diff options
author | Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> | 2015-09-03 17:56:58 +0200 |
---|---|---|
committer | Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> | 2015-09-03 17:56:58 +0200 |
commit | 9695eae2fcfd4e20f418a488729639dce3556376 (patch) | |
tree | 5cc2e68043affad7669a86cdfee31d3f5e2bd6a8 /x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch | |
parent | fix building with gcc-5.2 with patch from Sven Eden via bug 552370 (diff) | |
download | gentoo-9695eae2fcfd4e20f418a488729639dce3556376.tar.gz gentoo-9695eae2fcfd4e20f418a488729639dce3556376.tar.bz2 gentoo-9695eae2fcfd4e20f418a488729639dce3556376.zip |
x11-base/xorg-server: add patches for CVE-2015-3164
Bug: https://bugs.gentoo.org/show_bug.cgi?id=551680
Package-Manager: portage-2.2.20.1
Diffstat (limited to 'x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch')
-rw-r--r-- | x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch new file mode 100644 index 000000000000..a9f803022703 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch @@ -0,0 +1,33 @@ +From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:42 -0400 +Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] + +Xwayland currently allows wide-open access to the X sockets +it listens on, ignoring Xauth access control. + +This commit makes sure to enable access control on the sockets, +so one user can't snoop on another user's X-over-wayland +applications. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index 7e8d667..c5bee77 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) + int i; + + for (i = 0; i < xwl_screen->listen_fd_count; i++) +- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); ++ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); + } + + static void +-- +cgit v0.10.2 + |