summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--metadata/repository_mask.conf8
-rw-r--r--packages/x11-server/xorg-server/files/xorg-server-1.20.8-fix-for-ZDI-11426.patch36
-rw-r--r--packages/x11-server/xorg-server/xorg-server-1.20.8-r1.exheres-0 (renamed from packages/x11-server/xorg-server/xorg-server-1.20.8.exheres-0)1
3 files changed, 41 insertions, 4 deletions
diff --git a/metadata/repository_mask.conf b/metadata/repository_mask.conf
index fce20544..c481e6e6 100644
--- a/metadata/repository_mask.conf
+++ b/metadata/repository_mask.conf
@@ -89,11 +89,11 @@ app-text/poppler[<0.56.0] [[
description = [ CVE-2017-9775 ]
]]
-x11-server/xorg-server[<1.20.3] [[
- author = [ Timo Gurr <tgurr@exherbo.org> ]
- date = [ 25 Oct 2018 ]
+x11-server/xorg-server[<1.20.8-r1] [[
+ author = [ Heiko Becker <heirecka@exherbo.org> ]
+ date = [ 31 Jul 2020 ]
token = security
- description = [ CVE-2018-14665 ]
+ description = [ CVE-2020-14347 ]
]]
x11-libs/libXv[<1.0.8] [[
diff --git a/packages/x11-server/xorg-server/files/xorg-server-1.20.8-fix-for-ZDI-11426.patch b/packages/x11-server/xorg-server/files/xorg-server-1.20.8-fix-for-ZDI-11426.patch
new file mode 100644
index 00000000..e4f2c343
--- /dev/null
+++ b/packages/x11-server/xorg-server/files/xorg-server-1.20.8-fix-for-ZDI-11426.patch
@@ -0,0 +1,36 @@
+Upstream: yes
+Reason: CVE-2020-14347
+
+From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Sat, 25 Jul 2020 19:33:50 +0200
+Subject: [PATCH] fix for ZDI-11426
+
+Avoid leaking un-initalized memory to clients by zeroing the
+whole pixmap on initial allocation.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ dix/pixmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dix/pixmap.c b/dix/pixmap.c
+index 1186d7dbb..5a0146bbb 100644
+--- a/dix/pixmap.c
++++ b/dix/pixmap.c
+@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
+ if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
+ return NullPixmap;
+
+- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
++ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
+ if (!pPixmap)
+ return NullPixmap;
+
+--
+2.28.0
+
diff --git a/packages/x11-server/xorg-server/xorg-server-1.20.8.exheres-0 b/packages/x11-server/xorg-server/xorg-server-1.20.8-r1.exheres-0
index 137cbfc5..fdf9c676 100644
--- a/packages/x11-server/xorg-server/xorg-server-1.20.8.exheres-0
+++ b/packages/x11-server/xorg-server/xorg-server-1.20.8-r1.exheres-0
@@ -9,5 +9,6 @@ PLATFORMS="~amd64 ~armv8 ~x86"
DEFAULT_SRC_PREPARE_PATCHES=(
"${FILES}"/0001-Call-pkg-config-via-variable.patch
+ "${FILES}"/${PNV}-fix-for-ZDI-11426.patch
)