diff --git a/CVE-2024-21885-CVE-2024-21885-flaw-was-found.patch b/CVE-2024-21885-CVE-2024-21885-flaw-was-found.patch new file mode 100644 index 0000000000000000000000000000000000000000..c3abf673914a9a3f61d3b0e684103f0cd2a8b6b6 --- /dev/null +++ b/CVE-2024-21885-CVE-2024-21885-flaw-was-found.patch @@ -0,0 +1,21 @@ +From: Penglai Code +Subject: [PATCH] CVE-2024-21885: A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exce + +CVE: CVE-2024-21885 +Upstream: X.Org GitLab (xorg/xserver) and official X.Org security advisories +Reference: https://gitlab.freedesktop.org/xorg/xserver/-/commits/server-21.1.11 +Bug: CVE-2024-21885 + +--- + +--- a/Xi/xichangehierarchy.c ++++ b/Xi/xichangehierarchy.c +@@ -70,7 +70,7 @@ + return; + + ev = calloc(1, sizeof(xXIHierarchyEvent) + +- MAXDEVICES * sizeof(xXIHierarchyInfo)); ++ MAXDEVICES * 2 * sizeof(xXIHierarchyInfo)); + if (!ev) + return; + ev->type = GenericEvent; diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 81b72c92dcc005ec6ae2ace8b77b6b0952aeb418..65ee0a1b59b733b3bf675f9b9b2845519b5a568e 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -1,4 +1,4 @@ -%define anolis_release 12 +%define anolis_release 13 %undefine _hardened_build %undefine _strict_symbol_defs_build %global ansic_major 0 @@ -80,6 +80,10 @@ Patch1012: 1012-Fix-drm_drop_master-before-vt_reldisp.patch Patch1013: 1013-Fix-compilation-error-when-built-without-logind_platform-bus.patch Patch1014: 1014-fix-missing-call-to-vtenter-if-the-platform-device-is-not-paused.patch Patch1015: 1015-x86_logind-fix-suspend_resume-when-there-are-no-input-devices.patch +# CVE-2024-21885 +# Upstream: X.Org GitLab (xorg/xserver) and official X.Org security advisories +# Reference: https://gitlab.freedesktop.org/xorg/xserver/-/commits/server-21.1.11 +Patch1016: CVE-2024-21885-CVE-2024-21885-flaw-was-found.patch BuildRequires: automake make autoconf libtool pkgconfig BuildRequires: dbus-devel libepoxy-devel libudev-devel systemd-devel systemtap-sdt-devel @@ -390,6 +394,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/xorg/modules/lib{int10,vbe}.so %{_datadir}/xorg-x11-server-source %changelog +* Wed Jul 01 2026 Penglai Code - 1.20.14-13 +- Fix CVE-2024-21885 (BZ#2024) + Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commits/server-21.1.11 + * Fri Nov 3 2023 Wenlong Zhang - 1:1.20.14-12 - fix build error for tigervnc