package/x11r7/xserver_xorg-server: security bump version to 1.20.9

Fixes CVE-2020-14345, CVE-2020-14346, CVE-2020-14361 & CVE-2020-1436: https://lists.x.org/archives/xorg-announce/2020-August/003058.html Removed patch 0002, not needed anymore due to upstream commit https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=c601c8faf54ff9e3bcbc653421828d71042deef7 Build-tested with wayland: checking for a useful monotonic clock ...... checking whether CLOCK_MONOTONIC is declared... yes guessing yes Removed patch 0007, included in upstream release. Rebased and renumbered remaining patches. Reformatted license hashes. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-28 08:18:58 +02:00 · 2020-08-28 08:18:58 +02:00 · b7f0ee878c
commit b7f0ee878c
parent fd3dd9d9c5
10 changed files with 13 additions and 120 deletions
--- a/package/x11r7/xserver_xorg-server/1.20.8/0002-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.8/0002-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
@ -1,66 +0,0 @@
-Discover monotonic clock using compile-time check
-
-monotonic clock check does not work when cross-compiling.
-
-Upstream-Status: Denied [Does not work on OpenBSD]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-
-
-
-Original patch follows:
-
-When xorg-xserver is being cross-compiled, there is currently no way
-for us to detect whether the monotonic clock is available on the
-target system, because we aren't able to run a test program on the host
-system. Currently, in this situation, we default to not use the
-monotonic clock. One problem with this situation is that the user will
-be treated as idle when the date is updated.
-
-To fix this situation, we now use a compile-time check to detect whether the
-monotonic clock is available. This check can run just fine when we are
-cross-compiling.
-
-Signed-off-by: David James <davidjames at google.com>
-
-Downloaded from
-https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-configure.ac-Fix-check-for-CLOCK_MONOTONIC.patch
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
- configure.ac | 17 +++++++----------
- 1 file changed, 7 insertions(+), 10 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index f7ab48c..26e85cd 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -1048,19 +1048,16 @@ if ! test "x$have_clock_gettime" = xno; then
-         CPPFLAGS="$CPPFLAGS -D_POSIX_C_SOURCE=200112L"
-     fi
- 
-    AC_RUN_IFELSE([AC_LANG_SOURCE([
-+    AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
- #include <time.h>
-
-int main(int argc, char *argv[[]]) {
-    struct timespec tp;
-
-    if (clock_gettime(CLOCK_MONOTONIC, &tp) == 0)
-+#include <unistd.h>
-+int main() {
-+#if !(defined(_POSIX_MONOTONIC_CLOCK) && _POSIX_MONOTONIC_CLOCK >= 0 && defined(CLOCK_MONOTONIC))
-+        #error No monotonic clock
-+#endif
-         return 0;
-    else
-        return 1;
- }
-    ])], [MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no],
-       [MONOTONIC_CLOCK="cross compiling"])
-+]])],[MONOTONIC_CLOCK=yes], [MONOTONIC_CLOCK=no])
- 
-     LIBS="$LIBS_SAVE"
-     CPPFLAGS="$CPPFLAGS_SAVE"
-- 
-2.1.4
-
--- a/package/x11r7/xserver_xorg-server/1.20.8/0007-fix-for-ZDI-11426.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.8/0007-fix-for-ZDI-11426.patch
@ -1,36 +0,0 @@
-From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Sat, 25 Jul 2020 19:33:50 +0200
-Subject: [PATCH] fix for ZDI-11426
-
-Avoid leaking un-initalized memory to clients by zeroing the
-whole pixmap on initial allocation.
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-[downloaded from upstream commit
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816]
---
- dix/pixmap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dix/pixmap.c b/dix/pixmap.c
-index 1186d7dbbf..5a0146bbb6 100644
--- a/dix/pixmap.c
-+++ b/dix/pixmap.c
-@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
-     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
-         return NullPixmap;
- 
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
-+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
-     if (!pPixmap)
-         return NullPixmap;
- 
-- 
-GitLab
-
--- a/package/x11r7/xserver_xorg-server/1.20.9/0001-modesettings-needs-dri2.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.9/0001-modesettings-needs-dri2.patch
@ -9,7 +9,7 @@ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 diff -uNr xorg-server-1.17.2.org/configure.ac xorg-server-1.17.2/configure.ac
 --- xorg-server-1.17.2.org/configure.ac	2015-06-16 17:42:40.000000000 +0200
 +++ xorg-server-1.17.2/configure.ac	2015-08-08 10:44:59.702382624 +0200
-@@ -2036,7 +2036,7 @@
+@@ -1962,7 +1962,7 @@
 	        XORG_SYS_LIBS="$XORG_SYS_LIBS $XORG_MODULES_LIBS"
 	fi
 
--- a/package/x11r7/xserver_xorg-server/1.20.9/0002-Remove-check-for-useSIGIO-option.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.9/0002-Remove-check-for-useSIGIO-option.patch
@ -38,7 +38,7 @@ index 884a71c..be76498 100644
     for (i = 0; i < MAX_FUNCS; i++) {
         if (!xf86SigIOFuncs[i].f) {
             if (xf86IsPipe(fd))
-@@ -256,9 +253,6 @@ xf86RemoveSIGIOHandler(int fd)
+@@ -257,9 +256,6 @@ xf86RemoveSIGIOHandler(int fd)
     int max;
     int ret;
 
--- a/package/x11r7/xserver_xorg-server/1.20.9/0003-include-misc.h-fix-uClibc-build.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.9/0003-include-misc.h-fix-uClibc-build.patch
--- a/package/x11r7/xserver_xorg-server/1.20.9/0004-hw-xwayland-Makefile.am-fix-build-without-glx.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.9/0004-hw-xwayland-Makefile.am-fix-build-without-glx.patch
--- a/package/x11r7/xserver_xorg-server/1.20.9/0005-hw-xfree86-common-xf86Init.c-fix-build-without-glx.patch
+++ b/package/x11r7/xserver_xorg-server/1.20.9/0005-hw-xfree86-common-xf86Init.c-fix-build-without-glx.patch
@ -32,8 +32,8 @@ diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
 index 0631c7237..e6fb11398 100644
 --- a/hw/xfree86/common/xf86Init.c
 +++ b/hw/xfree86/common/xf86Init.c
-@@ -74,7 +74,6 @@
- #include "xf86Crtc.h"
+@@ -78,7 +78,6 @@
+ #include "xf86InPriv.h"
 #include "picturestr.h"
 #include "randrstr.h"
 -#include "glxvndabi.h"
--- a/package/x11r7/xserver_xorg-server/Config.in
+++ b/package/x11r7/xserver_xorg-server/Config.in
@ -61,7 +61,7 @@ choice
 	bool "X Window System server version"

 config BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_20
-	bool "1.20.8"
+	bool "1.20.9"
 	select BR2_PACKAGE_XSERVER_XORG_SERVER_VIDEODRV_ABI_24
 	select BR2_PACKAGE_XLIB_LIBXFONT2

@ -79,7 +79,7 @@ endchoice

 config BR2_PACKAGE_XSERVER_XORG_SERVER_VERSION
 	string
-	default "1.20.8" if BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_20
+	default "1.20.9" if BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_20
 	default "1.17.4" if BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_17
 	default "1.14.7" if BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_14

--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
@ -1,11 +1,11 @@
 # From http://lists.x.org/archives/xorg-announce/2014-June/002440.html
-sha1   7a95765e56b124758fcd7b609589e65b8870880b                                xorg-server-1.14.7.tar.bz2
-sha256 fcf66fa6ad86227613d2d3e8ae13ded297e2a1e947e9060a083eaf80d323451f        xorg-server-1.14.7.tar.bz2
+sha1  7a95765e56b124758fcd7b609589e65b8870880b  xorg-server-1.14.7.tar.bz2
+sha256  fcf66fa6ad86227613d2d3e8ae13ded297e2a1e947e9060a083eaf80d323451f  xorg-server-1.14.7.tar.bz2
 # From https://lists.x.org/archives/xorg-announce/2015-October/002650.html
-sha256 0c4b45c116a812a996eb432d8508cf26c2ec8c3916ff2a50781796882f8d6457        xorg-server-1.17.4.tar.bz2
-# From https://lists.x.org/archives/xorg-announce/2020-March/003041.html
-sha256 d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146  xorg-server-1.20.8.tar.bz2
-sha512 ab0ec0fcbf490c61558b9297f61b58fd2dedb676c78bef6431dc9166054743b43a0091b88a8b3f4e81d1f539909440ee7e188a298cefabe13ea89159639cd805  xorg-server-1.20.8.tar.bz2
+sha256  0c4b45c116a812a996eb432d8508cf26c2ec8c3916ff2a50781796882f8d6457  xorg-server-1.17.4.tar.bz2
+# From https://lists.x.org/archives/xorg-announce/2020-August/003059.html
+sha256  e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571  xorg-server-1.20.9.tar.bz2
+sha512  d9b5f93e1b9763a89187d8b272aa7d4ce9709641b8539f4536708af153310e5a4931bffd4229c51a3b0e3b12da7838750aa71b635751fb4c0bb27438cce4e5e6  xorg-server-1.20.9.tar.bz2

 # Locally calculated
-sha256 4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f  COPYING
+sha256  4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f  COPYING
--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
@ -38,11 +38,6 @@ XSERVER_XORG_SERVER_DEPENDENCIES = \
 	mcookie \
 	host-pkgconf

-ifeq ($(BR2_PACKAGE_XSERVER_XORG_SERVER_V_1_20),y)
-# 1.20.8/0007-fix-for-ZDI-11426.patch
-XSERVER_XORG_SERVER_IGNORE_CVES += CVE-2020-14347
-endif
-
 # We force -O2 regardless of the optimization level chosen by the
 # user, as the X.org server is known to trigger some compiler bugs at
 # -Os on several architectures.