diff options
| author |   Donnie Berkholz <dberkholz@gentoo.org> | 2008-01-18 21:31:34 +0000 |
|---|---|---|
| committer | Donnie Berkholz <dberkholz@gentoo.org> | 2008-01-18 21:31:34 +0000 |
| commit | 7854ae31f466024e1cd74254fbe8905b25813688 (patch) | |
| tree | a6600aceba4e6a9e9d321e874482e78b1828097a | |
| parent | more QA_ configurations for x86 (diff) | |
| download | gentoo-2-7854ae31f466024e1cd74254fbe8905b25813688.tar.gz gentoo-2-7854ae31f466024e1cd74254fbe8905b25813688.tar.bz2 gentoo-2-7854ae31f466024e1cd74254fbe8905b25813688.zip | |
(#206490, #204362) Fix major regression in the MIT-SHM patch of the security bump that prevented many applications (but apparently none that any distro developers use, since this slipped by every distro) from running.
(Portage version: 2.1.4)
| -rw-r--r-- | x11-base/xorg-server/ChangeLog | 13 | ||||
| -rw-r--r-- | x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch | 85 | ||||
| -rw-r--r-- | x11-base/xorg-server/files/digest-xorg-server-1.3.0.0-r4 (renamed from x11-base/xorg-server/files/digest-xorg-server-1.3.0.0-r3) | 0 | ||||
| -rw-r--r-- | x11-base/xorg-server/files/digest-xorg-server-1.4.0.90-r2 (renamed from x11-base/xorg-server/files/digest-xorg-server-1.4.0.90-r1) | 0 | ||||
| -rw-r--r-- | x11-base/xorg-server/xorg-server-1.3.0.0-r4.ebuild (renamed from x11-base/xorg-server/xorg-server-1.3.0.0-r3.ebuild) | 5 | ||||
| -rw-r--r-- | x11-base/xorg-server/xorg-server-1.4.0.90-r2.ebuild (renamed from x11-base/xorg-server/xorg-server-1.4.0.90-r1.ebuild) | 3 |
6 files changed, 102 insertions, 4 deletions
diff --git a/x11-base/xorg-server/ChangeLog b/x11-base/xorg-server/ChangeLog index 28cbd133032a..cb6f4c4cc066 100644 --- a/x11-base/xorg-server/ChangeLog +++ b/x11-base/xorg-server/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-base/xorg-server # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-base/xorg-server/ChangeLog,v 1.309 2008/01/17 21:31:41 dberkholz Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-base/xorg-server/ChangeLog,v 1.310 2008/01/18 21:31:33 dberkholz Exp $ + +*xorg-server-1.4.0.90-r2 (18 Jan 2008) +*xorg-server-1.3.0.0-r4 (18 Jan 2008) + + 18 Jan 2008; Donnie Berkholz <dberkholz@gentoo.org>; + +files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch, + -xorg-server-1.3.0.0-r3.ebuild, +xorg-server-1.3.0.0-r4.ebuild, + -xorg-server-1.4.0.90-r1.ebuild, +xorg-server-1.4.0.90-r2.ebuild: + (#206490, #204362) Fix major regression in the MIT-SHM patch of the security + bump that prevented many applications (but apparently none that any distro + developers use, since this slipped by every distro) from running. 17 Jan 2008; Donnie Berkholz <dberkholz@gentoo.org>; -files/1.2.0-server-damage-version.patch, diff --git a/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch b/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch new file mode 100644 index 000000000000..903f2be0efc9 --- /dev/null +++ b/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch @@ -0,0 +1,85 @@ +From e9fa7c1c88a8130a48f772c92b186b8b777986b5 Mon Sep 17 00:00:00 2001 +From: Adam Jackson <ajax@redhat.com> +Date: Fri, 18 Jan 2008 14:41:20 -0500 +Subject: [PATCH] CVE-2007-6429: Don't spuriously reject <8bpp shm pixmaps. + +Move size validation after depth validation, and only validate size if +the bpp of the pixmap format is > 8. If bpp < 8 then we're already +protected from overflow by the width and height checks. +--- + Xext/shm.c | 36 ++++++++++++++++++++---------------- + 1 files changed, 20 insertions(+), 16 deletions(-) + +diff --git a/Xext/shm.c b/Xext/shm.c +index c545e49..e46f6fc 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -783,14 +783,6 @@ ProcPanoramiXShmCreatePixmap( + } + if (width > 32767 || height > 32767) + return BadAlloc; +- size = PixmapBytePad(width, depth) * height; +- if (sizeof(size) == 4) { +- if (size < width * height) +- return BadAlloc; +- /* thankfully, offset is unsigned */ +- if (stuff->offset + size < size) +- return BadAlloc; +- } + + if (stuff->depth != 1) + { +@@ -801,7 +793,17 @@ ProcPanoramiXShmCreatePixmap( + client->errorValue = stuff->depth; + return BadValue; + } ++ + CreatePmap: ++ size = PixmapBytePad(width, depth) * height; ++ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { ++ if (size < width * height) ++ return BadAlloc; ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; ++ } ++ + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + + if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes)))) +@@ -1126,14 +1128,6 @@ ProcShmCreatePixmap(client) + } + if (width > 32767 || height > 32767) + return BadAlloc; +- size = PixmapBytePad(width, depth) * height; +- if (sizeof(size) == 4) { +- if (size < width * height) +- return BadAlloc; +- /* thankfully, offset is unsigned */ +- if (stuff->offset + size < size) +- return BadAlloc; +- } + + if (stuff->depth != 1) + { +@@ -1144,7 +1138,17 @@ ProcShmCreatePixmap(client) + client->errorValue = stuff->depth; + return BadValue; + } ++ + CreatePmap: ++ size = PixmapBytePad(width, depth) * height; ++ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { ++ if (size < width * height) ++ return BadAlloc; ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; ++ } ++ + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( + pDraw->pScreen, stuff->width, +-- +1.5.3.8 + diff --git a/x11-base/xorg-server/files/digest-xorg-server-1.3.0.0-r3 b/x11-base/xorg-server/files/digest-xorg-server-1.3.0.0-r4 index e7c3cc0974cc..e7c3cc0974cc 100644 --- a/x11-base/xorg-server/files/digest-xorg-server-1.3.0.0-r3 +++ b/x11-base/xorg-server/files/digest-xorg-server-1.3.0.0-r4 diff --git a/x11-base/xorg-server/files/digest-xorg-server-1.4.0.90-r1 b/x11-base/xorg-server/files/digest-xorg-server-1.4.0.90-r2 index dba77fdbaad4..dba77fdbaad4 100644 --- a/x11-base/xorg-server/files/digest-xorg-server-1.4.0.90-r1 +++ b/x11-base/xorg-server/files/digest-xorg-server-1.4.0.90-r2 diff --git a/x11-base/xorg-server/xorg-server-1.3.0.0-r3.ebuild b/x11-base/xorg-server/xorg-server-1.3.0.0-r4.ebuild index 0269b2c11447..2367a2054565 100644 --- a/x11-base/xorg-server/xorg-server-1.3.0.0-r3.ebuild +++ b/x11-base/xorg-server/xorg-server-1.3.0.0-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/x11-base/xorg-server/xorg-server-1.3.0.0-r3.ebuild,v 1.2 2008/01/17 21:22:09 dberkholz Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-base/xorg-server/xorg-server-1.3.0.0-r4.ebuild,v 1.1 2008/01/18 21:31:33 dberkholz Exp $ # Must be before x-modular eclass is inherited SNAPSHOT="yes" @@ -18,7 +18,7 @@ SRC_URI="${SRC_URI} mirror://sourceforge/mesa3d/${MESA_SRC_P}.tar.bz2 http://xorg.freedesktop.org/releases/individual/xserver/${P}.tar.bz2" DESCRIPTION="X.Org X servers" -KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~sh sparc x86 ~x86-fbsd" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" IUSE_INPUT_DEVICES=" input_devices_acecad input_devices_aiptek @@ -285,6 +285,7 @@ PATCHES=" ${FILESDIR}/1.4-0004-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch ${FILESDIR}/1.4-0005-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch ${FILESDIR}/1.3-0006-Fix-for-CVE-2007-5958-File-existence-disclosure.patch + ${FILESDIR}/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch " pkg_setup() { diff --git a/x11-base/xorg-server/xorg-server-1.4.0.90-r1.ebuild b/x11-base/xorg-server/xorg-server-1.4.0.90-r2.ebuild index c290f83c714f..7436b0b74a1e 100644 --- a/x11-base/xorg-server/xorg-server-1.4.0.90-r1.ebuild +++ b/x11-base/xorg-server/xorg-server-1.4.0.90-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/x11-base/xorg-server/xorg-server-1.4.0.90-r1.ebuild,v 1.1 2008/01/17 20:52:28 dberkholz Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-base/xorg-server/xorg-server-1.4.0.90-r2.ebuild,v 1.1 2008/01/18 21:31:33 dberkholz Exp $ # Must be before x-modular eclass is inherited #SNAPSHOT="yes" @@ -290,6 +290,7 @@ PATCHES=" ${FILESDIR}/1.4-0004-Fix-for-CVE-2007-6429-MIT-SHM-and-EVI-extensions-i.patch ${FILESDIR}/1.4-0005-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch ${FILESDIR}/1.4-0006-Fix-for-CVE-2007-5958-File-existence-disclosure.patch + ${FILESDIR}/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch " pkg_setup() { |