From patchwork Mon Aug 10 06:41:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 1342730 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BQ5wG3hSRz9sTT for ; Mon, 10 Aug 2020 16:41:32 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id D95CF85FAE; Mon, 10 Aug 2020 06:41:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3JG2crPOasM; Mon, 10 Aug 2020 06:41:23 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id D365C86B11; Mon, 10 Aug 2020 06:41:23 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 656861BF48C for ; Mon, 10 Aug 2020 06:41:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 953F684D8E for ; Mon, 10 Aug 2020 06:41:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QcNpsyVIhhGm for ; Mon, 10 Aug 2020 06:41:19 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout03.t-online.de (mailout03.t-online.de [194.25.134.81]) by whitealder.osuosl.org (Postfix) with ESMTPS id 911B887EB1 for ; Mon, 10 Aug 2020 06:41:19 +0000 (UTC) Received: from fwd29.aul.t-online.de (fwd29.aul.t-online.de [172.20.26.134]) by mailout03.t-online.de (Postfix) with SMTP id 0F1C74211C72 for ; Mon, 10 Aug 2020 08:41:17 +0200 (CEST) Received: from fli4l.lan.fli4l (Vy-Rc2ZOghbtmgYAeZUUpVuP6pOxsiDaB8ZEyzv+sRVVQxp8fDrESQHA0a1iqJdQ-N@[91.58.2.79]) by fwd29.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1k51Uc-2PBr960; Mon, 10 Aug 2020 08:41:10 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:46436) by fli4l.lan.fli4l with esmtp (Exim 4.94) (envelope-from ) id 1k51Ub-00014h-Ur for buildroot@buildroot.org; Mon, 10 Aug 2020 08:41:10 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Mon, 10 Aug 2020 08:41:09 +0200 Message-Id: <20200810064109.447089-1-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-ID: Vy-Rc2ZOghbtmgYAeZUUpVuP6pOxsiDaB8ZEyzv+sRVVQxp8fDrESQHA0a1iqJdQ-N X-TOI-EXPURGATEID: 150726::1597041670-0000FF93-2540085A/0/0 CLEAN NORMAL X-TOI-MSGID: 775db100-5f82-420a-b2af-899f21677963 Subject: [Buildroot] [PATCH 1/1] package/x11r7/xserver_xorg-server: add security fix for CVE-2020-14347 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Release notes: https://lists.x.org/archives/xorg-announce/2020-July/003051.html Signed-off-by: Bernd Kuhls --- .../1.20.8/0007-fix-for-ZDI-11426.patch | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 package/x11r7/xserver_xorg-server/1.20.8/0007-fix-for-ZDI-11426.patch diff --git a/package/x11r7/xserver_xorg-server/1.20.8/0007-fix-for-ZDI-11426.patch b/package/x11r7/xserver_xorg-server/1.20.8/0007-fix-for-ZDI-11426.patch new file mode 100644 index 0000000000..ce623b24cb --- /dev/null +++ b/package/x11r7/xserver_xorg-server/1.20.8/0007-fix-for-ZDI-11426.patch @@ -0,0 +1,36 @@ +From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb +Date: Sat, 25 Jul 2020 19:33:50 +0200 +Subject: [PATCH] fix for ZDI-11426 + +Avoid leaking un-initalized memory to clients by zeroing the +whole pixmap on initial allocation. + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb +Reviewed-by: Alan Coopersmith +Signed-off-by: Bernd Kuhls +[downloaded from upstream commit + https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816] +--- + dix/pixmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dix/pixmap.c b/dix/pixmap.c +index 1186d7dbbf..5a0146bbb6 100644 +--- a/dix/pixmap.c ++++ b/dix/pixmap.c +@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) + if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) + return NullPixmap; + +- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); ++ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); + if (!pPixmap) + return NullPixmap; + +-- +GitLab +