindowPtr win)
if ((b = dev->button) != NULL) {
nbuttons = b->numButtons;
- if (nbuttons > 32)
+ if (nbuttons > 32) /* first 32 are encoded in deviceStateNotify */
evcount++;
}
if ((k = dev->key) != NULL) {
nkeys = k->xkbInfo->desc->max_key_code - k->xkbInfo->desc->min_key_code;
- if (nkeys > 32)
+ if (nkeys > 32) /* first 32 are encoded in deviceStateNotify */
evcount++;
- if (nbuttons > 0) {
- evcount++;
- }
}
if ((v = dev->valuator) != NULL) {
nval = v->numAxes;
-
- if (nval > 3)
- evcount++;
- if (nval > 6) {
- if (!(k && b))
- evcount++;
- if (nval > 9)
- evcount += ((nval - 7) / 3);
- }
+ /* first three are encoded in deviceStateNotify, then
+ * it's 6 per deviceValuator event */
+ evcount += ((nval - 3) + 6)/6;
}
- ev = sev;
- FixDeviceStateNotify(dev, ev, NULL, NULL, NULL, first);
-
- if (b != NULL) {
- FixDeviceStateNotify(dev, ev++, NULL, b, v, first);
- first += 3;
- nval -= 3;
- if (nbuttons > 32) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- bev = (deviceButtonStateNotify *) ev++;
- bev->type = DeviceButtonStateNotify;
- bev->deviceid = dev->id;
- memcpy((char *) &bev->buttons[4], (char *) &b->down[4],
- DOWN_LENGTH - 4);
- }
- if (nval > 0) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
- first += 3;
- nval -= 3;
- }
+ BUG_RETURN(evcount <= ARRAY_SIZE(sev));
+
+ FixDeviceStateNotify(dev, ev, k, b, v, first);
+
+ if (b != NULL && nbuttons > 32) {
+ deviceButtonStateNotify *bev = (deviceButtonStateNotify *) ++ev;
+ (ev - 1)->deviceid |= MORE_EVENTS;
+ bev->type = DeviceButtonStateNotify;
+ bev->deviceid = dev->id;
+ memcpy((char *) &bev->buttons[4], (char *) &b->down[4],
+ DOWN_LENGTH - 4);
}
- if (k != NULL) {
- FixDeviceStateNotify(dev, ev++, k, NULL, v, first);
- first += 3;
- nval -= 3;
- if (nkeys > 32) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- kev = (deviceKeyStateNotify *) ev++;
- kev->type = DeviceKeyStateNotify;
- kev->deviceid = dev->id;
- memmove((char *) &kev->keys[0], (char *) &k->down[4], 28);
- }
- if (nval > 0) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
- first += 3;
- nval -= 3;
- }
+ if (k != NULL && nkeys > 32) {
+ deviceKeyStateNotify *kev = (deviceKeyStateNotify *) ++ev;
+ (ev - 1)->deviceid |= MORE_EVENTS;
+ kev->type = DeviceKeyStateNotify;
+ kev->deviceid = dev->id;
+ memmove((char *) &kev->keys[0], (char *) &k->down[4], 28);
}
+ first = 3;
+ nval -= 3;
while (nval > 0) {
- FixDeviceStateNotify(dev, ev++, NULL, NULL, v, first);
- first += 3;
- nval -= 3;
- if (nval > 0) {
- (ev - 1)->deviceid |= MORE_EVENTS;
- FixDeviceValuator(dev, (deviceValuator *) ev++, v, first);
- first += 3;
- nval -= 3;
- }
+ ev->deviceid |= MORE_EVENTS;
+ FixDeviceValuator(dev, (deviceValuator *) ++ev, v, first);
+ first += 6;
+ nval -= 6;
}
DeliverEventsToWindow(dev, win, (xEvent *) sev, evcount,
--
GitLab

37
patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch Normal file
View file

@ -0,0 +1,37 @@
From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 21 Dec 2023 13:48:10 +1000
Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of
buttons
There's a racy sequence where a master device may copy the button class
from the slave, without ever initializing numButtons. This leads to a
device with zero buttons but a button class which is invalid.
Let's copy the numButtons value from the source - by definition if we
don't have a button class yet we do not have any other slave devices
with more than this number of buttons anyway.
CVE-2024-0229, ZDI-CAN-22678
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/exevents.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/Xi/exevents.c b/Xi/exevents.c
index 54ea11a938..e161714682 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
to->button = calloc(1, sizeof(ButtonClassRec));
if (!to->button)
FatalError("[Xi] no memory for class shift.\n");
+ to->button->numButtons = from->button->numButtons;
}
else
classes->button = NULL;
--
GitLab

60
patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch Normal file
View file

@ -0,0 +1,60 @@
From e5e8586a12a3ec915673edffa10dc8fe5e15dac3 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 6 Dec 2023 12:09:41 +0100
Subject: [PATCH] glx: Call XACE hooks on the GLX buffer
The XSELINUX code will label resources at creation by checking the
access mode. When the access mode is DixCreateAccess, it will call the
function to label the new resource SELinuxLabelResource().
However, GLX buffers do not go through the XACE hooks when created,
hence leaving the resource actually unlabeled.
When, later, the client tries to create another resource using that
drawable (like a GC for example), the XSELINUX code would try to use
the security ID of that object which has never been labeled, get a NULL
pointer and crash when checking whether the requested permissions are
granted for subject security ID.
To avoid the issue, make sure to call the XACE hooks when creating the
GLX buffers.
Credit goes to Donn Seeley <donn@xmission.com> for providing the patch.
CVE-2024-0408
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
---
glx/glxcmds.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index fc26a2e345..1e46d0c723 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -48,6 +48,7 @@
#include "indirect_util.h"
#include "protocol-versions.h"
#include "glxvndabi.h"
+#include "xace.h"
static char GLXServerVendorName[] = "SGI";
@@ -1392,6 +1393,13 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
if (!pPixmap)
return BadAlloc;
+ err = XaceHook(XACE_RESOURCE_ACCESS, client, glxDrawableId, RT_PIXMAP,
+ pPixmap, RT_NONE, NULL, DixCreateAccess);
+ if (err != Success) {
+ (*pGlxScreen->pScreen->DestroyPixmap) (pPixmap);
+ return err;
+ }
+
/* Assign the pixmap the same id as the pbuffer and add it as a
* resource so it and the DRI2 drawable will be reclaimed when the
* pbuffer is destroyed. */
--
GitLab

56
patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch Normal file
View file

@ -0,0 +1,56 @@
From 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 6 Dec 2023 11:51:56 +0100
Subject: [PATCH] ephyr,xwayland: Use the proper private key for cursor
The cursor in DIX is actually split in two parts, the cursor itself and
the cursor bits, each with their own devPrivates.
The cursor itself includes the cursor bits, meaning that the cursor bits
devPrivates in within structure of the cursor.
Both Xephyr and Xwayland were using the private key for the cursor bits
to store the data for the cursor, and when using XSELINUX which comes
with its own special devPrivates, the data stored in that cursor bits'
devPrivates would interfere with the XSELINUX devPrivates data and the
SELINUX security ID would point to some other unrelated data, causing a
crash in the XSELINUX code when trying to (re)use the security ID.
CVE-2024-0409
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
hw/kdrive/ephyr/ephyrcursor.c | 2 +-
hw/xwayland/xwayland-cursor.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/kdrive/ephyr/ephyrcursor.c b/hw/kdrive/ephyr/ephyrcursor.c
index f991899c50..3f192d034a 100644
--- a/hw/kdrive/ephyr/ephyrcursor.c
+++ b/hw/kdrive/ephyr/ephyrcursor.c
@@ -246,7 +246,7 @@ miPointerSpriteFuncRec EphyrPointerSpriteFuncs = {
Bool
ephyrCursorInit(ScreenPtr screen)
{
- if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR_BITS,
+ if (!dixRegisterPrivateKey(&ephyrCursorPrivateKey, PRIVATE_CURSOR,
sizeof(ephyrCursorRec)))
return FALSE;
diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
index e3c1aaa50c..bd94b0cfbb 100644
--- a/hw/xwayland/xwayland-cursor.c
+++ b/hw/xwayland/xwayland-cursor.c
@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = {
Bool
xwl_screen_init_cursor(struct xwl_screen *xwl_screen)
{
- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0))
+ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0))
return FALSE;
return miPointerInitialize(xwl_screen->screen,
--
GitLab

109
patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch Normal file
View file

@ -0,0 +1,109 @@
From 4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 4 Jan 2024 10:01:24 +1000
Subject: [PATCH] Xi: flush hierarchy events after adding/removing master
devices
The `XISendDeviceHierarchyEvent()` function allocates space to store up
to `MAXDEVICES` (256) `xXIHierarchyInfo` structures in `info`.
If a device with a given ID was removed and a new device with the same
ID added both in the same operation, the single device ID will lead to
two info structures being written to `info`.
Since this case can occur for every device ID at once, a total of two
times `MAXDEVICES` info structures might be written to the allocation.
To avoid it, once one add/remove master is processed, send out the
device hierarchy event for the current state and continue. That event
thus only ever has exactly one of either added/removed in it (and
optionally slave attached/detached).
CVE-2024-21885, ZDI-CAN-22744
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/xichangehierarchy.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
index d2d985848d..72d00451e3 100644
--- a/Xi/xichangehierarchy.c
+++ b/Xi/xichangehierarchy.c
@@ -416,6 +416,11 @@ ProcXIChangeHierarchy(ClientPtr client)
size_t len; /* length of data remaining in request */
int rc = Success;
int flags[MAXDEVICES] = { 0 };
+ enum {
+ NO_CHANGE,
+ FLUSH,
+ CHANGED,
+ } changes = NO_CHANGE;
REQUEST(xXIChangeHierarchyReq);
REQUEST_AT_LEAST_SIZE(xXIChangeHierarchyReq);
@@ -465,8 +470,9 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = add_master(client, c, flags);
if (rc != Success)
goto unwind;
- }
+ changes = FLUSH;
break;
+ }
case XIRemoveMaster:
{
xXIRemoveMasterInfo *r = (xXIRemoveMasterInfo *) any;
@@ -475,8 +481,9 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = remove_master(client, r, flags);
if (rc != Success)
goto unwind;
- }
+ changes = FLUSH;
break;
+ }
case XIDetachSlave:
{
xXIDetachSlaveInfo *c = (xXIDetachSlaveInfo *) any;
@@ -485,8 +492,9 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = detach_slave(client, c, flags);
if (rc != Success)
goto unwind;
- }
+ changes = CHANGED;
break;
+ }
case XIAttachSlave:
{
xXIAttachSlaveInfo *c = (xXIAttachSlaveInfo *) any;
@@ -495,16 +503,25 @@ ProcXIChangeHierarchy(ClientPtr client)
rc = attach_slave(client, c, flags);
if (rc != Success)
goto unwind;
+ changes = CHANGED;
+ break;
}
+ default:
break;
}
+ if (changes == FLUSH) {
+ XISendDeviceHierarchyEvent(flags);
+ memset(flags, 0, sizeof(flags));
+ changes = NO_CHANGE;
+ }
+
len -= any->length * 4;
any = (xXIAnyHierarchyChangeInfo *) ((char *) any + any->length * 4);
}
unwind:
-
- XISendDeviceHierarchyEvent(flags);
+ if (changes != NO_CHANGE)
+ XISendDeviceHierarchyEvent(flags);
return rc;
}
--
GitLab

70
patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch Normal file
View file

@ -0,0 +1,70 @@
From bc1fdbe46559dd947674375946bbef54dd0ce36b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Fri, 22 Dec 2023 18:28:31 +0100
Subject: [PATCH] Xi: do not keep linked list pointer during recursion
The `DisableDevice()` function is called whenever an enabled device
is disabled and it moves the device from the `inputInfo.devices` linked
list to the `inputInfo.off_devices` linked list.
However, its link/unlink operation has an issue during the recursive
call to `DisableDevice()` due to the `prev` pointer pointing to a
removed device.
This issue leads to a length mismatch between the total number of
devices and the number of device in the list, leading to a heap
overflow and, possibly, to local privilege escalation.
Simplify the code that checked whether the device passed to
`DisableDevice()` was in `inputInfo.devices` or not and find the
previous device after the recursion.
CVE-2024-21886, ZDI-CAN-22840
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
dix/devices.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/dix/devices.c b/dix/devices.c
index dca98c8d1b..389d28a23c 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -453,14 +453,20 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
{
DeviceIntPtr *prev, other;
BOOL enabled;
+ BOOL dev_in_devices_list = FALSE;
int flags[MAXDEVICES] = { 0 };
if (!dev->enabled)
return TRUE;
- for (prev = &inputInfo.devices;
- *prev && (*prev != dev); prev = &(*prev)->next);
- if (*prev != dev)
+ for (other = inputInfo.devices; other; other = other->next) {
+ if (other == dev) {
+ dev_in_devices_list = TRUE;
+ break;
+ }
+ }
+
+ if (!dev_in_devices_list)
return FALSE;
TouchEndPhysicallyActiveTouches(dev);
@@ -511,6 +517,9 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
LeaveWindow(dev);
SetFocusOut(dev);
+ for (prev = &inputInfo.devices;
+ *prev && (*prev != dev); prev = &(*prev)->next);
+
*prev = dev->next;
dev->next = inputInfo.off_devices;
inputInfo.off_devices = dev;
--
GitLab

53
patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch Normal file
View file

@ -0,0 +1,53 @@
From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Fri, 5 Jan 2024 09:40:27 +1000
Subject: [PATCH] dix: when disabling a master, float disabled slaved devices
too
Disabling a master device floats all slave devices but we didn't do this
to already-disabled slave devices. As a result those devices kept their
reference to the master device resulting in access to already freed
memory if the master device was removed before the corresponding slave
device.
And to match this behavior, also forcibly reset that pointer during
CloseDownDevices().
Related to CVE-2024-21886, ZDI-CAN-22840
---
dix/devices.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/dix/devices.c b/dix/devices.c
index 389d28a23c..84a6406d13 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
flags[other->id] |= XISlaveDetached;
}
}
+
+ for (other = inputInfo.off_devices; other; other = other->next) {
+ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) {
+ AttachDevice(NULL, other, NULL);
+ flags[other->id] |= XISlaveDetached;
+ }
+ }
}
else {
for (other = inputInfo.devices; other; other = other->next) {
@@ -1088,6 +1095,11 @@ CloseDownDevices(void)
dev->master = NULL;
}
+ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
+ if (!IsMaster(dev) && !IsFloating(dev))
+ dev->master = NULL;
+ }
+
CloseDeviceList(&inputInfo.devices);
CloseDeviceList(&inputInfo.off_devices);
--
GitLab

18
recompress.sh
View file

@ -1200,21 +1200,30 @@ gzip ./patches/source/texlive/doinst.sh
gzip ./patches/source/texlive/texlive.unicode5.0.diff
gzip ./patches/source/sysstat/doinst.sh
gzip ./patches/source/xorg-server-xwayland/CVE-2022-46342.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-21885.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-46343.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-0229.02.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-6377.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-6478.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-0408.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-0229.03.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-46340.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-0494.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-21886.02.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-46340.correction.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-46344.patch
gzip ./patches/source/xorg-server-xwayland/857.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-21886.01.patch
gzip ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-3551.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-4283.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-1393.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-0229.01.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-6816.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-46341.patch
gzip ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2022-3550.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2024-0409.patch
gzip ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch
gzip ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch
gzip ./patches/source/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch
@ -1265,18 +1274,24 @@ gzip ./patches/source/emacs/d48bb4874bc6cd3e69c7a15fc3c91cc141025c51.patch
gzip ./patches/source/emacs/doinst.sh
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46342.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21885.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46343.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.02.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6377.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6478.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0408.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.03.patch
gzip ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46340.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.02.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46340.correction.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46344.patch
gzip ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch
gzip ./patches/source/xorg-server/patch/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch
gzip ./patches/source/xorg-server/patch/xorg-server/857.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-21886.01.patch
gzip ./patches/source/xorg-server/patch/xorg-server/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3551.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-4283.patch
@ -1284,9 +1299,12 @@ gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch
gzip ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff
gzip ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff
gzip ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0229.01.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-6816.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46341.patch
gzip ./patches/source/xorg-server/patch/xorg-server/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3550.patch
gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2024-0409.patch
gzip ./patches/source/xorg-server/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff
gzip ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch
gzip ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch