pkgsrc.se | The NetBSD package collection

./x11/modular-xorg-server, Modular X11 server from modular X.org

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2020Q2, Version: 1.20.8nb2, Package name: modular-xorg-server-1.20.8nb2, Maintainer: pkgsrc-users

The X.org X11 Server from the modularized source tree of
X.org X11.

Required to run:
[fonts/libfontenc] [x11/Xfixes] [x11/xcb-util-keysyms] [x11/libXau] [x11/libdrm]

Required to build:
[x11/fixesproto4]

Package options: dri, inet6

Master sites:

SHA1: 077d081f912faf11c87ea1c9d0e29490961b0cd4
RMD160: 74f2a5ab7b482d2aded54fd412e9c0d673f270ba
Filesize: 6161.758 KB

Version history: (Expand)

(2020-08-01) Updated to version: modular-xorg-server-1.20.8nb2
(2020-07-01) Package added to pkgsrc.se, version modular-xorg-server-1.20.8nb1 (created)

CVS history: (Expand)

2020-08-01 08:47:59 by Benny Siegert | Files touched by this commit (5)

Log message:
Pullup ticket #6291 - requested by maya
x11/modular-xorg-server: security fix

Revisions pulled up:
- x11/modular-xorg-server/Makefile                              1.128
- x11/modular-xorg-server/distinfo                              1.102
- x11/modular-xorg-server/patches/patch-dix_pixmap.c            1.1
- x11/modular-xorg-xephyr/Makefile                              1.20
- x11/modular-xorg-xwayland/Makefile                            1.8

---
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Fri Jul 31 16:50:57 UTC 2020

   Modified Files:
   	pkgsrc/x11/modular-xorg-server: Makefile distinfo
   	pkgsrc/x11/modular-xorg-xephyr: Makefile
   	pkgsrc/x11/modular-xorg-xwayland: Makefile
   Added Files:
   	pkgsrc/x11/modular-xorg-server/patches: patch-dix_pixmap.c

   Log message:
   modular-xorg-*: provide patch (making this package equivalent to
   xorg-server 1.20.9, couldn't find a tarball).

   X.Org security advisory: July 31, 2020

   X Server Pixel Data Uninitialized Memory Information Disclosure
   ===============================================================

   CVE-2020-14347

   Allocation for pixmap data in AllocatePixmap() does not initialize the
   memory in xserver, it leads to leak uninitialize heap memory to
   clients. When the X server runs with elevated privileges.

   This flaw can lead to ASLR bypass, which when combined with other
   flaws (known/unknown) could lead to lead to privilege elevation in the
   client.

   Patch
   =====

   A patch for this issue has been commited to the xorg server git
   repository.  xorg-server 1.20.9 will be released shortly and will
   include this patch.

   https://gitlab.freedesktop.org/xorg/xserver.git

   diff --git a/dix/pixmap.c b/dix/pixmap.c
   index 1186d7dbb..5a0146bbb 100644
   --- a/dix/pixmap.c
   +++ b/dix/pixmap.c
   @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
        if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
            return NullPixmap;

   -    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
   +    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
        if (!pPixmap)
            return NullPixmap;

   Thanks
   ======

   This vulnerability was discovered by Jan-Niklas Sohn working with
   Trend Micro Zero Day Initiative.