diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2021-12-16 21:34:10 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2021-12-17 08:59:54 +0100 |
commit | d5c267841ae969914a7a7d3265d40931171c2f44 (patch) | |
tree | 5091b85975f4b3237acbf636e7ac935938105f47 /source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch | |
parent | 2ff75b95af8c63e8c2ab2b6b551e09ab39432e8b (diff) | |
download | current-d5c267841ae969914a7a7d3265d40931171c2f44.tar.gz current-d5c267841ae969914a7a7d3265d40931171c2f44.tar.xz |
Thu Dec 16 21:34:10 UTC 202120211216213410
a/kernel-firmware-20211216_f682ecb-noarch-1.txz: Upgraded.
a/kernel-generic-5.15.9-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.9-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.9-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1m-x86_64-1.txz: Upgraded.
ap/inxi-3.3.10_1-noarch-1.txz: Upgraded.
Thanks to h2-1.
d/kernel-headers-5.15.9-x86-1.txz: Upgraded.
d/vala-0.54.5-x86_64-1.txz: Upgraded.
k/kernel-source-5.15.9-noarch-1.txz: Upgraded.
SUNRPC_DEBUG n -> y
+NFS_DEBUG y
Thanks to bassmadrigal.
kde/latte-dock-0.10.5-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.73.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.42-x86_64-1.txz: Upgraded.
n/iputils-20211215-x86_64-1.txz: Upgraded.
n/openssl-1.1.1m-x86_64-1.txz: Upgraded.
n/php-7.4.27-x86_64-1.txz: Upgraded.
x/xorg-server-1.20.14-x86_64-1.txz: Upgraded.
Built using --enable-systemd-logind to use elogind for device setup.
Some code changes would be required in xorg-server, xinit, and various login
managers to make rootless X work out of the box or to fall back in cases
where elogind isn't supported, and those changes aren't appropriate here in
the RC stage, but you can try it without recompiling:
chmod 755 /usr/libexec/Xorg*
Thanks to LuckyCyborg.
x/xorg-server-xephyr-1.20.14-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.14-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.14-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.4.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.4.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to '')
-rw-r--r-- | source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch b/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch deleted file mode 100644 index 2f3e41970..000000000 --- a/source/x/x11/patch/xorg-server/xorg-server.CVE-2021-4011.e56f61c79fc3cee26d83cda0f84ae56d5979f768.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e56f61c79fc3cee26d83cda0f84ae56d5979f768 Mon Sep 17 00:00:00 2001 -From: Povilas Kanapickas <povilas@radix.lt> -Date: Tue, 14 Dec 2021 15:00:00 +0200 -Subject: [PATCH] record: Fix out of bounds access in SwapCreateRegister() - -ZDI-CAN-14952, CVE-2021-4011 - -This vulnerability was discovered and the fix was suggested by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Povilas Kanapickas <povilas@radix.lt> ---- - record/record.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/record/record.c b/record/record.c -index be154525d..e123867a7 100644 ---- a/record/record.c -+++ b/record/record.c -@@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) - swapl(pClientID); - } - if (stuff->nRanges > -- client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) -- - stuff->nClients) -+ (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) -+ - stuff->nClients) / bytes_to_int32(sz_xRecordRange)) - return BadLength; - RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); - return Success; --- -GitLab - |