x11-base/xorg-server: add patches for CVE-2015-3164

Bug: https://bugs.gentoo.org/show_bug.cgi?id=551680

Package-Manager: portage-2.2.20.1

1 files changed, 33 insertions, 0 deletions

diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch
new file mode 100644
index 000000000000..a9f803022703
--- /dev/null
+++ b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch
@@ -0,0 +1,33 @@
+From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Tue, 5 May 2015 16:43:42 -0400
+Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3]
+
+Xwayland currently allows wide-open access to the X sockets
+it listens on, ignoring Xauth access control.
+
+This commit makes sure to enable access control on the sockets,
+so one user can't snoop on another user's X-over-wayland
+applications.
+
+Signed-off-by: Ray Strode <rstrode@redhat.com>
+Reviewed-by: Daniel Stone <daniels@collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+
+diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
+index 7e8d667..c5bee77 100644
+--- a/hw/xwayland/xwayland.c
++++ b/hw/xwayland/xwayland.c
+@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen)
+     int i;
+ 
+     for (i = 0; i < xwl_screen->listen_fd_count; i++)
+-        ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
++        ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
+ }
+ 
+ static void
+-- 
+cgit v0.10.2
+