diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2021-12-16 21:34:10 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2021-12-17 08:59:54 +0100 |
commit | d5c267841ae969914a7a7d3265d40931171c2f44 (patch) | |
tree | 5091b85975f4b3237acbf636e7ac935938105f47 /source/x/x11 | |
parent | 2ff75b95af8c63e8c2ab2b6b551e09ab39432e8b (diff) | |
download | current-d5c267841ae969914a7a7d3265d40931171c2f44.tar.gz |
Thu Dec 16 21:34:10 UTC 202120211216213410
a/kernel-firmware-20211216_f682ecb-noarch-1.txz: Upgraded.
a/kernel-generic-5.15.9-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.9-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.9-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1m-x86_64-1.txz: Upgraded.
ap/inxi-3.3.10_1-noarch-1.txz: Upgraded.
Thanks to h2-1.
d/kernel-headers-5.15.9-x86-1.txz: Upgraded.
d/vala-0.54.5-x86_64-1.txz: Upgraded.
k/kernel-source-5.15.9-noarch-1.txz: Upgraded.
SUNRPC_DEBUG n -> y
+NFS_DEBUG y
Thanks to bassmadrigal.
kde/latte-dock-0.10.5-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.73.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.42-x86_64-1.txz: Upgraded.
n/iputils-20211215-x86_64-1.txz: Upgraded.
n/openssl-1.1.1m-x86_64-1.txz: Upgraded.
n/php-7.4.27-x86_64-1.txz: Upgraded.
x/xorg-server-1.20.14-x86_64-1.txz: Upgraded.
Built using --enable-systemd-logind to use elogind for device setup.
Some code changes would be required in xorg-server, xinit, and various login
managers to make rootless X work out of the box or to fall back in cases
where elogind isn't supported, and those changes aren't appropriate here in
the RC stage, but you can try it without recompiling:
chmod 755 /usr/libexec/Xorg*
Thanks to LuckyCyborg.
x/xorg-server-xephyr-1.20.14-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.14-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.14-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.4.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.4.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/x/x11')
7 files changed, 2 insertions, 168 deletions
diff --git a/source/x/x11/build/xorg-server b/source/x/x11/build/xorg-server index 0cfbf088..d00491fd 100644 --- a/source/x/x11/build/xorg-server +++ b/source/x/x11/build/xorg-server @@ -1 +1 @@ -2 +1 diff --git a/source/x/x11/configure/xorg-server b/source/x/x11/configure/xorg-server index c107644e..c1a5c2e3 100644 --- a/source/x/x11/configure/xorg-server +++ b/source/x/x11/configure/xorg-server @@ -17,7 +17,7 @@ BUILD_SERVERS="--enable-xorg \ $XWAYLAND_OPTION \ --enable-config-udev \ --disable-config-hal \ - --disable-systemd-logind" + --enable-systemd-logind" #MESA_VERSION=${MESA_VERSION:-7.5} # unused in 1.7+ diff --git a/source/x/x11/patch/xorg-server.patch b/source/x/x11/patch/xorg-server.patch index 72b8e30a..e1e5d20f 100644 --- a/source/x/x11/patch/xorg-server.patch +++ b/source/x/x11/patch/xorg-server.patch @@ -28,9 +28,3 @@ zcat $CWD/patch/xorg-server/fix-pci-segfault.diff.gz | patch -p1 --verbose || { # Only use Intel DDX with pre-gen4 hardware. Newer hardware will the the modesetting driver by default: zcat $CWD/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } - -# Security fixes: -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch deleted file mode 100644 index e13edff7..00000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch +++ /dev/null @@ -1,52 +0,0 @@ -From ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:03 +0200 -Subject: [PATCH] render: Fix out of bounds access in - SProcRenderCompositeGlyphs() - -ZDI-CAN-14192, CVE-2021-4008 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - render/render.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/render/render.c b/render/render.c -index c376090ca..456f156d4 100644 ---- a/render/render.c -+++ b/render/render.c -@@ -2309,6 +2309,9 @@ SProcRenderCompositeGlyphs(ClientPtr client) - - i = elt->len; - if (i == 0xff) { -+ if (buffer + 4 > end) { -+ return BadLength; -+ } - swapl((int *) buffer); - buffer += 4; - } -@@ -2319,12 +2322,18 @@ SProcRenderCompositeGlyphs(ClientPtr client) - buffer += i; - break; - case 2: -+ if (buffer + i * 2 > end) { -+ return BadLength; -+ } - while (i--) { - swaps((short *) buffer); - buffer += 2; - } - break; - case 4: -+ if (buffer + i * 4 > end) { -+ return BadLength; -+ } - while (i--) { - swapl((int *) buffer); - buffer += 4; --- -GitLab - diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch deleted file mode 100644 index 9a5c3feb..00000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch +++ /dev/null @@ -1,43 +0,0 @@ -From b5196750099ae6ae582e1f46bd0a6dad29550e02 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:01 +0200 -Subject: [PATCH] xfixes: Fix out of bounds access in - *ProcXFixesCreatePointerBarrier() - -ZDI-CAN-14950, CVE-2021-4009 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - xfixes/cursor.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/xfixes/cursor.c b/xfixes/cursor.c -index 60580b88f..c5d4554b2 100644 ---- a/xfixes/cursor.c -+++ b/xfixes/cursor.c -@@ -1010,7 +1010,8 @@ ProcXFixesCreatePointerBarrier(ClientPtr client) - { - REQUEST(xXFixesCreatePointerBarrierReq); - -- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); -+ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, -+ pad_to_int32(stuff->num_devices * sizeof(CARD16))); - LEGAL_NEW_RESOURCE(stuff->barrier, client); - - return XICreatePointerBarrier(client, stuff); -@@ -1027,7 +1028,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client) - - swaps(&stuff->length); - swaps(&stuff->num_devices); -- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); -+ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, -+ pad_to_int32(stuff->num_devices * sizeof(CARD16))); - - swapl(&stuff->barrier); - swapl(&stuff->window); --- -GitLab - diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch deleted file mode 100644 index 49e23468..00000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6c4c53010772e3cb4cb8acd54950c8eec9c00d21 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:02 +0200 -Subject: [PATCH] Xext: Fix out of bounds access in SProcScreenSaverSuspend() - -ZDI-CAN-14951, CVE-2021-4010 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - Xext/saver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Xext/saver.c b/Xext/saver.c -index 1d7e3cadf..f813ba08d 100644 ---- a/Xext/saver.c -+++ b/Xext/saver.c -@@ -1351,8 +1351,8 @@ SProcScreenSaverSuspend(ClientPtr client) - REQUEST(xScreenSaverSuspendReq); - - swaps(&stuff->length); -- swapl(&stuff->suspend); - REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); -+ swapl(&stuff->suspend); - return ProcScreenSaverSuspend(client); - } - --- -GitLab - diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch deleted file mode 100644 index 2f3e4197..00000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e56f61c79fc3cee26d83cda0f84ae56d5979f768 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:00 +0200 -Subject: [PATCH] record: Fix out of bounds access in SwapCreateRegister() - -ZDI-CAN-14952, CVE-2021-4011 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - record/record.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/record/record.c b/record/record.c -index be154525d..e123867a7 100644 ---- a/record/record.c -+++ b/record/record.c -@@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) - swapl(pClientID); - } - if (stuff->nRanges > -- client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) -- - stuff->nClients) -+ (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) -+ - stuff->nClients) / bytes_to_int32(sz_xRecordRange)) - return BadLength; - RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); - return Success; --- -GitLab - |