pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2020Q2] pkgsrc/x11



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat Aug  1 06:47:59 UTC 2020

Modified Files:
        pkgsrc/x11/modular-xorg-server [pkgsrc-2020Q2]: Makefile distinfo
        pkgsrc/x11/modular-xorg-xephyr [pkgsrc-2020Q2]: Makefile
        pkgsrc/x11/modular-xorg-xwayland [pkgsrc-2020Q2]: Makefile
Added Files:
        pkgsrc/x11/modular-xorg-server/patches [pkgsrc-2020Q2]:
            patch-dix_pixmap.c

Log Message:
Pullup ticket #6291 - requested by maya
x11/modular-xorg-server: security fix

Revisions pulled up:
- x11/modular-xorg-server/Makefile                              1.128
- x11/modular-xorg-server/distinfo                              1.102
- x11/modular-xorg-server/patches/patch-dix_pixmap.c            1.1
- x11/modular-xorg-xephyr/Makefile                              1.20
- x11/modular-xorg-xwayland/Makefile                            1.8

---
   Module Name: pkgsrc
   Committed By:        maya
   Date:                Fri Jul 31 16:50:57 UTC 2020

   Modified Files:
        pkgsrc/x11/modular-xorg-server: Makefile distinfo
        pkgsrc/x11/modular-xorg-xephyr: Makefile
        pkgsrc/x11/modular-xorg-xwayland: Makefile
   Added Files:
        pkgsrc/x11/modular-xorg-server/patches: patch-dix_pixmap.c

   Log Message:
   modular-xorg-*: provide patch (making this package equivalent to
   xorg-server 1.20.9, couldn't find a tarball).

   X.Org security advisory: July 31, 2020

   X Server Pixel Data Uninitialized Memory Information Disclosure
   ===============================================================

   CVE-2020-14347

   Allocation for pixmap data in AllocatePixmap() does not initialize the
   memory in xserver, it leads to leak uninitialize heap memory to
   clients. When the X server runs with elevated privileges.

   This flaw can lead to ASLR bypass, which when combined with other
   flaws (known/unknown) could lead to lead to privilege elevation in the
   client.

   Patch
   =====

   A patch for this issue has been commited to the xorg server git
   repository.  xorg-server 1.20.9 will be released shortly and will
   include this patch.

   https://gitlab.freedesktop.org/xorg/xserver.git

   diff --git a/dix/pixmap.c b/dix/pixmap.c
   index 1186d7dbb..5a0146bbb 100644
   --- a/dix/pixmap.c
   +++ b/dix/pixmap.c
   @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
        if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
            return NullPixmap;

   -    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
   +    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
        if (!pPixmap)
            return NullPixmap;

   Thanks
   ======

   This vulnerability was discovered by Jan-Niklas Sohn working with
   Trend Micro Zero Day Initiative.


To generate a diff of this commit:
cvs rdiff -u -r1.127 -r1.127.2.1 pkgsrc/x11/modular-xorg-server/Makefile
cvs rdiff -u -r1.101 -r1.101.2.1 pkgsrc/x11/modular-xorg-server/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/x11/modular-xorg-server/patches/patch-dix_pixmap.c
cvs rdiff -u -r1.19 -r1.19.2.1 pkgsrc/x11/modular-xorg-xephyr/Makefile
cvs rdiff -u -r1.7 -r1.7.2.1 pkgsrc/x11/modular-xorg-xwayland/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/x11/modular-xorg-server/Makefile
diff -u pkgsrc/x11/modular-xorg-server/Makefile:1.127 pkgsrc/x11/modular-xorg-server/Makefile:1.127.2.1
--- pkgsrc/x11/modular-xorg-server/Makefile:1.127       Fri May 22 10:56:48 2020
+++ pkgsrc/x11/modular-xorg-server/Makefile     Sat Aug  1 06:47:58 2020
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.127 2020/05/22 10:56:48 adam Exp $
+# $NetBSD: Makefile,v 1.127.2.1 2020/08/01 06:47:58 bsiegert Exp $
 
 DISTNAME=      xorg-server-${XORG_VERSION}
 PKGNAME=       modular-${DISTNAME}
-PKGREVISION=   1
+PKGREVISION=   2
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 COMMENT=       Modular X11 server from modular X.org

Index: pkgsrc/x11/modular-xorg-server/distinfo
diff -u pkgsrc/x11/modular-xorg-server/distinfo:1.101 pkgsrc/x11/modular-xorg-server/distinfo:1.101.2.1
--- pkgsrc/x11/modular-xorg-server/distinfo:1.101       Mon Mar 30 11:49:39 2020
+++ pkgsrc/x11/modular-xorg-server/distinfo     Sat Aug  1 06:47:58 2020
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.101 2020/03/30 11:49:39 wiz Exp $
+$NetBSD: distinfo,v 1.101.2.1 2020/08/01 06:47:58 bsiegert Exp $
 
 SHA1 (xorg-server-1.20.8.tar.bz2) = 077d081f912faf11c87ea1c9d0e29490961b0cd4
 RMD160 (xorg-server-1.20.8.tar.bz2) = 74f2a5ab7b482d2aded54fd412e9c0d673f270ba
 SHA512 (xorg-server-1.20.8.tar.bz2) = ab0ec0fcbf490c61558b9297f61b58fd2dedb676c78bef6431dc9166054743b43a0091b88a8b3f4e81d1f539909440ee7e188a298cefabe13ea89159639cd805
 Size (xorg-server-1.20.8.tar.bz2) = 6309640 bytes
 SHA1 (patch-configure) = ce2c732c3d8493445744a927a25b9cd3b45880f8
+SHA1 (patch-dix_pixmap.c) = 92c9343f71ddc418c0f61e8138e0b209cefcb221
 SHA1 (patch-hw_xfree86_common_xf86AutoConfig.c) = 70adf85be9fc6222a335686e7e9e9f385aca02f9
 SHA1 (patch-hw_xfree86_common_xf86sbusBus.h) = f56f87336b2f669413ebb1005a2b64568a111f92
 SHA1 (patch-hw_xfree86_dri2_dri2.c) = 0bf58305059321e10f6f58186301dbb7cb858c2a

Index: pkgsrc/x11/modular-xorg-xephyr/Makefile
diff -u pkgsrc/x11/modular-xorg-xephyr/Makefile:1.19 pkgsrc/x11/modular-xorg-xephyr/Makefile:1.19.2.1
--- pkgsrc/x11/modular-xorg-xephyr/Makefile:1.19        Fri May 22 10:56:48 2020
+++ pkgsrc/x11/modular-xorg-xephyr/Makefile     Sat Aug  1 06:47:59 2020
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.19 2020/05/22 10:56:48 adam Exp $
+# $NetBSD: Makefile,v 1.19.2.1 2020/08/01 06:47:59 bsiegert Exp $
 
 DISTNAME=      xorg-server-${XORG_VERSION}
 PKGNAME=       modular-xorg-xephyr-${XORG_VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 
 DISTINFO_FILE=         ${.CURDIR}/../../x11/modular-xorg-server/distinfo
 PATCHDIR=              ${.CURDIR}/../../x11/modular-xorg-server/patches

Index: pkgsrc/x11/modular-xorg-xwayland/Makefile
diff -u pkgsrc/x11/modular-xorg-xwayland/Makefile:1.7 pkgsrc/x11/modular-xorg-xwayland/Makefile:1.7.2.1
--- pkgsrc/x11/modular-xorg-xwayland/Makefile:1.7       Fri May 22 10:56:48 2020
+++ pkgsrc/x11/modular-xorg-xwayland/Makefile   Sat Aug  1 06:47:59 2020
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.7 2020/05/22 10:56:48 adam Exp $
+# $NetBSD: Makefile,v 1.7.2.1 2020/08/01 06:47:59 bsiegert Exp $
 
 DISTNAME=      xorg-server-${XORG_VERSION}
 PKGNAME=       modular-xorg-xwayland-${XORG_VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 
 DISTINFO_FILE=         ${.CURDIR}/../../x11/modular-xorg-server/distinfo
 PATCHDIR=              ${.CURDIR}/../../x11/modular-xorg-server/patches

Added files:

Index: pkgsrc/x11/modular-xorg-server/patches/patch-dix_pixmap.c
diff -u /dev/null pkgsrc/x11/modular-xorg-server/patches/patch-dix_pixmap.c:1.1.2.2
--- /dev/null   Sat Aug  1 06:47:59 2020
+++ pkgsrc/x11/modular-xorg-server/patches/patch-dix_pixmap.c   Sat Aug  1 06:47:59 2020
@@ -0,0 +1,27 @@
+$NetBSD: patch-dix_pixmap.c,v 1.1.2.2 2020/08/01 06:47:59 bsiegert Exp $
+
+From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu%herrb.eu@localhost>
+Date: Sat, 25 Jul 2020 19:33:50 +0200
+Subject: [PATCH] fix for ZDI-11426
+
+Avoid leaking un-initalized memory to clients by zeroing the
+whole pixmap on initial allocation.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu%herrb.eu@localhost>
+Reviewed-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
+
+--- dix/pixmap.c.orig  2020-03-29 20:21:15.000000000 +0000
++++ dix/pixmap.c
+@@ -117,7 +117,7 @@ AllocatePixmap(ScreenPtr pScreen, int pi
+     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
+         return NullPixmap;
+ 
+-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
++    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
+     if (!pPixmap)
+         return NullPixmap;
+ 



Home | Main Index | Thread Index | Old Index