commit libX11 for openSUSE:Factory

Source-Sync Wed, 26 Feb 2025 08:14:36 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libX11 for openSUSE:Factory checked 
in at 2025-02-26 17:13:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libX11 (Old)
 and      /work/SRC/openSUSE:Factory/.libX11.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libX11"

Wed Feb 26 17:13:37 2025 rev:57 rq:1248446 version:1.8.11

Changes:
--------
--- /work/SRC/openSUSE:Factory/libX11/libX11.changes    2025-02-04 
18:09:49.512834967 +0100
+++ /work/SRC/openSUSE:Factory/.libX11.new.1873/libX11.changes  2025-02-26 
17:13:41.307068334 +0100
@@ -1,0 +2,7 @@
+Tue Feb 25 17:49:10 UTC 2025 - Stefan Dirsch <sndir...@suse.com>
+
+- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch 
+  * Buffer overflow in XkbChangeTypesOfKey() 
+    (CVE-2025-26597, bsc#1237431)
+
+-------------------------------------------------------------------

New:
----
  U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch

BETA DEBUG BEGIN:
  New:
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch 
  * Buffer overflow in XkbChangeTypesOfKey() 
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libX11.spec ++++++
--- /var/tmp/diff_new_pack.JJe4IP/_old  2025-02-26 17:13:43.195147386 +0100
+++ /var/tmp/diff_new_pack.JJe4IP/_new  2025-02-26 17:13:43.199147553 +0100
@@ -32,6 +32,7 @@
 # PATCH-FIX-UPSTREAM en-locales.diff fdo#48596 bnc#388711 -- Add missing data 
for more en locales
 Patch2:         en-locales.diff
 Patch3:         u_no-longer-crash-in-XVisualIDFromVisual.patch
+Patch1237431:   
U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
 BuildRequires:  fdupes
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -121,6 +122,7 @@
 %patch -P 1
 %patch -P 2
 %patch -P 3 -p1
+%patch -P 1237431 -p1
 
 %build
 %configure \

++++++ 
U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch 
++++++
>From c5114475db18f29d639537d60e135bdfc11a5d3a Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofour...@redhat.com>
Date: Thu, 28 Nov 2024 14:09:04 +0100
Subject: [PATCH xserver] xkb: Fix buffer overflow in XkbChangeTypesOfKey()

If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
key syms to 0 but leave the key actions unchanged.

If later, the same function is called with a non-zero value for nGroups,
this will cause a buffer overflow because the key actions are of the wrong
size.

To avoid the issue, make sure to resize both the key syms and key actions
when nGroups is 0.

CVE-2025-26597, ZDI-CAN-25683

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan <ofour...@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutte...@who-t.net>
---
 src/xkb/XKBMisc.c | 1 +
 1 file changed, 1 insertion(+)

Index: libX11-1.8.10/src/xkb/XKBMisc.c
===================================================================
--- libX11-1.8.10.orig/src/xkb/XKBMisc.c
+++ libX11-1.8.10/src/xkb/XKBMisc.c
@@ -694,6 +694,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb,
         i = XkbSetNumGroups(i, 0);
         xkb->map->key_sym_map[key].group_info = i;
         XkbResizeKeySyms(xkb, key, 0);
+        XkbResizeKeyActions(xkb, key, 0);
         return Success;
     }

commit libX11 for openSUSE:Factory

Reply via email to