From 717971ecd65b6255712f5352cbd58ee028f32f1b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Mon, 17 Oct 2022 19:31:45 +0000 Subject: [PATCH] Mon Oct 17 19:31:45 UTC 2022 l/libqalculate-4.4.0-x86_64-1.txz: Upgraded. l/netpbm-11.00.01-x86_64-1.txz: Upgraded. x/xorg-server-21.1.4-x86_64-2.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 (* Security fix *) x/xorg-server-xephyr-21.1.4-x86_64-2.txz: Rebuilt. x/xorg-server-xnest-21.1.4-x86_64-2.txz: Rebuilt. x/xorg-server-xvfb-21.1.4-x86_64-2.txz: Rebuilt. x/xorg-server-xwayland-22.1.3-x86_64-2.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 (* Security fix *) xap/blueman-2.3.4-x86_64-1.txz: Upgraded. --- ChangeLog.rss | 34 ++++- ChangeLog.txt | 22 ++++ FILELIST.TXT | 120 +++++++++--------- recompress.sh | 5 +- source/x/x11/build/xorg-server | 2 +- source/x/x11/patch/xorg-server.patch | 6 + .../x11/patch/xorg-server/CVE-2022-3550.patch | 34 +++++ .../x11/patch/xorg-server/CVE-2022-3551.patch | 59 +++++++++ ...ys-install-vbe-and-int10-sdk-headers.patch | 37 ------ .../xorg-server-xwayland/CVE-2022-3550.patch | 34 +++++ .../xorg-server-xwayland/CVE-2022-3551.patch | 59 +++++++++ .../xorg-server-xwayland.SlackBuild | 6 +- 12 files changed, 317 insertions(+), 101 deletions(-) create mode 100644 source/x/x11/patch/xorg-server/CVE-2022-3550.patch create mode 100644 source/x/x11/patch/xorg-server/CVE-2022-3551.patch delete mode 100644 source/x/x11/patch/xorg-server/failed/0001-Always-install-vbe-and-int10-sdk-headers.patch create mode 100644 source/x/xorg-server-xwayland/CVE-2022-3550.patch create mode 100644 source/x/xorg-server-xwayland/CVE-2022-3551.patch diff --git a/ChangeLog.rss b/ChangeLog.rss index a74e683b2..eeeda9433 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,39 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Mon, 17 Oct 2022 00:42:43 GMT - Mon, 17 Oct 2022 05:00:18 GMT + Mon, 17 Oct 2022 19:31:45 GMT + Tue, 18 Oct 2022 05:00:16 GMT maintain_current_git.sh v 1.17 + + Mon, 17 Oct 2022 19:31:45 GMT + Mon, 17 Oct 2022 19:31:45 GMT + https://git.slackware.nl/current/tag/?h=20221017193145 + 20221017193145 + + +l/libqalculate-4.4.0-x86_64-1.txz: Upgraded. +l/netpbm-11.00.01-x86_64-1.txz: Upgraded. +x/xorg-server-21.1.4-x86_64-2.txz: Rebuilt. + xkb: proof GetCountedString against request length attacks. + xkb: fix some possible memleaks in XkbGetKbdByName. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 + (* Security fix *) +x/xorg-server-xephyr-21.1.4-x86_64-2.txz: Rebuilt. +x/xorg-server-xnest-21.1.4-x86_64-2.txz: Rebuilt. +x/xorg-server-xvfb-21.1.4-x86_64-2.txz: Rebuilt. +x/xorg-server-xwayland-22.1.3-x86_64-2.txz: Rebuilt. + xkb: proof GetCountedString against request length attacks. + xkb: fix some possible memleaks in XkbGetKbdByName. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 + (* Security fix *) +xap/blueman-2.3.4-x86_64-1.txz: Upgraded. + ]]> + + Mon, 17 Oct 2022 00:42:43 GMT Mon, 17 Oct 2022 00:42:43 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 5825f6f12..c4f4fb435 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,25 @@ +Mon Oct 17 19:31:45 UTC 2022 +l/libqalculate-4.4.0-x86_64-1.txz: Upgraded. +l/netpbm-11.00.01-x86_64-1.txz: Upgraded. +x/xorg-server-21.1.4-x86_64-2.txz: Rebuilt. + xkb: proof GetCountedString against request length attacks. + xkb: fix some possible memleaks in XkbGetKbdByName. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 + (* Security fix *) +x/xorg-server-xephyr-21.1.4-x86_64-2.txz: Rebuilt. +x/xorg-server-xnest-21.1.4-x86_64-2.txz: Rebuilt. +x/xorg-server-xvfb-21.1.4-x86_64-2.txz: Rebuilt. +x/xorg-server-xwayland-22.1.3-x86_64-2.txz: Rebuilt. + xkb: proof GetCountedString against request length attacks. + xkb: fix some possible memleaks in XkbGetKbdByName. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 + (* Security fix *) +xap/blueman-2.3.4-x86_64-1.txz: Upgraded. ++--------------------------+ Mon Oct 17 00:42:43 UTC 2022 a/gettext-0.21.1-x86_64-1.txz: Upgraded. a/glibc-zoneinfo-2022e-noarch-1.txz: Upgraded. diff --git a/FILELIST.TXT b/FILELIST.TXT index febd8caaf..ad775254c 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Mon Oct 17 00:49:25 UTC 2022 +Mon Oct 17 19:35:44 UTC 2022 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2022-10-17 00:42 . +drwxr-xr-x 12 root root 4096 2022-10-17 19:31 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16617 2022-02-02 23:27 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1104233 2022-10-15 20:36 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-10-15 20:36 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1104413 2022-10-17 00:49 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-10-17 00:49 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 344731 2022-10-17 00:42 ./ChangeLog.txt +-rw-r--r-- 1 root root 345765 2022-10-17 19:31 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-10-15 20:28 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2022-10-15 20:28 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1438649 2022-10-15 20:36 ./FILELIST.TXT +-rw-r--r-- 1 root root 1438863 2022-10-17 00:49 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY --rw-r--r-- 1 root root 860037 2022-10-17 00:48 ./PACKAGES.TXT +-rw-r--r-- 1 root root 860037 2022-10-17 19:35 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT -rw-r--r-- 1 root root 3635 2022-10-15 20:17 ./README.initrd -rw-r--r-- 1 root root 34162 2022-01-30 20:35 ./README_CRYPT.TXT @@ -746,11 +746,11 @@ drwxr-xr-x 2 root root 4096 2022-02-03 07:02 ./patches -rw-r--r-- 1 root root 575 2022-02-03 07:02 ./patches/FILE_LIST -rw-r--r-- 1 root root 14 2022-02-03 07:02 ./patches/MANIFEST.bz2 -rw-r--r-- 1 root root 224 2022-02-03 07:02 ./patches/PACKAGES.TXT -drwxr-xr-x 17 root root 4096 2022-10-17 00:49 ./slackware64 --rw-r--r-- 1 root root 335594 2022-10-17 00:49 ./slackware64/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-10-17 00:49 ./slackware64/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 416291 2022-10-17 00:48 ./slackware64/FILE_LIST --rw-r--r-- 1 root root 4254205 2022-10-17 00:48 ./slackware64/MANIFEST.bz2 +drwxr-xr-x 17 root root 4096 2022-10-17 19:35 ./slackware64 +-rw-r--r-- 1 root root 335594 2022-10-17 19:35 ./slackware64/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-10-17 19:35 ./slackware64/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 416291 2022-10-17 19:34 ./slackware64/FILE_LIST +-rw-r--r-- 1 root root 4252959 2022-10-17 19:34 ./slackware64/MANIFEST.bz2 lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT drwxr-xr-x 2 root root 32768 2022-10-17 00:48 ./slackware64/a -rw-r--r-- 1 root root 327 2022-02-15 18:16 ./slackware64/a/aaa_base-15.1-x86_64-2.txt @@ -2765,7 +2765,7 @@ drwxr-xr-x 2 root root 86016 2022-10-14 01:46 ./slackware64/kde -rw-r--r-- 1 root root 517 2022-10-13 20:46 ./slackware64/kde/zanshin-22.08.2-x86_64-1.txt -rw-r--r-- 1 root root 679220 2022-10-13 20:46 ./slackware64/kde/zanshin-22.08.2-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-10-13 20:46 ./slackware64/kde/zanshin-22.08.2-x86_64-1.txz.asc -drwxr-xr-x 2 root root 86016 2022-10-17 00:48 ./slackware64/l +drwxr-xr-x 2 root root 86016 2022-10-17 19:34 ./slackware64/l -rw-r--r-- 1 root root 329 2022-03-06 20:00 ./slackware64/l/GConf-3.2.6-x86_64-8.txt -rw-r--r-- 1 root root 928144 2022-03-06 20:00 ./slackware64/l/GConf-3.2.6-x86_64-8.txz -rw-r--r-- 1 root root 163 2022-03-06 20:00 ./slackware64/l/GConf-3.2.6-x86_64-8.txz.asc @@ -3395,9 +3395,9 @@ drwxr-xr-x 2 root root 86016 2022-10-17 00:48 ./slackware64/l -rw-r--r-- 1 root root 600 2021-02-13 07:10 ./slackware64/l/libpsl-0.21.1-x86_64-4.txt -rw-r--r-- 1 root root 144092 2021-02-13 07:10 ./slackware64/l/libpsl-0.21.1-x86_64-4.txz -rw-r--r-- 1 root root 163 2021-02-13 07:10 ./slackware64/l/libpsl-0.21.1-x86_64-4.txz.asc --rw-r--r-- 1 root root 515 2022-08-23 03:15 ./slackware64/l/libqalculate-4.3.0-x86_64-1.txt --rw-r--r-- 1 root root 2269632 2022-08-23 03:15 ./slackware64/l/libqalculate-4.3.0-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-23 03:15 ./slackware64/l/libqalculate-4.3.0-x86_64-1.txz.asc +-rw-r--r-- 1 root root 515 2022-10-17 19:11 ./slackware64/l/libqalculate-4.4.0-x86_64-1.txt +-rw-r--r-- 1 root root 2416620 2022-10-17 19:11 ./slackware64/l/libqalculate-4.4.0-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:11 ./slackware64/l/libqalculate-4.4.0-x86_64-1.txz.asc -rw-r--r-- 1 root root 350 2021-02-13 07:11 ./slackware64/l/libraw1394-2.1.2-x86_64-4.txt -rw-r--r-- 1 root root 70100 2021-02-13 07:11 ./slackware64/l/libraw1394-2.1.2-x86_64-4.txz -rw-r--r-- 1 root root 163 2021-02-13 07:11 ./slackware64/l/libraw1394-2.1.2-x86_64-4.txz.asc @@ -3574,9 +3574,9 @@ drwxr-xr-x 2 root root 86016 2022-10-17 00:48 ./slackware64/l -rw-r--r-- 1 root root 345 2022-09-11 18:23 ./slackware64/l/neon-0.32.4-x86_64-1.txt -rw-r--r-- 1 root root 215092 2022-09-11 18:23 ./slackware64/l/neon-0.32.4-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-09-11 18:23 ./slackware64/l/neon-0.32.4-x86_64-1.txz.asc --rw-r--r-- 1 root root 271 2022-09-29 18:04 ./slackware64/l/netpbm-11.00.00-x86_64-1.txt --rw-r--r-- 1 root root 2129376 2022-09-29 18:04 ./slackware64/l/netpbm-11.00.00-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-09-29 18:04 ./slackware64/l/netpbm-11.00.00-x86_64-1.txz.asc +-rw-r--r-- 1 root root 271 2022-10-17 19:13 ./slackware64/l/netpbm-11.00.01-x86_64-1.txt +-rw-r--r-- 1 root root 2129684 2022-10-17 19:13 ./slackware64/l/netpbm-11.00.01-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:13 ./slackware64/l/netpbm-11.00.01-x86_64-1.txz.asc -rw-r--r-- 1 root root 423 2021-11-03 01:01 ./slackware64/l/newt-0.52.21-x86_64-7.txt -rw-r--r-- 1 root root 114448 2021-11-03 01:01 ./slackware64/l/newt-0.52.21-x86_64-7.txz -rw-r--r-- 1 root root 163 2021-11-03 01:01 ./slackware64/l/newt-0.52.21-x86_64-7.txz.asc @@ -4448,7 +4448,7 @@ drwxr-xr-x 2 root root 4096 2021-11-06 20:26 ./slackware64/tcl -rw-r--r-- 1 root root 227 2021-11-06 17:03 ./slackware64/tcl/tk-8.6.12-x86_64-1.txt -rw-r--r-- 1 root root 1788908 2021-11-06 17:03 ./slackware64/tcl/tk-8.6.12-x86_64-1.txz -rw-r--r-- 1 root root 163 2021-11-06 17:03 ./slackware64/tcl/tk-8.6.12-x86_64-1.txz.asc -drwxr-xr-x 2 root root 65536 2022-10-15 20:35 ./slackware64/x +drwxr-xr-x 2 root root 65536 2022-10-17 19:34 ./slackware64/x -rw-r--r-- 1 root root 440 2022-06-04 18:16 ./slackware64/x/OpenCC-1.1.4-x86_64-1.txt -rw-r--r-- 1 root root 682804 2022-06-04 18:16 ./slackware64/x/OpenCC-1.1.4-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-06-04 18:16 ./slackware64/x/OpenCC-1.1.4-x86_64-1.txz.asc @@ -5246,21 +5246,21 @@ drwxr-xr-x 2 root root 65536 2022-10-15 20:35 ./slackware64/x -rw-r--r-- 1 root root 345 2022-04-04 18:36 ./slackware64/x/xorg-docs-1.7.2-noarch-1.txt -rw-r--r-- 1 root root 332304 2022-04-04 18:36 ./slackware64/x/xorg-docs-1.7.2-noarch-1.txz -rw-r--r-- 1 root root 163 2022-04-04 18:36 ./slackware64/x/xorg-docs-1.7.2-noarch-1.txz.asc --rw-r--r-- 1 root root 670 2022-08-08 21:30 ./slackware64/x/xorg-server-21.1.4-x86_64-1.txt --rw-r--r-- 1 root root 1523896 2022-08-08 21:30 ./slackware64/x/xorg-server-21.1.4-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-08 21:30 ./slackware64/x/xorg-server-21.1.4-x86_64-1.txz.asc --rw-r--r-- 1 root root 370 2022-08-08 21:30 ./slackware64/x/xorg-server-xephyr-21.1.4-x86_64-1.txt --rw-r--r-- 1 root root 883008 2022-08-08 21:30 ./slackware64/x/xorg-server-xephyr-21.1.4-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-08 21:30 ./slackware64/x/xorg-server-xephyr-21.1.4-x86_64-1.txz.asc --rw-r--r-- 1 root root 592 2022-08-08 21:30 ./slackware64/x/xorg-server-xnest-21.1.4-x86_64-1.txt --rw-r--r-- 1 root root 611920 2022-08-08 21:30 ./slackware64/x/xorg-server-xnest-21.1.4-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-08 21:30 ./slackware64/x/xorg-server-xnest-21.1.4-x86_64-1.txz.asc --rw-r--r-- 1 root root 689 2022-08-08 21:30 ./slackware64/x/xorg-server-xvfb-21.1.4-x86_64-1.txt --rw-r--r-- 1 root root 741532 2022-08-08 21:30 ./slackware64/x/xorg-server-xvfb-21.1.4-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-08 21:30 ./slackware64/x/xorg-server-xvfb-21.1.4-x86_64-1.txz.asc --rw-r--r-- 1 root root 816 2022-08-08 21:30 ./slackware64/x/xorg-server-xwayland-22.1.3-x86_64-1.txt --rw-r--r-- 1 root root 843372 2022-08-08 21:30 ./slackware64/x/xorg-server-xwayland-22.1.3-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-08 21:30 ./slackware64/x/xorg-server-xwayland-22.1.3-x86_64-1.txz.asc +-rw-r--r-- 1 root root 670 2022-10-17 19:00 ./slackware64/x/xorg-server-21.1.4-x86_64-2.txt +-rw-r--r-- 1 root root 1524460 2022-10-17 19:00 ./slackware64/x/xorg-server-21.1.4-x86_64-2.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:00 ./slackware64/x/xorg-server-21.1.4-x86_64-2.txz.asc +-rw-r--r-- 1 root root 370 2022-10-17 19:00 ./slackware64/x/xorg-server-xephyr-21.1.4-x86_64-2.txt +-rw-r--r-- 1 root root 883244 2022-10-17 19:00 ./slackware64/x/xorg-server-xephyr-21.1.4-x86_64-2.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:00 ./slackware64/x/xorg-server-xephyr-21.1.4-x86_64-2.txz.asc +-rw-r--r-- 1 root root 592 2022-10-17 19:00 ./slackware64/x/xorg-server-xnest-21.1.4-x86_64-2.txt +-rw-r--r-- 1 root root 611964 2022-10-17 19:00 ./slackware64/x/xorg-server-xnest-21.1.4-x86_64-2.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:00 ./slackware64/x/xorg-server-xnest-21.1.4-x86_64-2.txz.asc +-rw-r--r-- 1 root root 689 2022-10-17 19:00 ./slackware64/x/xorg-server-xvfb-21.1.4-x86_64-2.txt +-rw-r--r-- 1 root root 741472 2022-10-17 19:00 ./slackware64/x/xorg-server-xvfb-21.1.4-x86_64-2.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:00 ./slackware64/x/xorg-server-xvfb-21.1.4-x86_64-2.txz.asc +-rw-r--r-- 1 root root 816 2022-10-17 19:03 ./slackware64/x/xorg-server-xwayland-22.1.3-x86_64-2.txt +-rw-r--r-- 1 root root 843656 2022-10-17 19:03 ./slackware64/x/xorg-server-xwayland-22.1.3-x86_64-2.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:03 ./slackware64/x/xorg-server-xwayland-22.1.3-x86_64-2.txz.asc -rw-r--r-- 1 root root 669 2022-04-04 18:36 ./slackware64/x/xorg-sgml-doctools-1.12-x86_64-1.txt -rw-r--r-- 1 root root 26576 2022-04-04 18:36 ./slackware64/x/xorg-sgml-doctools-1.12-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-04-04 18:36 ./slackware64/x/xorg-sgml-doctools-1.12-x86_64-1.txz.asc @@ -5321,7 +5321,7 @@ drwxr-xr-x 2 root root 65536 2022-10-15 20:35 ./slackware64/x -rw-r--r-- 1 root root 213 2022-07-11 18:36 ./slackware64/x/xwud-1.0.6-x86_64-1.txt -rw-r--r-- 1 root root 25896 2022-07-11 18:36 ./slackware64/x/xwud-1.0.6-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-07-11 18:36 ./slackware64/x/xwud-1.0.6-x86_64-1.txz.asc -drwxr-xr-x 2 root root 16384 2022-10-14 01:45 ./slackware64/xap +drwxr-xr-x 2 root root 16384 2022-10-17 19:34 ./slackware64/xap -rw-r--r-- 1 root root 625 2022-10-09 18:00 ./slackware64/xap/MPlayer-20221009-x86_64-1.txt -rw-r--r-- 1 root root 2750024 2022-10-09 18:00 ./slackware64/xap/MPlayer-20221009-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-10-09 18:00 ./slackware64/xap/MPlayer-20221009-x86_64-1.txz.asc @@ -5337,9 +5337,9 @@ drwxr-xr-x 2 root root 16384 2022-10-14 01:45 ./slackware64/xap -rw-r--r-- 1 root root 431 2021-08-05 05:16 ./slackware64/xap/blackbox-0.77-x86_64-1.txt -rw-r--r-- 1 root root 393060 2021-08-05 05:16 ./slackware64/xap/blackbox-0.77-x86_64-1.txz -rw-r--r-- 1 root root 163 2021-08-05 05:16 ./slackware64/xap/blackbox-0.77-x86_64-1.txz.asc --rw-r--r-- 1 root root 434 2022-08-02 03:24 ./slackware64/xap/blueman-2.3.2-x86_64-1.txt --rw-r--r-- 1 root root 1240068 2022-08-02 03:24 ./slackware64/xap/blueman-2.3.2-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-08-02 03:24 ./slackware64/xap/blueman-2.3.2-x86_64-1.txz.asc +-rw-r--r-- 1 root root 434 2022-10-17 19:06 ./slackware64/xap/blueman-2.3.4-x86_64-1.txt +-rw-r--r-- 1 root root 1240260 2022-10-17 19:06 ./slackware64/xap/blueman-2.3.4-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-10-17 19:06 ./slackware64/xap/blueman-2.3.4-x86_64-1.txz.asc -rw-r--r-- 1 root root 429 2021-02-13 13:29 ./slackware64/xap/ddd-3.3.12-x86_64-8.txt -rw-r--r-- 1 root root 1370356 2021-02-13 13:29 ./slackware64/xap/ddd-3.3.12-x86_64-8.txz -rw-r--r-- 1 root root 163 2021-02-13 13:29 ./slackware64/xap/ddd-3.3.12-x86_64-8.txz.asc @@ -5588,11 +5588,11 @@ drwxr-xr-x 2 root root 4096 2021-02-15 19:33 ./slackware64/y -rw-r--r-- 1 root root 1486956 2021-02-13 13:56 ./slackware64/y/nethack-3.6.6-x86_64-3.txz -rw-r--r-- 1 root root 163 2021-02-13 13:56 ./slackware64/y/nethack-3.6.6-x86_64-3.txz.asc -rw-r--r-- 1 root root 26 2020-12-30 21:55 ./slackware64/y/tagfile -drwxr-xr-x 18 root root 4096 2022-10-17 00:49 ./source --rw-r--r-- 1 root root 592909 2022-10-17 00:49 ./source/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-10-17 00:49 ./source/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 825484 2022-10-17 00:49 ./source/FILE_LIST --rw-r--r-- 1 root root 23725850 2022-10-17 00:49 ./source/MANIFEST.bz2 +drwxr-xr-x 18 root root 4096 2022-10-17 19:35 ./source +-rw-r--r-- 1 root root 593117 2022-10-17 19:35 ./source/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-10-17 19:35 ./source/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 825659 2022-10-17 19:35 ./source/FILE_LIST +-rw-r--r-- 1 root root 23741756 2022-10-17 19:35 ./source/MANIFEST.bz2 -rw-r--r-- 1 root root 828 2022-02-02 04:43 ./source/README.TXT drwxr-xr-x 123 root root 4096 2022-10-07 02:22 ./source/a -rw-r--r-- 1 root root 234 2022-10-16 18:39 ./source/a/FTBFSlog @@ -10853,8 +10853,8 @@ drwxr-xr-x 2 root root 4096 2022-09-06 18:27 ./source/l/libpsl -rw-r--r-- 1 root root 37 2018-11-19 20:16 ./source/l/libpsl/libpsl.url -rw-r--r-- 1 root root 62320 2020-07-18 17:09 ./source/l/libpsl/public_suffix_list.dat.xz -rw-r--r-- 1 root root 1057 2018-11-20 00:20 ./source/l/libpsl/slack-desc -drwxr-xr-x 2 root root 4096 2022-09-06 18:27 ./source/l/libqalculate --rw-r--r-- 1 root root 1030772 2022-08-22 11:35 ./source/l/libqalculate/libqalculate-4.3.0.tar.lz +drwxr-xr-x 2 root root 4096 2022-10-17 19:09 ./source/l/libqalculate +-rw-r--r-- 1 root root 1213378 2022-10-17 11:27 ./source/l/libqalculate/libqalculate-4.4.0.tar.lz -rwxr-xr-x 1 root root 4490 2022-09-06 18:27 ./source/l/libqalculate/libqalculate.SlackBuild -rw-r--r-- 1 root root 42 2020-09-29 03:55 ./source/l/libqalculate/libqalculate.url -rw-r--r-- 1 root root 1007 2020-11-01 20:04 ./source/l/libqalculate/slack-desc @@ -11171,8 +11171,8 @@ drwxr-xr-x 2 root root 4096 2022-09-11 18:23 ./source/l/neon -rwxr-xr-x 1 root root 4451 2021-09-21 02:45 ./source/l/neon/neon.SlackBuild -rw-r--r-- 1 root root 31 2020-04-18 18:41 ./source/l/neon/neon.url -rw-r--r-- 1 root root 797 2020-04-18 18:41 ./source/l/neon/slack-desc -drwxr-xr-x 2 root root 4096 2022-09-29 18:04 ./source/l/netpbm --rw-r--r-- 1 root root 3236079 2022-09-29 18:03 ./source/l/netpbm/netpbm-11.00.00.tar.lz +drwxr-xr-x 2 root root 4096 2022-10-17 19:12 ./source/l/netpbm +-rw-r--r-- 1 root root 3236100 2022-10-17 19:12 ./source/l/netpbm/netpbm-11.00.01.tar.lz -rw-r--r-- 1 root root 381 2019-04-17 08:07 ./source/l/netpbm/netpbm-CAN-2005-2471.patch.gz -rw-r--r-- 1 root root 382 2019-04-17 08:07 ./source/l/netpbm/netpbm-CVE-2017-2587.patch.gz -rw-r--r-- 1 root root 284 2019-04-17 08:07 ./source/l/netpbm/netpbm-bmptopnm.patch.gz @@ -13823,7 +13823,7 @@ drwxr-xr-x 2 root root 12288 2022-08-27 16:19 ./source/x/x11/build -rw-r--r-- 1 root root 2 2021-02-13 05:35 ./source/x/x11/build/xmore -rw-r--r-- 1 root root 2 2021-08-02 18:03 ./source/x/x11/build/xorg-cf-files -rw-r--r-- 1 root root 2 2022-04-04 18:36 ./source/x/x11/build/xorg-docs --rw-r--r-- 1 root root 2 2022-08-08 19:15 ./source/x/x11/build/xorg-server +-rw-r--r-- 1 root root 2 2022-10-17 18:54 ./source/x/x11/build/xorg-server -rw-r--r-- 1 root root 2 2022-04-04 18:36 ./source/x/x11/build/xorg-sgml-doctools -rw-r--r-- 1 root root 2 2021-02-25 19:37 ./source/x/x11/build/xorgproto -rw-r--r-- 1 root root 2 2022-07-11 18:34 ./source/x/x11/build/xpr @@ -13987,12 +13987,12 @@ drwxr-xr-x 2 root root 4096 2020-06-19 19:44 ./source/x/x11/patch/xinit drwxr-xr-x 2 root root 4096 2021-04-20 18:11 ./source/x/x11/patch/xorg-cf-files -rw-r--r-- 1 root root 144 2021-04-20 18:11 ./source/x/x11/patch/xorg-cf-files.patch -rw-r--r-- 1 root root 295 2021-04-20 18:11 ./source/x/x11/patch/xorg-cf-files/Imake.tmpl-binutils-ar-2.36.patch.gz -drwxr-xr-x 3 root root 4096 2022-08-08 19:21 ./source/x/x11/patch/xorg-server --rw-r--r-- 1 root root 1692 2022-08-08 19:20 ./source/x/x11/patch/xorg-server.patch +drwxr-xr-x 2 root root 4096 2022-10-17 18:58 ./source/x/x11/patch/xorg-server +-rw-r--r-- 1 root root 2205 2022-10-17 18:58 ./source/x/x11/patch/xorg-server.patch -rw-r--r-- 1 root root 879 2019-02-26 23:17 ./source/x/x11/patch/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch.gz -rw-r--r-- 1 root root 418 2020-12-02 09:50 ./source/x/x11/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff.gz -drwxr-xr-x 2 root root 4096 2022-08-08 19:18 ./source/x/x11/patch/xorg-server/failed --rw-r--r-- 1 root root 623 2018-07-15 18:32 ./source/x/x11/patch/xorg-server/failed/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz +-rw-r--r-- 1 root root 637 2022-10-17 18:19 ./source/x/x11/patch/xorg-server/CVE-2022-3550.patch.gz +-rw-r--r-- 1 root root 842 2022-10-17 18:21 ./source/x/x11/patch/xorg-server/CVE-2022-3551.patch.gz -rw-r--r-- 1 root root 298 2018-05-30 05:02 ./source/x/x11/patch/xorg-server/fix-nouveau-segfault.diff.gz -rw-r--r-- 1 root root 340 2012-04-14 03:01 ./source/x/x11/patch/xorg-server/x11.startwithblackscreen.diff.gz -rw-r--r-- 1 root root 897 2016-04-14 16:42 ./source/x/x11/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch.gz @@ -14627,9 +14627,11 @@ drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/x/xdg-utils -rw-r--r-- 1 root root 268718 2018-05-10 15:03 ./source/x/xdg-utils/xdg-utils-1.1.3.tar.lz -rwxr-xr-x 1 root root 3117 2021-02-13 05:32 ./source/x/xdg-utils/xdg-utils.SlackBuild -rw-r--r-- 1 root root 94 2015-10-04 22:28 ./source/x/xdg-utils/xdg-utils.url -drwxr-xr-x 2 root root 4096 2022-08-08 19:27 ./source/x/xorg-server-xwayland +drwxr-xr-x 2 root root 4096 2022-10-17 19:02 ./source/x/xorg-server-xwayland +-rw-r--r-- 1 root root 637 2022-10-17 18:19 ./source/x/xorg-server-xwayland/CVE-2022-3550.patch.gz +-rw-r--r-- 1 root root 842 2022-10-17 18:21 ./source/x/xorg-server-xwayland/CVE-2022-3551.patch.gz -rw-r--r-- 1 root root 1287 2021-04-18 18:21 ./source/x/xorg-server-xwayland/slack-desc --rwxr-xr-x 1 root root 5115 2022-08-08 19:27 ./source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild +-rwxr-xr-x 1 root root 5276 2022-10-17 19:03 ./source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild -rw-r--r-- 1 root root 1272440 2022-07-12 14:04 ./source/x/xorg-server-xwayland/xwayland-22.1.3.tar.xz -rw-r--r-- 1 root root 95 2022-07-12 14:04 ./source/x/xorg-server-xwayland/xwayland-22.1.3.tar.xz.sig drwxr-xr-x 2 root root 4096 2022-10-13 01:34 ./source/x/xterm @@ -14674,8 +14676,8 @@ drwxr-xr-x 2 root root 4096 2022-10-09 20:10 ./source/xap/blackbox -rw-r--r-- 1 root root 887 2018-11-07 23:03 ./source/xap/blackbox/slack-desc -rw-r--r-- 1 root root 221 2012-08-08 17:58 ./source/xap/blackbox/startblackbox.gz -rw-r--r-- 1 root root 341 2012-08-08 17:58 ./source/xap/blackbox/xinitrc.blackbox.gz -drwxr-xr-x 2 root root 4096 2022-08-02 03:24 ./source/xap/blueman --rw-r--r-- 1 root root 1207297 2022-08-01 09:23 ./source/xap/blueman/blueman-2.3.2.tar.lz +drwxr-xr-x 2 root root 4096 2022-10-17 19:06 ./source/xap/blueman +-rw-r--r-- 1 root root 1207702 2022-10-13 22:16 ./source/xap/blueman/blueman-2.3.4.tar.lz -rwxr-xr-x 1 root root 4957 2022-02-10 19:14 ./source/xap/blueman/blueman.SlackBuild -rw-r--r-- 1 root root 361 2020-06-23 19:52 ./source/xap/blueman/blueman.allow.access.to.netdev.group.diff.gz -rw-r--r-- 1 root root 200 2020-06-23 19:57 ./source/xap/blueman/doinst.sh.gz @@ -15251,8 +15253,8 @@ drwxr-xr-x 3 root root 4096 2021-02-13 05:32 ./source/y/bsd-games -rw-r--r-- 1 root root 164 2010-05-11 19:26 ./source/y/bsd-games/bsd-games-login-fortune.sh -rwxr-xr-x 1 root root 8135 2021-02-13 05:32 ./source/y/bsd-games/bsd-games.SlackBuild -rw-r--r-- 1 root root 15107 2002-03-10 05:09 ./source/y/bsd-games/fortunes-linuxcookie.tar.gz --rw-r--r-- 1 root root 104848 1993-10-25 00:02 ./source/y/bsd-games/hangman-words.gz -drwxr-xr-x 2 root root 4096 2019-02-17 22:03 ./source/y/bsd-games/patches +-rw-r--r-- 1 root root 104848 1993-10-25 00:02 ./source/y/bsd-games/hangman-words.gz +drwxr-xr-x 2 root root 4096 2019-02-17 22:03 ./source/y/bsd-games/patches -rw-r--r-- 1 root root 2159 2019-02-17 21:20 ./source/y/bsd-games/patches/0001-Replace-getline-with-get_line.patch.gz -rw-r--r-- 1 root root 336 2019-02-17 21:20 ./source/y/bsd-games/patches/0002-robots-Refresh-screen.patch.gz -rw-r--r-- 1 root root 4582 2019-02-17 21:20 ./source/y/bsd-games/patches/0003-quiz-Update-presidents-capitals-fix-typos-in-murders.patch.gz diff --git a/recompress.sh b/recompress.sh index a4b2367fa..a078bc7c8 100755 --- a/recompress.sh +++ b/recompress.sh @@ -1086,6 +1086,8 @@ gzip ./source/x/xdg-utils/doinst.sh gzip ./source/x/ttf-indic-fonts/doinst.sh gzip ./source/x/noto-fonts-ttf/doinst.sh gzip ./source/x/libinput/libinput.less.lag.complaining.diff +gzip ./source/x/xorg-server-xwayland/CVE-2022-3551.patch +gzip ./source/x/xorg-server-xwayland/CVE-2022-3550.patch gzip ./source/x/hack-fonts-ttf/doinst.sh gzip ./source/x/fcitx5-gtk/doinst.sh gzip ./source/x/wqy-zenhei-font-ttf/wqy-zenhei.fix.fontconfig.warning.diff @@ -1148,10 +1150,11 @@ gzip ./source/x/x11/patch/xdm/xdm.arc4random.diff gzip ./source/x/x11/patch/pixman/pixman.remove.tests.that.fail.to.compile.diff gzip ./source/x/x11/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch gzip ./source/x/x11/patch/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch +gzip ./source/x/x11/patch/xorg-server/CVE-2022-3551.patch gzip ./source/x/x11/patch/xorg-server/fix-nouveau-segfault.diff gzip ./source/x/x11/patch/xorg-server/x11.startwithblackscreen.diff +gzip ./source/x/x11/patch/xorg-server/CVE-2022-3550.patch gzip ./source/x/x11/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff -gzip ./source/x/x11/patch/xorg-server/failed/0001-Always-install-vbe-and-int10-sdk-headers.patch gzip ./source/x/x11/patch/xinit/xinit.remove.systemd.kludge.diff gzip ./source/x/x11/patch/xf86-video-intel/0001-sna-Avoid-clobbering-output-physical-size-with-xf86O.patch gzip ./source/x/x11/patch/xf86-video-s3virge/xf86-video-s3virge.xorg-server-1.20.x.diff diff --git a/source/x/x11/build/xorg-server b/source/x/x11/build/xorg-server index d00491fd7..0cfbf0888 100644 --- a/source/x/x11/build/xorg-server +++ b/source/x/x11/build/xorg-server @@ -1 +1 @@ -1 +2 diff --git a/source/x/x11/patch/xorg-server.patch b/source/x/x11/patch/xorg-server.patch index 791dfe157..b0c4f28bc 100644 --- a/source/x/x11/patch/xorg-server.patch +++ b/source/x/x11/patch/xorg-server.patch @@ -20,3 +20,9 @@ zcat $CWD/patch/xorg-server/0001-xfree86-use-modesetting-driver-by-default-on-Ge # Only use Intel DDX with pre-gen4 hardware. Newer hardware will the the modesetting driver by default: zcat $CWD/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + +# Patch some more security issues: +zcat $CWD/patch/xorg-server/CVE-2022-3550.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/CVE-2022-3551.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +# This one doesn't apply properly, but it's for OSX anyway :) +#zcat $CWD/patch/xorg-server/CVE-2022-3553.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/source/x/x11/patch/xorg-server/CVE-2022-3550.patch b/source/x/x11/patch/xorg-server/CVE-2022-3550.patch new file mode 100644 index 000000000..3461b0749 --- /dev/null +++ b/source/x/x11/patch/xorg-server/CVE-2022-3550.patch @@ -0,0 +1,34 @@ +From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 5 Jul 2022 12:06:20 +1000 +Subject: xkb: proof GetCountedString against request length attacks + +GetCountedString did a check for the whole string to be within the +request buffer but not for the initial 2 bytes that contain the length +field. A swapped client could send a malformed request to trigger a +swaps() on those bytes, writing into random memory. + +Signed-off-by: Peter Hutterer +--- + xkb/xkb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index f42f59ef3..1841cff26 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) + CARD16 len; + + wire = *wire_inout; ++ ++ if (client->req_len < ++ bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) ++ return BadValue; ++ + len = *(CARD16 *) wire; + if (client->swapped) { + swaps(&len); +-- +cgit v1.2.1 + diff --git a/source/x/x11/patch/xorg-server/CVE-2022-3551.patch b/source/x/x11/patch/xorg-server/CVE-2022-3551.patch new file mode 100644 index 000000000..e41db9286 --- /dev/null +++ b/source/x/x11/patch/xorg-server/CVE-2022-3551.patch @@ -0,0 +1,59 @@ +From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Wed, 13 Jul 2022 11:23:09 +1000 +Subject: xkb: fix some possible memleaks in XkbGetKbdByName + +GetComponentByName returns an allocated string, so let's free that if we +fail somewhere. + +Signed-off-by: Peter Hutterer +--- + xkb/xkb.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 4692895db..b79a269e3 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) + xkb = dev->key->xkbInfo->desc; + status = Success; + str = (unsigned char *) &stuff[1]; +- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ +- return BadMatch; ++ { ++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ ++ if (keymap) { ++ free(keymap); ++ return BadMatch; ++ } ++ } + names.keycodes = GetComponentSpec(&str, TRUE, &status); + names.types = GetComponentSpec(&str, TRUE, &status); + names.compat = GetComponentSpec(&str, TRUE, &status); + names.symbols = GetComponentSpec(&str, TRUE, &status); + names.geometry = GetComponentSpec(&str, TRUE, &status); +- if (status != Success) ++ if (status == Success) { ++ len = str - ((unsigned char *) stuff); ++ if ((XkbPaddedSize(len) / 4) != stuff->length) ++ status = BadLength; ++ } ++ ++ if (status != Success) { ++ free(names.keycodes); ++ free(names.types); ++ free(names.compat); ++ free(names.symbols); ++ free(names.geometry); + return status; +- len = str - ((unsigned char *) stuff); +- if ((XkbPaddedSize(len) / 4) != stuff->length) +- return BadLength; ++ } + + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); + CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); +-- +cgit v1.2.1 + diff --git a/source/x/x11/patch/xorg-server/failed/0001-Always-install-vbe-and-int10-sdk-headers.patch b/source/x/x11/patch/xorg-server/failed/0001-Always-install-vbe-and-int10-sdk-headers.patch deleted file mode 100644 index c613eb8f9..000000000 --- a/source/x/x11/patch/xorg-server/failed/0001-Always-install-vbe-and-int10-sdk-headers.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e96a83d9b1b5a52a41213c7a4840dc96b4f5b06f Mon Sep 17 00:00:00 2001 -From: Adam Jackson -Date: Wed, 15 Aug 2012 12:35:21 -0400 -Subject: [PATCH] Always install vbe and int10 sdk headers - -Signed-off-by: Adam Jackson ---- - hw/xfree86/Makefile.am | 12 ++---------- - 1 file changed, 2 insertions(+), 10 deletions(-) - -diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am -index b876b79..a170b58 100644 ---- a/hw/xfree86/Makefile.am -+++ b/hw/xfree86/Makefile.am -@@ -26,17 +26,9 @@ if VGAHW - VGAHW_SUBDIR = vgahw - endif - --if VBE --VBE_SUBDIR = vbe --endif -- --if INT10MODULE --INT10_SUBDIR = int10 --endif -- --SUBDIRS = common ddc x86emu $(INT10_SUBDIR) os-support parser \ -+SUBDIRS = common ddc x86emu int10 os-support parser \ - ramdac $(VGAHW_SUBDIR) loader modes $(DRI_SUBDIR) \ -- $(DRI2_SUBDIR) . $(VBE_SUBDIR) i2c dixmods xkb \ -+ $(DRI2_SUBDIR) . vbe i2c dixmods xkb \ - fbdevhw shadowfb exa $(XF86UTILS_SUBDIR) doc man \ - $(GLAMOR_EGL_SUBDIR) drivers - --- -2.13.6 - diff --git a/source/x/xorg-server-xwayland/CVE-2022-3550.patch b/source/x/xorg-server-xwayland/CVE-2022-3550.patch new file mode 100644 index 000000000..3461b0749 --- /dev/null +++ b/source/x/xorg-server-xwayland/CVE-2022-3550.patch @@ -0,0 +1,34 @@ +From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 5 Jul 2022 12:06:20 +1000 +Subject: xkb: proof GetCountedString against request length attacks + +GetCountedString did a check for the whole string to be within the +request buffer but not for the initial 2 bytes that contain the length +field. A swapped client could send a malformed request to trigger a +swaps() on those bytes, writing into random memory. + +Signed-off-by: Peter Hutterer +--- + xkb/xkb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index f42f59ef3..1841cff26 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str) + CARD16 len; + + wire = *wire_inout; ++ ++ if (client->req_len < ++ bytes_to_int32(wire + 2 - (char *) client->requestBuffer)) ++ return BadValue; ++ + len = *(CARD16 *) wire; + if (client->swapped) { + swaps(&len); +-- +cgit v1.2.1 + diff --git a/source/x/xorg-server-xwayland/CVE-2022-3551.patch b/source/x/xorg-server-xwayland/CVE-2022-3551.patch new file mode 100644 index 000000000..e41db9286 --- /dev/null +++ b/source/x/xorg-server-xwayland/CVE-2022-3551.patch @@ -0,0 +1,59 @@ +From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Wed, 13 Jul 2022 11:23:09 +1000 +Subject: xkb: fix some possible memleaks in XkbGetKbdByName + +GetComponentByName returns an allocated string, so let's free that if we +fail somewhere. + +Signed-off-by: Peter Hutterer +--- + xkb/xkb.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 4692895db..b79a269e3 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) + xkb = dev->key->xkbInfo->desc; + status = Success; + str = (unsigned char *) &stuff[1]; +- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ +- return BadMatch; ++ { ++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ ++ if (keymap) { ++ free(keymap); ++ return BadMatch; ++ } ++ } + names.keycodes = GetComponentSpec(&str, TRUE, &status); + names.types = GetComponentSpec(&str, TRUE, &status); + names.compat = GetComponentSpec(&str, TRUE, &status); + names.symbols = GetComponentSpec(&str, TRUE, &status); + names.geometry = GetComponentSpec(&str, TRUE, &status); +- if (status != Success) ++ if (status == Success) { ++ len = str - ((unsigned char *) stuff); ++ if ((XkbPaddedSize(len) / 4) != stuff->length) ++ status = BadLength; ++ } ++ ++ if (status != Success) { ++ free(names.keycodes); ++ free(names.types); ++ free(names.compat); ++ free(names.symbols); ++ free(names.geometry); + return status; +- len = str - ((unsigned char *) stuff); +- if ((XkbPaddedSize(len) / 4) != stuff->length) +- return BadLength; ++ } + + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); + CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); +-- +cgit v1.2.1 + diff --git a/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild index 6365e0c41..b0da0fe1d 100755 --- a/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild +++ b/source/x/xorg-server-xwayland/xorg-server-xwayland.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=xorg-server-xwayland SRCNAM=xwayland VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Default font paths to be used by the X server: DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" @@ -80,6 +80,10 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# Patch more security issues: +zcat $CWD/CVE-2022-3550.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2022-3551.patch.gz | patch -p1 --verbose || exit 1 + # Configure, build, and install: export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS"