]> git.proxmox.com Git - pve-qemu-kvm.git/blob - debian/patches/keymap.diff
Fix CVE-2016-2841, CVE-2016-2857, CVE-2016-2858
[pve-qemu-kvm.git] / debian / patches / keymap.diff
1 Index: new/ui/vnc.c
2 ===================================================================
3 --- new.orig/ui/vnc.c 2014-11-20 06:45:06.000000000 +0100
4 +++ new/ui/vnc.c 2014-11-20 06:50:51.000000000 +0100
5 @@ -1633,6 +1633,10 @@
6
7 static void do_key_event(VncState *vs, int down, int keycode, int sym)
8 {
9 + int mods = keycode & 0xf00;
10 +
11 + keycode &= SCANCODE_KEYMASK;
12 +
13 /* QEMU console switch */
14 switch(keycode) {
15 case 0x2a: /* Left Shift */
16 @@ -1712,7 +1716,24 @@
17 }
18
19 if (qemu_console_is_graphic(NULL)) {
20 +
21 + /* our java vnc client never sends ALTGR, so we create
22 + an artificial up/down event */
23 +
24 + int emul_altgr = (mods & SCANCODE_ALTGR) &&
25 + !vs->modifiers_state[0xb8];
26 +
27 + if (emul_altgr) {
28 + reset_keys(vs);
29 + qemu_input_event_send_key_number(vs->vd->dcl.con, 0xb8, true);
30 + }
31 +
32 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
33 +
34 + if (emul_altgr) {
35 + qemu_input_event_send_key_number(vs->vd->dcl.con, 0xb8, false);
36 + }
37 +
38 } else {
39 bool numlock = vs->modifiers_state[0x45];
40 bool control = (vs->modifiers_state[0x1d] ||
41 @@ -1851,7 +1872,8 @@
42 lsym = lsym - 'A' + 'a';
43 }
44
45 - keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
46 + keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF);
47 +
48 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
49 do_key_event(vs, down, keycode, sym);
50 }
51 @@ -3046,7 +3068,7 @@
52 char *vnc_display_local_addr(DisplayState *ds)
53 {
54 VncDisplay *vs = vnc_display;
55 -
56 +
57 return vnc_socket_local_addr("%s:%s", vs->lsock);
58 }
59