pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/x11/modular-xorg-server



Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Jul 28 21:10:00 UTC 2017

Modified Files:
        pkgsrc/x11/modular-xorg-server: Makefile distinfo
Added Files:
        pkgsrc/x11/modular-xorg-server/patches: patch-Xi_sendexev.c
            patch-dix_events.c patch-dix_swapreq.c

Log Message:
CVE-2017-10971 and CVE-2017-10972: apply fixes to the event loop from

   https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
   https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
   https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
   https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced

via xsrc patch from mrg@ at

https://mail-index.netbsd.org/source-changes/2017/07/07/msg086134.html

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/x11/modular-xorg-server/Makefile
cvs rdiff -u -r1.82 -r1.83 pkgsrc/x11/modular-xorg-server/distinfo
cvs rdiff -u -r0 -r1.3 \
    pkgsrc/x11/modular-xorg-server/patches/patch-Xi_sendexev.c
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/x11/modular-xorg-server/patches/patch-dix_events.c \
    pkgsrc/x11/modular-xorg-server/patches/patch-dix_swapreq.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/x11/modular-xorg-server/Makefile
diff -u pkgsrc/x11/modular-xorg-server/Makefile:1.112 pkgsrc/x11/modular-xorg-server/Makefile:1.113
--- pkgsrc/x11/modular-xorg-server/Makefile:1.112       Fri Jul  7 12:12:34 2017
+++ pkgsrc/x11/modular-xorg-server/Makefile     Fri Jul 28 21:10:00 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.112 2017/07/07 12:12:34 jperkin Exp $
+# $NetBSD: Makefile,v 1.113 2017/07/28 21:10:00 wiz Exp $
 
 DISTNAME=      xorg-server-${XORG_VERSION}
 PKGNAME=       modular-${DISTNAME}
-PKGREVISION=   1
+PKGREVISION=   2
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 COMMENT=       Modular X11 server from modular X.org

Index: pkgsrc/x11/modular-xorg-server/distinfo
diff -u pkgsrc/x11/modular-xorg-server/distinfo:1.82 pkgsrc/x11/modular-xorg-server/distinfo:1.83
--- pkgsrc/x11/modular-xorg-server/distinfo:1.82        Thu Mar 16 11:56:46 2017
+++ pkgsrc/x11/modular-xorg-server/distinfo     Fri Jul 28 21:10:00 2017
@@ -1,10 +1,13 @@
-$NetBSD: distinfo,v 1.82 2017/03/16 11:56:46 wiz Exp $
+$NetBSD: distinfo,v 1.83 2017/07/28 21:10:00 wiz Exp $
 
 SHA1 (xorg-server-1.19.3.tar.bz2) = 77f580ffa22a8bbcc3536e74e19114e446417a9c
 RMD160 (xorg-server-1.19.3.tar.bz2) = afa8708054016d4fa3632bf1db0bc462731717b4
 SHA512 (xorg-server-1.19.3.tar.bz2) = b988897418399e1361fdcca9465a781f55f8f6fbfdc5a59edfaee9046a0c6ad7a76f348d88b6004ce3d3fb3966b4c5af0b854f6549c32b2b8d7a43758809f669
 Size (xorg-server-1.19.3.tar.bz2) = 6050221 bytes
+SHA1 (patch-Xi_sendexev.c) = 46a165049d4b15c472736d3863aa4efad39418bc
 SHA1 (patch-configure) = 9e9f497f14d563ef66f25c637a14b0bea2243c3f
+SHA1 (patch-dix_events.c) = a7ede761198583f1d59c4def49db48725a46bd21
+SHA1 (patch-dix_swapreq.c) = 66643fbd396d0b4222ba4a3f09c4bbe3f0083a33
 SHA1 (patch-hw_xfree86_common_xf86pciBus.c) = 896825ba12646431cba603938d118acbdde305dd
 SHA1 (patch-hw_xfree86_common_xf86sbusBus.h) = f56f87336b2f669413ebb1005a2b64568a111f92
 SHA1 (patch-hw_xfree86_dri2_dri2.c) = 0bf58305059321e10f6f58186301dbb7cb858c2a

Added files:

Index: pkgsrc/x11/modular-xorg-server/patches/patch-Xi_sendexev.c
diff -u /dev/null pkgsrc/x11/modular-xorg-server/patches/patch-Xi_sendexev.c:1.3
--- /dev/null   Fri Jul 28 21:10:00 2017
+++ pkgsrc/x11/modular-xorg-server/patches/patch-Xi_sendexev.c  Fri Jul 28 21:10:00 2017
@@ -0,0 +1,65 @@
+$NetBSD: patch-Xi_sendexev.c,v 1.3 2017/07/28 21:10:00 wiz Exp $
+
+CVE-2017-10971 and CVE-2017-10972: apply fixes to the event loop from
+
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
+
+--- Xi/sendexev.c.orig 2017-03-15 18:05:25.000000000 +0000
++++ Xi/sendexev.c
+@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr clien
+ {
+     CARD32 *p;
+     int i;
+-    xEvent eventT;
++    xEvent eventT = { .u.u.type = 0 };
+     xEvent *eventP;
+     EventSwapPtr proc;
+ 
+@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr clien
+ 
+     eventP = (xEvent *) &stuff[1];
+     for (i = 0; i < stuff->num_events; i++, eventP++) {
++        if (eventP->u.u.type == GenericEvent) {
++            client->errorValue = eventP->u.u.type;
++            return BadValue;
++        }
++
+         proc = EventSwapVector[eventP->u.u.type & 0177];
+-        if (proc == NotImplemented)     /* no swapping proc; invalid event type? */
++        /* no swapping proc; invalid event type? */
++        if (proc == NotImplemented) {
++            client->errorValue = eventP->u.u.type;
+             return BadValue;
++        }
+         (*proc) (eventP, &eventT);
+         *eventP = eventT;
+     }
+@@ -117,7 +125,7 @@ SProcXSendExtensionEvent(ClientPtr clien
+ int
+ ProcXSendExtensionEvent(ClientPtr client)
+ {
+-    int ret;
++    int ret, i;
+     DeviceIntPtr dev;
+     xEvent *first;
+     XEventClass *list;
+@@ -141,10 +149,12 @@ ProcXSendExtensionEvent(ClientPtr client
+     /* The client's event type must be one defined by an extension. */
+ 
+     first = ((xEvent *) &stuff[1]);
+-    if (!((EXTENSION_EVENT_BASE <= first->u.u.type) &&
+-          (first->u.u.type < lastEvent))) {
+-        client->errorValue = first->u.u.type;
+-        return BadValue;
++    for (i = 0; i < stuff->num_events; i++) {
++        if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) &&
++            (first[i].u.u.type < lastEvent))) {
++            client->errorValue = first[i].u.u.type;
++            return BadValue;
++        }
+     }
+ 
+     list = (XEventClass *) (first + stuff->num_events);

Index: pkgsrc/x11/modular-xorg-server/patches/patch-dix_events.c
diff -u /dev/null pkgsrc/x11/modular-xorg-server/patches/patch-dix_events.c:1.1
--- /dev/null   Fri Jul 28 21:10:00 2017
+++ pkgsrc/x11/modular-xorg-server/patches/patch-dix_events.c   Fri Jul 28 21:10:00 2017
@@ -0,0 +1,24 @@
+$NetBSD: patch-dix_events.c,v 1.1 2017/07/28 21:10:00 wiz Exp $
+
+CVE-2017-10971 and CVE-2017-10972: apply fixes to the event loop from
+
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
+
+--- dix/events.c.orig  2017-03-15 18:05:25.000000000 +0000
++++ dix/events.c
+@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client)
+         client->errorValue = stuff->event.u.u.type;
+         return BadValue;
+     }
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
+     if (stuff->event.u.u.type == ClientMessage &&
+         stuff->event.u.u.detail != 8 &&
+         stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) {
Index: pkgsrc/x11/modular-xorg-server/patches/patch-dix_swapreq.c
diff -u /dev/null pkgsrc/x11/modular-xorg-server/patches/patch-dix_swapreq.c:1.1
--- /dev/null   Fri Jul 28 21:10:00 2017
+++ pkgsrc/x11/modular-xorg-server/patches/patch-dix_swapreq.c  Fri Jul 28 21:10:00 2017
@@ -0,0 +1,25 @@
+$NetBSD: patch-dix_swapreq.c,v 1.1 2017/07/28 21:10:00 wiz Exp $
+
+CVE-2017-10971 and CVE-2017-10972: apply fixes to the event loop from
+
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
+   https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
+
+--- dix/swapreq.c.orig 2017-03-15 18:05:25.000000000 +0000
++++ dix/swapreq.c
+@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client)
+     swapl(&stuff->destination);
+     swapl(&stuff->eventMask);
+ 
++    /* Generic events can have variable size, but SendEvent request holds
++       exactly 32B of event data. */
++    if (stuff->event.u.u.type == GenericEvent) {
++        client->errorValue = stuff->event.u.u.type;
++        return BadValue;
++    }
++
+     /* Swap event */
+     proc = EventSwapVector[stuff->event.u.u.type & 0177];
+     if (!proc || proc == NotImplemented)        /* no swapping proc; invalid event type? */



Home | Main Index | Thread Index | Old Index