Merge branch 'vatral-fix-dlopen-vuln' into 3.6.x

sunweaver · sunweaver · commit e18eb77f397b · 2024-01-22T21:04:24.000+01:00
Attributes GH PR #1068: #1068
diff --git a/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch
@@ -0,0 +1,13 @@
+Index: Mesa_6.4.2/src/glx/x11/dri_glx.c
+===================================================================
+--- Mesa_6.4.2.orig/src/glx/x11/dri_glx.c
++++ Mesa_6.4.2/src/glx/x11/dri_glx.c
+@@ -196,7 +196,7 @@ static __DRIdriver *OpenDriver(const cha
+       }
+    }
+ 
+-   if (geteuid() == getuid()) {
++   if (geteuid() == getuid() && getgid() == getegid()) {
+       /* don't allow setuid apps to use LIBGL_DRIVERS_PATH */
+       libPaths = getenv("LIBGL_DRIVERS_PATH");
+       if (!libPaths)
diff --git a/nx-X11/extras/Mesa.patches_6.4.2/series b/nx-X11/extras/Mesa.patches_6.4.2/series
@@ -6,3 +6,4 @@
 4005_adapt-all-libX11-include-paths-to-libNX_X11.patch
 5002_silence-uninitialized.diff
 1001_support_musl
+5003_dlopen-escalation.patch
