From 76cd1aa75381e0be739b6b5881528d54838a0db0 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Thu, 16 Dec 2021 18:16:55 +0100 Subject: [PATCH] package/xserver_xorg-server: security bump to version 21.1.2 Fixes the following vulnerabilities: * CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. * CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. * CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. * CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. For details, see the advisory: https://lists.x.org/archives/xorg-announce/2021-December/003122.html Builds without systemd unfortunately got broken. Add a patch fixing that from an upstream merge request: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827 Signed-off-by: Peter Korsgaard Signed-off-by: Arnout Vandecappelle (Essensium/Mind) --- ...error-when-built-without-logind-plat.patch | 90 +++++++++++++++++++ .../xserver_xorg-server.hash | 6 +- .../xserver_xorg-server.mk | 2 +- 3 files changed, 94 insertions(+), 4 deletions(-) create mode 100644 package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch diff --git a/package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch b/package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch new file mode 100644 index 0000000000..164c0039bd --- /dev/null +++ b/package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch @@ -0,0 +1,90 @@ +From 17b6ab4d8cecf55a3784dbefbef9bfcf84ee3b1b Mon Sep 17 00:00:00 2001 +From: Jocelyn Falempe +Date: Thu, 16 Dec 2021 15:46:43 +0100 +Subject: [PATCH] Fix compilation error when built without logind/platform bus + +This was introduced by commit 8eb1396d + +Signed-off-by: Jocelyn Falempe +[Peter: from https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827] +Signed-off-by: Peter Korsgaard +--- + hw/xfree86/common/xf86Events.c | 9 +-------- + hw/xfree86/os-support/linux/systemd-logind.c | 16 +++++++++++----- + include/systemd-logind.h | 4 ++-- + 3 files changed, 14 insertions(+), 15 deletions(-) + +diff --git a/hw/xfree86/common/xf86Events.c b/hw/xfree86/common/xf86Events.c +index 6076efa80..395bbc7b3 100644 +--- a/hw/xfree86/common/xf86Events.c ++++ b/hw/xfree86/common/xf86Events.c +@@ -383,14 +383,7 @@ xf86VTLeave(void) + xf86GPUScreens[i]->LeaveVT(xf86GPUScreens[i]); + + if (systemd_logind_controls_session()) { +- for (i = 0; i < xf86_num_platform_devices; i++) { +- if (xf86_platform_devices[i].flags & XF86_PDEV_SERVER_FD) { +- int major, minor; +- major = xf86_platform_odev_attributes(i)->major; +- minor = xf86_platform_odev_attributes(i)->minor; +- systemd_logind_drop_master(major, minor); +- } +- } ++ systemd_logind_drop_master(); + } + + if (!xf86VTSwitchAway()) +diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c +index 35d5cc75b..f6a223a55 100644 +--- a/hw/xfree86/os-support/linux/systemd-logind.c ++++ b/hw/xfree86/os-support/linux/systemd-logind.c +@@ -308,13 +308,19 @@ cleanup: + * and ensure the drm_drop_master is done before + * VT_RELDISP when switching VT + */ +-void systemd_logind_drop_master(int _major, int _minor) ++void systemd_logind_drop_master(void) + { +- struct systemd_logind_info *info = &logind_info; +- dbus_int32_t major = _major; +- dbus_int32_t minor = _minor; ++ int i; ++ for (i = 0; i < xf86_num_platform_devices; i++) { ++ if (xf86_platform_devices[i].flags & XF86_PDEV_SERVER_FD) { ++ dbus_int32_t major, minor; ++ struct systemd_logind_info *info = &logind_info; + +- systemd_logind_ack_pause(info, minor, major); ++ major = xf86_platform_odev_attributes(i)->major; ++ minor = xf86_platform_odev_attributes(i)->minor; ++ systemd_logind_ack_pause(info, minor, major); ++ } ++ } + } + + static DBusHandlerResult +diff --git a/include/systemd-logind.h b/include/systemd-logind.h +index a8af2b96d..5c04d0130 100644 +--- a/include/systemd-logind.h ++++ b/include/systemd-logind.h +@@ -33,7 +33,7 @@ int systemd_logind_take_fd(int major, int minor, const char *path, Bool *paus); + void systemd_logind_release_fd(int major, int minor, int fd); + int systemd_logind_controls_session(void); + void systemd_logind_vtenter(void); +-void systemd_logind_drop_master(int major, int minor); ++void systemd_logind_drop_master(void); + #else + #define systemd_logind_init() + #define systemd_logind_fini() +@@ -41,7 +41,7 @@ void systemd_logind_drop_master(int major, int minor); + #define systemd_logind_release_fd(major, minor, fd) close(fd) + #define systemd_logind_controls_session() 0 + #define systemd_logind_vtenter() +-#define systemd_logind_drop_master(major, minor) ++#define systemd_logind_drop_master() + #endif + + #endif +-- +2.20.1 + diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash index d389e6713a..6008661db1 100644 --- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash +++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash @@ -1,6 +1,6 @@ -# From https://lists.x.org/archives/xorg-announce/2021-November/003116.html -sha256 782e7fef2ca0c7cbe60a937b8bf42dac69c904fb841950fd0363e1c2346ea755 xorg-server-21.1.1.tar.xz -sha512 8608ed9c1537c95e8a3adea5e3e372a3c5eb841f8e27c84283093f22fb1909e16a800006510da684b13f8f237f33b8a4be3e2537f5f9ab9af4c5ad12770eef0d xorg-server-21.1.1.tar.xz +# From https://lists.x.org/archives/xorg-announce/2021-December/003125.html +sha256 c20bf46a9fe8e74bf4e75430637e58d49a02d806609dc161462bceb1ef7e8db0 xorg-server-21.1.2.tar.xz +sha512 6d7a0d29d5be09f80ed505c4d6ae964795127525a0ab73a4eab4f601788ab3627033143e5aeb4c2565c6683dd3402084d13acab5554606fbd519c4aec0a79def xorg-server-21.1.2.tar.xz # Locally calculated sha256 4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f COPYING diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk index 2518776da8..0cadba92a3 100644 --- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk +++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk @@ -4,7 +4,7 @@ # ################################################################################ -XSERVER_XORG_SERVER_VERSION = 21.1.1 +XSERVER_XORG_SERVER_VERSION = 21.1.2 XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver XSERVER_XORG_SERVER_LICENSE = MIT