diff options
Diffstat (limited to 'source')
21 files changed, 51 insertions, 218 deletions
diff --git a/source/ap/inxi/inxi.SlackBuild b/source/ap/inxi/inxi.SlackBuild index 2e5e02b07..4f0bf8bb9 100755 --- a/source/ap/inxi/inxi.SlackBuild +++ b/source/ap/inxi/inxi.SlackBuild @@ -23,7 +23,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=inxi -VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | cut -f 2- -d - | rev | cut -f 3- -d . | rev)} BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: @@ -40,7 +40,7 @@ fi # the name of the created package would be, and then exit. This information # could be useful to other scripts. if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then - echo "$PKGNAM-$VERSION-noarch-$BUILD.txz" + echo "$PKGNAM-$(echo $VERSION | tr - _)-noarch-$BUILD.txz" exit 0 fi @@ -120,4 +120,4 @@ mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG -/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-noarch-$BUILD.txz +/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$(echo $VERSION | tr - _)-noarch-$BUILD.txz diff --git a/source/installer/ChangeLog.txt b/source/installer/ChangeLog.txt index 3c4e5c92d..6710d1413 100644 --- a/source/installer/ChangeLog.txt +++ b/source/installer/ChangeLog.txt @@ -1,3 +1,7 @@ +Wed Dec 15 04:07:42 UTC 2021 + /sbin/probe: Discover MMC storage devices using lsblk. + Thanks to Stuart Winter. ++--------------------------+ Sun Nov 7 06:11:40 UTC 2021 usr/lib/setup/setup: Added 'power off' to the list of available options ('reboot' and 'shell'), when the installer completes successfully. diff --git a/source/installer/sources/initrd/sbin/probe b/source/installer/sources/initrd/sbin/probe index f7ab07ab8..3b481432f 100755 --- a/source/installer/sources/initrd/sbin/probe +++ b/source/installer/sources/initrd/sbin/probe @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # This is 'probe', a wrapper for using fdisk to gather drive info for # the Slackware setup scripts. I hate to bounce this much garbage through # a tmpdir, but it looks like large variables can make ash crash... @@ -140,16 +140,24 @@ list_amiraid() { fi } +#list_mmc() { +# # find drive +# DRV=`expr $2 / 8` +# NUM=`expr $2 % 8` +# if [ "$NUM" = "0" ]; then +# fdisk -l /dev/mmcblk$DRV >> $TMP/SeTfdisk +# #output_gpt_partitions /dev/mmcblk$DRV >> $TMP/SeTfdisk +# else +# return +# fi +#} list_mmc() { - # find drive - DRV=`expr $2 / 8` - NUM=`expr $2 % 8` - if [ "$NUM" = "0" ]; then - fdisk -l /dev/mmcblk$DRV >> $TMP/SeTfdisk - #output_gpt_partitions /dev/mmcblk$DRV >> $TMP/SeTfdisk - else - return - fi + local device + # Filter out any partitions on the block device, as we'll use + # fdisk to capture those: + lsblk -o name,type -ripnd /dev/mmcblk* | egrep 'disk$' | awk '{print $1}' | while read device ; do + fdisk -l $device >> $TMP/SeTfdisk + done } list_nvme() { diff --git a/source/k/kernel-configs/config-generic-5.15.8 b/source/k/kernel-configs/config-generic-5.15.9 index d26f4d8a6..a5162bf64 100644 --- a/source/k/kernel-configs/config-generic-5.15.8 +++ b/source/k/kernel-configs/config-generic-5.15.9 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.8 Kernel Configuration +# Linux/x86 5.15.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -9291,6 +9291,7 @@ CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_SECURITY_LABEL=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y # CONFIG_NFS_DISABLE_UDP_SUPPORT is not set # CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFSD=m @@ -9316,7 +9317,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_SUNRPC_SWAP=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set -# CONFIG_SUNRPC_DEBUG is not set +CONFIG_SUNRPC_DEBUG=y CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y diff --git a/source/k/kernel-configs/config-generic-5.15.8.x64 b/source/k/kernel-configs/config-generic-5.15.9.x64 index 4b416d197..583f90d65 100644 --- a/source/k/kernel-configs/config-generic-5.15.8.x64 +++ b/source/k/kernel-configs/config-generic-5.15.9.x64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.8 Kernel Configuration +# Linux/x86 5.15.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -9313,6 +9313,7 @@ CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_SECURITY_LABEL=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y # CONFIG_NFS_DISABLE_UDP_SUPPORT is not set # CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFSD=m @@ -9338,7 +9339,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_SUNRPC_SWAP=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set -# CONFIG_SUNRPC_DEBUG is not set +CONFIG_SUNRPC_DEBUG=y CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y diff --git a/source/k/kernel-configs/config-generic-smp-5.15.8-smp b/source/k/kernel-configs/config-generic-smp-5.15.9-smp index 763616e68..d284939e2 100644 --- a/source/k/kernel-configs/config-generic-smp-5.15.8-smp +++ b/source/k/kernel-configs/config-generic-smp-5.15.9-smp @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.8 Kernel Configuration +# Linux/x86 5.15.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -9358,6 +9358,7 @@ CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_SECURITY_LABEL=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y # CONFIG_NFS_DISABLE_UDP_SUPPORT is not set # CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFSD=m @@ -9383,7 +9384,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_SUNRPC_SWAP=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set -# CONFIG_SUNRPC_DEBUG is not set +CONFIG_SUNRPC_DEBUG=y CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y diff --git a/source/k/kernel-configs/config-huge-5.15.8 b/source/k/kernel-configs/config-huge-5.15.9 index 284d988ec..562b705e7 100644 --- a/source/k/kernel-configs/config-huge-5.15.8 +++ b/source/k/kernel-configs/config-huge-5.15.9 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.8 Kernel Configuration +# Linux/x86 5.15.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -9291,6 +9291,7 @@ CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_SECURITY_LABEL=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y # CONFIG_NFS_DISABLE_UDP_SUPPORT is not set # CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFSD=y @@ -9316,7 +9317,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_SUNRPC_SWAP=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set -# CONFIG_SUNRPC_DEBUG is not set +CONFIG_SUNRPC_DEBUG=y CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y diff --git a/source/k/kernel-configs/config-huge-5.15.8.x64 b/source/k/kernel-configs/config-huge-5.15.9.x64 index a93e295e6..134af3747 100644 --- a/source/k/kernel-configs/config-huge-5.15.8.x64 +++ b/source/k/kernel-configs/config-huge-5.15.9.x64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.8 Kernel Configuration +# Linux/x86 5.15.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -9313,6 +9313,7 @@ CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_SECURITY_LABEL=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y # CONFIG_NFS_DISABLE_UDP_SUPPORT is not set # CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFSD=y @@ -9338,7 +9339,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_SUNRPC_SWAP=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set -# CONFIG_SUNRPC_DEBUG is not set +CONFIG_SUNRPC_DEBUG=y CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y diff --git a/source/k/kernel-configs/config-huge-smp-5.15.8-smp b/source/k/kernel-configs/config-huge-smp-5.15.9-smp index 5a7ee312c..60b189600 100644 --- a/source/k/kernel-configs/config-huge-smp-5.15.8-smp +++ b/source/k/kernel-configs/config-huge-smp-5.15.9-smp @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.8 Kernel Configuration +# Linux/x86 5.15.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -9358,6 +9358,7 @@ CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_SECURITY_LABEL=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y # CONFIG_NFS_DISABLE_UDP_SUPPORT is not set # CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFSD=y @@ -9383,7 +9384,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_SUNRPC_SWAP=y CONFIG_RPCSEC_GSS_KRB5=m # CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set -# CONFIG_SUNRPC_DEBUG is not set +CONFIG_SUNRPC_DEBUG=y CONFIG_SUNRPC_XPRT_RDMA=m CONFIG_CEPH_FS=m CONFIG_CEPH_FSCACHE=y diff --git a/source/l/mozilla-nss/mozilla-nss.SlackBuild b/source/l/mozilla-nss/mozilla-nss.SlackBuild index dda2d2fb0..ece5ad4f4 100755 --- a/source/l/mozilla-nss/mozilla-nss.SlackBuild +++ b/source/l/mozilla-nss/mozilla-nss.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=mozilla-nss SRCNAM=nss -VERSION=${VERSION:-3.73} +VERSION=${VERSION:-3.73.1} NSPR=${NSPR:-4.32} BUILD=${BUILD:-1} diff --git a/source/n/iputils/iputils.SlackBuild b/source/n/iputils/iputils.SlackBuild index 965ba6235..052e7212b 100755 --- a/source/n/iputils/iputils.SlackBuild +++ b/source/n/iputils/iputils.SlackBuild @@ -93,14 +93,13 @@ meson setup \ --sysconfdir=/etc \ --localstatedir=/var \ --buildtype=release \ - -DBUILD_TRACEROUTE6=true \ -DBUILD_RARPD=true \ .. || exit 1 "${NINJA:=ninja}" $NUMJOBS || exit 1 cd .. cd meson-build -strip arping clockdiff ninfod/ninfod ping/ping rarpd rdisc tracepath traceroute6 +strip arping clockdiff ninfod/ninfod ping/ping rarpd rdisc tracepath mkdir -p $PKG/sbin cat arping > $PKG/sbin/arping chmod 755 $PKG/sbin/arping @@ -119,13 +118,11 @@ chmod 755 $PKG/usr/sbin/rarpd $PKG/usr/sbin/rdisc mkdir -p $PKG/usr/bin cat tracepath > $PKG/usr/bin/tracepath ( cd $PKG/usr/bin ; ln -sf tracepath tracepath6 ) -cat traceroute6 > $PKG/usr/bin/traceroute6 chmod 755 $PKG/usr/bin/tracepath* -chmod 4711 $PKG/usr/bin/traceroute6 mkdir -p $PKG/usr/man/man8 ( cd doc - for file in arping clockdiff ninfod ping rarpd rdisc tracepath traceroute6 ; do + for file in arping clockdiff ninfod ping rarpd rdisc tracepath ; do cat $file.8 | gzip -9c > $PKG/usr/man/man8/$file.8.gz done cd $PKG/usr/man/man8 diff --git a/source/n/iputils/iputils.docbook.revert.diff b/source/n/iputils/iputils.docbook.revert.diff index 1658f89bf..8521cc9c6 100644 --- a/source/n/iputils/iputils.docbook.revert.diff +++ b/source/n/iputils/iputils.docbook.revert.diff @@ -25,14 +25,6 @@ xml:id="man.ninfod"> <refentryinfo> ---- ./doc/traceroute6.xml.orig 2019-07-09 15:55:49.000000000 -0500 -+++ ./doc/traceroute6.xml 2019-07-19 11:58:32.004331384 -0500 -@@ -1,4 +1,4 @@ --<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" -+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" - xml:id="man.traceroute6"> - - <refentryinfo> --- ./doc/rdisc.xml.orig 2019-07-09 15:55:49.000000000 -0500 +++ ./doc/rdisc.xml 2019-07-19 11:58:32.001331384 -0500 @@ -1,4 +1,4 @@ @@ -115,11 +107,3 @@ xml:id="man.tracepath"> <refentryinfo> ---- ./doc/tftpd.xml.orig 2019-07-09 15:55:49.000000000 -0500 -+++ ./doc/tftpd.xml 2019-07-19 11:58:32.002331384 -0500 -@@ -1,4 +1,4 @@ --<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" -+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" - xml:id="man.tftpd"> - - <refentryinfo> diff --git a/source/n/iputils/slack-desc b/source/n/iputils/slack-desc index bd898b148..69ef77f81 100644 --- a/source/n/iputils/slack-desc +++ b/source/n/iputils/slack-desc @@ -11,7 +11,7 @@ iputils: iputils: The iputils package contains network tools found on nearly all *NIX iputils: systems, along with an extra or two. Some of the utilities found iputils: here include arping, clockdiff, ping, ping6, rarpd, rdisc, tracepath, -iputils: tracepath6, and traceroute6. +iputils: and tracepath6. iputils: iputils: iputils is maintained by YOSHIFUJI Hideaki. iputils: diff --git a/source/n/php/fetch-php.sh b/source/n/php/fetch-php.sh index bed5b7213..e7530dff7 100755 --- a/source/n/php/fetch-php.sh +++ b/source/n/php/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-7.4.26.tar.xz.asc -lftpget http://us.php.net/distributions/php-7.4.26.tar.xz +lftpget http://us.php.net/distributions/php-7.4.27.tar.xz.asc +lftpget http://us.php.net/distributions/php-7.4.27.tar.xz diff --git a/source/x/x11/build/xorg-server b/source/x/x11/build/xorg-server index 0cfbf0888..d00491fd7 100644 --- a/source/x/x11/build/xorg-server +++ b/source/x/x11/build/xorg-server @@ -1 +1 @@ -2 +1 diff --git a/source/x/x11/configure/xorg-server b/source/x/x11/configure/xorg-server index c107644e0..c1a5c2e3b 100644 --- a/source/x/x11/configure/xorg-server +++ b/source/x/x11/configure/xorg-server @@ -17,7 +17,7 @@ BUILD_SERVERS="--enable-xorg \ $XWAYLAND_OPTION \ --enable-config-udev \ --disable-config-hal \ - --disable-systemd-logind" + --enable-systemd-logind" #MESA_VERSION=${MESA_VERSION:-7.5} # unused in 1.7+ diff --git a/source/x/x11/patch/xorg-server.patch b/source/x/x11/patch/xorg-server.patch index 72b8e30a3..e1e5d20f6 100644 --- a/source/x/x11/patch/xorg-server.patch +++ b/source/x/x11/patch/xorg-server.patch @@ -28,9 +28,3 @@ zcat $CWD/patch/xorg-server/fix-pci-segfault.diff.gz | patch -p1 --verbose || { # Only use Intel DDX with pre-gen4 hardware. Newer hardware will the the modesetting driver by default: zcat $CWD/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } - -# Security fixes: -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } -zcat $CWD/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch deleted file mode 100644 index e13edff70..000000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4008.ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60.patch +++ /dev/null @@ -1,52 +0,0 @@ -From ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:03 +0200 -Subject: [PATCH] render: Fix out of bounds access in - SProcRenderCompositeGlyphs() - -ZDI-CAN-14192, CVE-2021-4008 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - render/render.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/render/render.c b/render/render.c -index c376090ca..456f156d4 100644 ---- a/render/render.c -+++ b/render/render.c -@@ -2309,6 +2309,9 @@ SProcRenderCompositeGlyphs(ClientPtr client) - - i = elt->len; - if (i == 0xff) { -+ if (buffer + 4 > end) { -+ return BadLength; -+ } - swapl((int *) buffer); - buffer += 4; - } -@@ -2319,12 +2322,18 @@ SProcRenderCompositeGlyphs(ClientPtr client) - buffer += i; - break; - case 2: -+ if (buffer + i * 2 > end) { -+ return BadLength; -+ } - while (i--) { - swaps((short *) buffer); - buffer += 2; - } - break; - case 4: -+ if (buffer + i * 4 > end) { -+ return BadLength; -+ } - while (i--) { - swapl((int *) buffer); - buffer += 4; --- -GitLab - diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch deleted file mode 100644 index 9a5c3feb9..000000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4009.b5196750099ae6ae582e1f46bd0a6dad29550e02.patch +++ /dev/null @@ -1,43 +0,0 @@ -From b5196750099ae6ae582e1f46bd0a6dad29550e02 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:01 +0200 -Subject: [PATCH] xfixes: Fix out of bounds access in - *ProcXFixesCreatePointerBarrier() - -ZDI-CAN-14950, CVE-2021-4009 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - xfixes/cursor.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/xfixes/cursor.c b/xfixes/cursor.c -index 60580b88f..c5d4554b2 100644 ---- a/xfixes/cursor.c -+++ b/xfixes/cursor.c -@@ -1010,7 +1010,8 @@ ProcXFixesCreatePointerBarrier(ClientPtr client) - { - REQUEST(xXFixesCreatePointerBarrierReq); - -- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); -+ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, -+ pad_to_int32(stuff->num_devices * sizeof(CARD16))); - LEGAL_NEW_RESOURCE(stuff->barrier, client); - - return XICreatePointerBarrier(client, stuff); -@@ -1027,7 +1028,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client) - - swaps(&stuff->length); - swaps(&stuff->num_devices); -- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); -+ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, -+ pad_to_int32(stuff->num_devices * sizeof(CARD16))); - - swapl(&stuff->barrier); - swapl(&stuff->window); --- -GitLab - diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch deleted file mode 100644 index 49e23468f..000000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4010.6c4c53010772e3cb4cb8acd54950c8eec9c00d21.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6c4c53010772e3cb4cb8acd54950c8eec9c00d21 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:02 +0200 -Subject: [PATCH] Xext: Fix out of bounds access in SProcScreenSaverSuspend() - -ZDI-CAN-14951, CVE-2021-4010 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - Xext/saver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Xext/saver.c b/Xext/saver.c -index 1d7e3cadf..f813ba08d 100644 ---- a/Xext/saver.c -+++ b/Xext/saver.c -@@ -1351,8 +1351,8 @@ SProcScreenSaverSuspend(ClientPtr client) - REQUEST(xScreenSaverSuspendReq); - - swaps(&stuff->length); -- swapl(&stuff->suspend); - REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); -+ swapl(&stuff->suspend); - return ProcScreenSaverSuspend(client); - } - --- -GitLab - diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch deleted file mode 100644 index 2f3e41970..000000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e56f61c79fc3cee26d83cda0f84ae56d5979f768 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:00 +0200 -Subject: [PATCH] record: Fix out of bounds access in SwapCreateRegister() - -ZDI-CAN-14952, CVE-2021-4011 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - record/record.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/record/record.c b/record/record.c -index be154525d..e123867a7 100644 ---- a/record/record.c -+++ b/record/record.c -@@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) - swapl(pClientID); - } - if (stuff->nRanges > -- client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) -- - stuff->nClients) -+ (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) -+ - stuff->nClients) / bytes_to_int32(sz_xRecordRange)) - return BadLength; - RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); - return Success; --- -GitLab - |