commit xorg-x11-server for openSUSE:Factory

Source-Sync Mon, 23 Jun 2025 05:57:26 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xorg-x11-server for openSUSE:Factory 
checked in at 2025-06-23 14:55:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xorg-x11-server (Old)
 and      /work/SRC/openSUSE:Factory/.xorg-x11-server.new.7067 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "xorg-x11-server"

Mon Jun 23 14:55:56 2025 rev:443 rq:1287668 version:21.1.15

Changes:
--------
--- /work/SRC/openSUSE:Factory/xorg-x11-server/xorg-x11-server.changes  
2025-06-18 19:30:34.555132563 +0200
+++ 
/work/SRC/openSUSE:Factory/.xorg-x11-server.new.7067/xorg-x11-server.changes    
    2025-06-23 14:56:31.279945405 +0200
@@ -1,0 +2,6 @@
+Sun Jun 22 11:55:17 UTC 2025 - Stefan Dirsch <sndir...@suse.com>
+
+- U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
+  * additional fix for CVE-2025-49176
+
+-------------------------------------------------------------------

New:
----
  U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch

----------(New B)----------
  New:
- U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
  * additional fix for CVE-2025-49176
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xorg-x11-server.spec ++++++
--- /var/tmp/diff_new_pack.XqDvYV/_old  2025-06-23 14:56:37.820218915 +0200
+++ /var/tmp/diff_new_pack.XqDvYV/_new  2025-06-23 14:56:37.824219083 +0200
@@ -266,6 +266,7 @@
 Patch1244089:   
U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch
 Patch1244090:   
U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch
 Patch1244091:   
U_CVE-2025-49180-xfree86-Check-for-RandR-provider-functions.patch
+Patch1244092:   
U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch
 
 %description
 This package contains the X.Org Server.
@@ -444,6 +445,7 @@
 %patch -P 1244089 -p1
 %patch -P 1244090 -p1
 %patch -P 1244091 -p1
+%patch -P 1244092 -p1
 
 %build
 # We have some -z now related errors during X default startup (boo#1197994):

++++++ 
U_CVE-2025-49176-os-Check-for-integer-overflow-on-BigRequest-length.patch ++++++
>From 4fc4d76b2c7aaed61ed2653f997783a3714c4fe1 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofour...@redhat.com>
Date: Wed, 18 Jun 2025 08:39:02 +0200
Subject: [PATCH] os: Check for integer overflow on BigRequest length

Check for another possible integer overflow once we get a complete xReq
with BigRequest.

Related to CVE-2025-49176

Signed-off-by: Olivier Fourdan <ofour...@redhat.com>
Suggested-by: Peter Harris <pharr...@rocketsoftware.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2028>
---
 os/io.c | 2 ++
 1 file changed, 2 insertions(+)

Index: xorg-server-21.1.15/os/io.c
===================================================================
--- xorg-server-21.1.15.orig/os/io.c
+++ xorg-server-21.1.15/os/io.c
@@ -395,6 +395,8 @@ ReadRequestFromClient(ClientPtr client)
                     needed = get_big_req_len(request, client);
             }
             client->req_len = needed;
+            if (needed > MAXINT >> 2)
+                return -(BadLength);
             needed <<= 2;
         }
         if (gotnow < needed) {

commit xorg-x11-server for openSUSE:Factory

Reply via email to