From abb6f948c2ad5d174964582e6a32e6fdad5f232a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 14 Aug 2024 03:18:19 +0300 Subject: [PATCH] import tigervnc-1.13.1-12.el8_10 --- SOURCES/xorg-CVE-2024-31083-followup.patch | 72 ---------------------- SPECS/tigervnc.spec | 8 ++- 2 files changed, 5 insertions(+), 75 deletions(-) delete mode 100644 SOURCES/xorg-CVE-2024-31083-followup.patch diff --git a/SOURCES/xorg-CVE-2024-31083-followup.patch b/SOURCES/xorg-CVE-2024-31083-followup.patch deleted file mode 100644 index 549f90a..0000000 --- a/SOURCES/xorg-CVE-2024-31083-followup.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001 -From: Olivier Fourdan -Date: Fri, 5 Apr 2024 15:24:49 +0200 -Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs() - -ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and -then frees it using FreeGlyph() to decrease the reference count, after -AddGlyph() has increased it. - -AddGlyph() however may chose to reuse an existing glyph if it's already -in the glyphSet, and free the glyph that was given, in which case the -caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an -already freed glyph, as reported by ASan: - - READ of size 4 thread T0 - #0 in FreeGlyph xserver/render/glyph.c:252 - #1 in ProcRenderAddGlyphs xserver/render/render.c:1174 - #2 in Dispatch xserver/dix/dispatch.c:546 - #3 in dix_main xserver/dix/main.c:271 - #4 in main xserver/dix/stubmain.c:34 - #5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - #6 in __libc_start_main_impl ../csu/libc-start.c:360 - #7 (/usr/bin/Xwayland+0x44fe4) - Address is located 0 bytes inside of 64-byte region - freed by thread T0 here: - #0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52 - #1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538 - #2 in AddGlyph xserver/render/glyph.c:295 - #3 in ProcRenderAddGlyphs xserver/render/render.c:1173 - #4 in Dispatch xserver/dix/dispatch.c:546 - #5 in dix_main xserver/dix/main.c:271 - #6 in main xserver/dix/stubmain.c:34 - #7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - previously allocated by thread T0 here: - #0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69 - #1 in AllocateGlyph xserver/render/glyph.c:355 - #2 in ProcRenderAddGlyphs xserver/render/render.c:1085 - #3 in Dispatch xserver/dix/dispatch.c:546 - #4 in dix_main xserver/dix/main.c:271 - #5 in main xserver/dix/stubmain.c:34 - #6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph - -To avoid that, make sure not to free the given glyph in AddGlyph(). - -v2: Simplify the test using the boolean returned from AddGlyph() (Michel) -v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter) - -Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs -Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659 -Signed-off-by: Olivier Fourdan -Part-of: ---- - render/glyph.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/render/glyph.c b/render/glyph.c -index 13991f8a1..5fa7f3b5b 100644 ---- a/render/glyph.c -+++ b/render/glyph.c -@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id) - gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature, - TRUE, glyph->sha1); - if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) { -- FreeGlyphPicture(glyph); -- dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH); - glyph = gr->glyph; - } - else if (gr->glyph != glyph) { --- -2.44.0 - diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec index f52492f..7020589 100644 --- a/SPECS/tigervnc.spec +++ b/SPECS/tigervnc.spec @@ -5,7 +5,7 @@ Name: tigervnc Version: 1.13.1 -Release: 11%{?dist} +Release: 12%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -40,7 +40,6 @@ Patch100: tigervnc-xserver120.patch Patch101: 0001-rpath-hack.patch # XServer patches -Patch200: xorg-CVE-2024-31083-followup.patch BuildRequires: make BuildRequires: gcc-c++ @@ -188,7 +187,6 @@ for all in `find . -type f -perm -001`; do done %patch100 -p1 -b .xserver120-rebased %patch101 -p1 -b .rpath -%patch200 -p1 -b .xorg-CVE-2024-31083-followup popd %patch1 -p1 -b .use-gnome-as-default-session @@ -356,6 +354,10 @@ fi %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog +* Fri Jul 12 2024 Jan Grulich - 1.13.1-12 +- Fix FTBS: drop already applied Xorg patches + Resolves: RHEL-46696 + * Tue May 28 2024 Jan Grulich - 1.13.1-11 - vncconfig: add option to force view-only remote client connections Resolves: RHEL-11908