mirror of
git://slackware.nl/current.git
synced 2025-01-22 07:27:59 +01:00
4e88327303
extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
(* Security fix *)
53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001
|
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Date: Fri, 5 Jan 2024 09:40:27 +1000
|
|
Subject: [PATCH] dix: when disabling a master, float disabled slaved devices
|
|
too
|
|
|
|
Disabling a master device floats all slave devices but we didn't do this
|
|
to already-disabled slave devices. As a result those devices kept their
|
|
reference to the master device resulting in access to already freed
|
|
memory if the master device was removed before the corresponding slave
|
|
device.
|
|
|
|
And to match this behavior, also forcibly reset that pointer during
|
|
CloseDownDevices().
|
|
|
|
Related to CVE-2024-21886, ZDI-CAN-22840
|
|
---
|
|
dix/devices.c | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/dix/devices.c b/dix/devices.c
|
|
index 389d28a23c..84a6406d13 100644
|
|
--- a/dix/devices.c
|
|
+++ b/dix/devices.c
|
|
@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
|
|
flags[other->id] |= XISlaveDetached;
|
|
}
|
|
}
|
|
+
|
|
+ for (other = inputInfo.off_devices; other; other = other->next) {
|
|
+ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) {
|
|
+ AttachDevice(NULL, other, NULL);
|
|
+ flags[other->id] |= XISlaveDetached;
|
|
+ }
|
|
+ }
|
|
}
|
|
else {
|
|
for (other = inputInfo.devices; other; other = other->next) {
|
|
@@ -1088,6 +1095,11 @@ CloseDownDevices(void)
|
|
dev->master = NULL;
|
|
}
|
|
|
|
+ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
|
|
+ if (!IsMaster(dev) && !IsFloating(dev))
|
|
+ dev->master = NULL;
|
|
+ }
|
|
+
|
|
CloseDeviceList(&inputInfo.devices);
|
|
CloseDeviceList(&inputInfo.off_devices);
|
|
|
|
--
|
|
GitLab
|
|
|