packages/xorg-x11-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-3472

Browse Source
This commit is contained in:
zhanzhimin 2021-06-03 16:17:06 +08:00
parent 9e4652f421
commit 2087fe3477
2 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2021-3472.patch Normal file
View File

@ -0,0 +1,36 @@
From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Sun, 21 Mar 2021 18:38:57 +0100
Subject: [PATCH] Fix XChangeFeedbackControl() request underflow
CVE-2021-3472 / ZDI-CAN-1259
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
---
Xi/chgfctl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
index 1de4da9..7a597e4 100644
--- a/Xi/chgfctl.c
+++ b/Xi/chgfctl.c
@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
break;
case StringFeedbackClass:
{
- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
+ xStringFeedbackCtl *f;
+ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+ sizeof(xStringFeedbackCtl));
+ f = ((xStringFeedbackCtl *) &stuff[1]);
if (client->swapped) {
if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
return BadLength;
--
2.23.0

16
xorg-x11-server.spec
View File

@ -16,7 +16,7 @@
Name: xorg-x11-server Name: xorg-x11-server
Version: 1.20.8 Version: 1.20.8
Release: 4 Release: 5
Summary: X.Org X11 X server Summary: X.Org X11 X server
License: MIT and GPLv2 License: MIT and GPLv2
URL: https://www.x.org URL: https://www.x.org
@ -85,6 +85,8 @@ Patch0033: CVE-2020-14345.patch
Patch0034: backport-CVE-2020-25712.patch Patch0034: backport-CVE-2020-25712.patch
Patch0035: backport-CVE-2020-14360.patch Patch0035: backport-CVE-2020-14360.patch
Patch0036: backport-CVE-2020-14347.patch Patch0036: backport-CVE-2020-14347.patch
Patch0037: backport-CVE-2021-3472.patch
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git
BuildRequires: systemtap-sdt-devel libtool pkgconfig BuildRequires: systemtap-sdt-devel libtool pkgconfig
@ -194,9 +196,9 @@ test `getminor extension` == %{extension_minor}
%build %build
export LDFLAGS="$RPM_LD_FLAGS -specs=/usr/lib/rpm/%{_vendor}/%{_vendor}-hardened-ld" export LDFLAGS="$RPM_LD_FLAGS -specs=/usr/lib/rpm/generic-hardened-ld"
export CXXFLAGS="$RPM_OPT_FLAGS -specs=/usr/lib/rpm/%{_vendor}/%{_vendor}-hardened-cc1" export CXXFLAGS="$RPM_OPT_FLAGS -specs=/usr/lib/rpm/generic-hardened-cc1"
export CFLAGS="$RPM_OPT_FLAGS -specs=/usr/lib/rpm/%{_vendor}/%{_vendor}-hardened-cc1" export CFLAGS="$RPM_OPT_FLAGS -specs=/usr/lib/rpm/generic-hardened-cc1"
%ifnarch %{ix86} x86_64 %ifnarch %{ix86} x86_64
%global no_int10 --disable-vbe --disable-int10-module %global no_int10 --disable-vbe --disable-int10-module
@ -327,6 +329,12 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%{_libdir}/xorg/protocol.txt %{_libdir}/xorg/protocol.txt
%changelog %changelog
* Thu Jun 03 2021 zhanzhimin<zhanzhimin@huawei.com> - 1.20.8-5
- Type:CVE
- Id:CVE-2021-3472
- SUG:NA
- DESC:fix CVE-2021-3472
* Mon Feb 01 2020 yeah_wang<wangye70@huawei.com> - 1.20.8-4 * Mon Feb 01 2020 yeah_wang<wangye70@huawei.com> - 1.20.8-4
- Type:CVE - Type:CVE
- Id:CVE-2020-14347 CVE-2020-14360 CVE-2020-25712 - Id:CVE-2020-14347 CVE-2020-14360 CVE-2020-25712