summaryrefslogtreecommitdiffstats
path: root/patches
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-03-29 20:56:21 +0000
committer Eric Hameleers <alien@slackware.com>2023-03-30 13:30:41 +0200
commit5b606a9169015941ec3d0dfb0bf99299cf435240 (patch)
treeaf399e50cb4b650a300e1e8c13104d5558cff646 /patches
parent694953a02401ef2e4b4ee493a3ad3a1cc50e32bb (diff)
downloadcurrent-5b606a9169015941ec3d0dfb0bf99299cf435240.tar.gz
current-5b606a9169015941ec3d0dfb0bf99299cf435240.tar.xz
Wed Mar 29 20:56:21 UTC 202320230329205621_15.0
patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ https://www.cve.org/CVERecord?id=CVE-2023-28427 (* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. [PATCH] composite: Fix use-after-free of the COW. Fix use-after-free that can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. For more information, see: https://lists.x.org/archives/xorg-announce/2023-March/003374.html https://www.cve.org/CVERecord?id=CVE-2023-1393 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz: Rebuilt. [PATCH] composite: Fix use-after-free of the COW. Fix use-after-free that can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. For more information, see: https://lists.x.org/archives/xorg-announce/2023-March/003374.html https://www.cve.org/CVERecord?id=CVE-2023-1393 (* Security fix *)
Diffstat (limited to 'patches')
-rw-r--r--patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txt (renamed from patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt)0
-rw-r--r--patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txt (renamed from patches/packages/mozilla-thunderbird-102.9.0-x86_64-1_slack15.0.txt)0
-rw-r--r--patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt (renamed from patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txt)0
-rw-r--r--patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt (renamed from patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txt)0
-rw-r--r--patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt (renamed from patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txt)0
-rw-r--r--patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt (renamed from patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txt)0
-rw-r--r--patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt (renamed from patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txt)0
-rw-r--r--patches/source/xorg-server-xwayland/CVE-2023-1393.patch42
-rwxr-xr-xpatches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild5
-rw-r--r--patches/source/xorg-server/build/xorg-server2
-rw-r--r--patches/source/xorg-server/patch/xorg-server.patch3
-rw-r--r--patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch42
12 files changed, 92 insertions, 2 deletions
diff --git a/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt b/patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txt
index c6e7a698e..c6e7a698e 100644
--- a/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt
+++ b/patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txt
diff --git a/patches/packages/mozilla-thunderbird-102.9.0-x86_64-1_slack15.0.txt b/patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txt
index 5acb7b92e..5acb7b92e 100644
--- a/patches/packages/mozilla-thunderbird-102.9.0-x86_64-1_slack15.0.txt
+++ b/patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txt
diff --git a/patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txt b/patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt
index ec0248ea9..ec0248ea9 100644
--- a/patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txt
+++ b/patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt
diff --git a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txt b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt
index 2ffb35f60..2ffb35f60 100644
--- a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txt
+++ b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt
diff --git a/patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txt b/patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt
index 9c7075278..9c7075278 100644
--- a/patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txt
+++ b/patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt
diff --git a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txt b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt
index 675c628db..675c628db 100644
--- a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txt
+++ b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt
diff --git a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txt b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt
index 44e18f2cf..44e18f2cf 100644
--- a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txt
+++ b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt
diff --git a/patches/source/xorg-server-xwayland/CVE-2023-1393.patch b/patches/source/xorg-server-xwayland/CVE-2023-1393.patch
new file mode 100644
index 000000000..0d859d6c1
--- /dev/null
+++ b/patches/source/xorg-server-xwayland/CVE-2023-1393.patch
@@ -0,0 +1,42 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+---
+ composite/compwindow.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86b..b30da589e9 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+ ret = (*pScreen->DestroyWindow) (pWin);
+ cs->DestroyWindow = pScreen->DestroyWindow;
+ pScreen->DestroyWindow = compDestroyWindow;
++
++ /* Did we just destroy the overlay window? */
++ if (pWin == cs->pOverlayWin)
++ cs->pOverlayWin = NULL;
++
+ /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+ return ret;
+ }
+--
+GitLab
+
diff --git a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
index 47e83e8ff..7d7d88d20 100755
--- a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
+++ b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=xorg-server-xwayland
SRCNAM=xwayland
VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-6_slack15.0}
+BUILD=${BUILD:-7_slack15.0}
# Default font paths to be used by the X server:
DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic"
@@ -103,6 +103,9 @@ zcat $CWD/CVE-2022-46340.correction.patch.gz | patch -p1 --verbose || exit 1
# Patch another security issue:
zcat $CWD/CVE-2023-0494.patch.gz | patch -p1 --verbose || exit 1
+# Patch another security issue:
+zcat $CWD/CVE-2023-1393.patch.gz | patch -p1 --verbose || exit 1
+
# [PATCH] present: Check for NULL to prevent crash.
# This prevents a crash with recent NVIDIA drivers.
zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1
diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server
index 7952b0566..05965f95a 100644
--- a/patches/source/xorg-server/build/xorg-server
+++ b/patches/source/xorg-server/build/xorg-server
@@ -1 +1 @@
-7_slack15.0
+8_slack15.0
diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch
index c0a9b1426..e95f8b86f 100644
--- a/patches/source/xorg-server/patch/xorg-server.patch
+++ b/patches/source/xorg-server/patch/xorg-server.patch
@@ -56,3 +56,6 @@ zcat $CWD/patch/xorg-server/CVE-2023-0494.patch.gz | patch -p1 --verbose || { to
# [PATCH] present: Check for NULL to prevent crash.
# This prevents a crash with recent NVIDIA drivers.
zcat $CWD/patch/xorg-server/857.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
+# Patch another security issue:
+zcat $CWD/patch/xorg-server/CVE-2023-1393.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch
new file mode 100644
index 000000000..0d859d6c1
--- /dev/null
+++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch
@@ -0,0 +1,42 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+---
+ composite/compwindow.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86b..b30da589e9 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+ ret = (*pScreen->DestroyWindow) (pWin);
+ cs->DestroyWindow = pScreen->DestroyWindow;
+ pScreen->DestroyWindow = compDestroyWindow;
++
++ /* Did we just destroy the overlay window? */
++ if (pWin == cs->pOverlayWin)
++ cs->pOverlayWin = NULL;
++
+ /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+ return ret;
+ }
+--
+GitLab
+