diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-02-07 20:48:57 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-02-08 13:30:32 +0100 |
commit | 4b5e1863bb865ca0e78d376a8a76869bf0e023c6 (patch) | |
tree | b254877285f9e476aff39213558093bf7365e937 /patches/source | |
parent | ad40d2a62a3d9772ffd95038a73f7e957c39950b (diff) | |
download | current-20230207204857_15.0.tar.gz current-20230207204857_15.0.tar.xz |
Tue Feb 7 20:48:57 UTC 202320230207204857_15.0
patches/packages/openssl-1.1.1t-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
X.400 address type confusion in X.509 GeneralName.
Timing Oracle in RSA Decryption.
Use-after-free following BIO_new_NDEF.
Double free after calling PEM_read_bio_ex.
For more information, see:
https://www.openssl.org/news/secadv/20230207.txt
https://www.cve.org/CVERecord?id=CVE-2023-0286
https://www.cve.org/CVERecord?id=CVE-2022-4304
https://www.cve.org/CVERecord?id=CVE-2023-0215
https://www.cve.org/CVERecord?id=CVE-2022-4450
(* Security fix *)
patches/packages/openssl-solibs-1.1.1t-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
[PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses.
Also merged another patch to prevent crashes when using a compositor with
the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0494
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txz: Rebuilt.
[PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses.
Also merged another patch to prevent crashes when using a compositor with
the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0494
(* Security fix *)
Diffstat (limited to 'patches/source')
7 files changed, 170 insertions, 2 deletions
diff --git a/patches/source/xorg-server-xwayland/857.patch b/patches/source/xorg-server-xwayland/857.patch new file mode 100644 index 000000000..aad6394c4 --- /dev/null +++ b/patches/source/xorg-server-xwayland/857.patch @@ -0,0 +1,43 @@ +From d2ce97bd02c16ae162c49f76a00fc858035f288e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?B=C5=82a=C5=BCej=20Szczygie=C5=82?= <spaz16@wp.pl> +Date: Thu, 13 Jan 2022 00:47:27 +0100 +Subject: [PATCH] present: Check for NULL to prevent crash +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1275 +Signed-off-by: Błażej Szczygieł <spaz16@wp.pl> +Tested-by: Aaron Plattner <aplattner@nvidia.com> +(cherry picked from commit 22d5818851967408bb7c903cb345b7ca8766094c) +--- + present/present_scmd.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/present/present_scmd.c b/present/present_scmd.c +index 3c68e690b..11391adbb 100644 +--- a/present/present_scmd.c ++++ b/present/present_scmd.c +@@ -168,6 +168,9 @@ present_scmd_get_crtc(present_screen_priv_ptr screen_priv, WindowPtr window) + if (!screen_priv->info) + return NULL; + ++ if (!screen_priv->info->get_crtc) ++ return NULL; ++ + return (*screen_priv->info->get_crtc)(window); + } + +@@ -206,6 +209,9 @@ present_flush(WindowPtr window) + if (!screen_priv->info) + return; + ++ if (!screen_priv->info->flush) ++ return; ++ + (*screen_priv->info->flush) (window); + } + +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/CVE-2023-0494.patch b/patches/source/xorg-server-xwayland/CVE-2023-0494.patch new file mode 100644 index 000000000..96ed78361 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2023-0494.patch @@ -0,0 +1,34 @@ +From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed, 25 Jan 2023 11:41:40 +1000 +Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses + +CVE-2023-0494, ZDI-CAN-19596 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + Xi/exevents.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Xi/exevents.c b/Xi/exevents.c +index 217baa956..dcd4efb3b 100644 +--- a/Xi/exevents.c ++++ b/Xi/exevents.c +@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) + memcpy(to->button->xkb_acts, from->button->xkb_acts, + sizeof(XkbAction)); + } +- else ++ else { + free(to->button->xkb_acts); ++ to->button->xkb_acts = NULL; ++ } + + memcpy(to->button->labels, from->button->labels, + from->button->numButtons * sizeof(Atom)); +-- +GitLab + diff --git a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild index df91416df..47e83e8ff 100755 --- a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild +++ b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=xorg-server-xwayland SRCNAM=xwayland VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5_slack15.0} +BUILD=${BUILD:-6_slack15.0} # Default font paths to be used by the X server: DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" @@ -100,6 +100,13 @@ zcat $CWD/CVE-2022-46344.patch.gz | patch -p1 --verbose || exit 1 # Fix a bug in the previous patch: zcat $CWD/CVE-2022-46340.correction.patch.gz | patch -p1 --verbose || exit 1 +# Patch another security issue: +zcat $CWD/CVE-2023-0494.patch.gz | patch -p1 --verbose || exit 1 + +# [PATCH] present: Check for NULL to prevent crash. +# This prevents a crash with recent NVIDIA drivers. +zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1 + # Configure, build, and install: export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS" diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server index d71bf96f6..7952b0566 100644 --- a/patches/source/xorg-server/build/xorg-server +++ b/patches/source/xorg-server/build/xorg-server @@ -1 +1 @@ -6_slack15.0 +7_slack15.0 diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch index bd20a0714..c0a9b1426 100644 --- a/patches/source/xorg-server/patch/xorg-server.patch +++ b/patches/source/xorg-server/patch/xorg-server.patch @@ -49,3 +49,10 @@ zcat $CWD/patch/xorg-server/CVE-2022-46344.patch.gz | patch -p1 --verbose || { t # Fix a bug in the previous patch: zcat $CWD/patch/xorg-server/CVE-2022-46340.correction.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# Patch another security issue: +zcat $CWD/patch/xorg-server/CVE-2023-0494.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# [PATCH] present: Check for NULL to prevent crash. +# This prevents a crash with recent NVIDIA drivers. +zcat $CWD/patch/xorg-server/857.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/patches/source/xorg-server/patch/xorg-server/857.patch b/patches/source/xorg-server/patch/xorg-server/857.patch new file mode 100644 index 000000000..aad6394c4 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/857.patch @@ -0,0 +1,43 @@ +From d2ce97bd02c16ae162c49f76a00fc858035f288e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?B=C5=82a=C5=BCej=20Szczygie=C5=82?= <spaz16@wp.pl> +Date: Thu, 13 Jan 2022 00:47:27 +0100 +Subject: [PATCH] present: Check for NULL to prevent crash +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1275 +Signed-off-by: Błażej Szczygieł <spaz16@wp.pl> +Tested-by: Aaron Plattner <aplattner@nvidia.com> +(cherry picked from commit 22d5818851967408bb7c903cb345b7ca8766094c) +--- + present/present_scmd.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/present/present_scmd.c b/present/present_scmd.c +index 3c68e690b..11391adbb 100644 +--- a/present/present_scmd.c ++++ b/present/present_scmd.c +@@ -168,6 +168,9 @@ present_scmd_get_crtc(present_screen_priv_ptr screen_priv, WindowPtr window) + if (!screen_priv->info) + return NULL; + ++ if (!screen_priv->info->get_crtc) ++ return NULL; ++ + return (*screen_priv->info->get_crtc)(window); + } + +@@ -206,6 +209,9 @@ present_flush(WindowPtr window) + if (!screen_priv->info) + return; + ++ if (!screen_priv->info->flush) ++ return; ++ + (*screen_priv->info->flush) (window); + } + +-- +GitLab + diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch new file mode 100644 index 000000000..96ed78361 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch @@ -0,0 +1,34 @@ +From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed, 25 Jan 2023 11:41:40 +1000 +Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses + +CVE-2023-0494, ZDI-CAN-19596 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + Xi/exevents.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Xi/exevents.c b/Xi/exevents.c +index 217baa956..dcd4efb3b 100644 +--- a/Xi/exevents.c ++++ b/Xi/exevents.c +@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) + memcpy(to->button->xkb_acts, from->button->xkb_acts, + sizeof(XkbAction)); + } +- else ++ else { + free(to->button->xkb_acts); ++ to->button->xkb_acts = NULL; ++ } + + memcpy(to->button->labels, from->button->labels, + from->button->numButtons * sizeof(Atom)); +-- +GitLab + |