From b1ac9a936fa3ba136b472a4d577e881f261496239bbaebe1350424d46d12d973 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Wed, 13 Nov 2019 14:49:36 +0000 Subject: [PATCH 1/3] Accepting request 748317 from home:fcrozat:branches:X11:XOrg - Update _contraints, Mesa-drivers needs 7GB of disk to build safely. - Update _contraints, Mesa-drivers needs 7GB of disk to build safely. OBS-URL: https://build.opensuse.org/request/show/748317 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/Mesa?expand=0&rev=898 --- Mesa-drivers.changes | 6 ++++++ Mesa.changes | 6 ++++++ _constraints | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Mesa-drivers.changes b/Mesa-drivers.changes index 01df779..351f1e7 100644 --- a/Mesa-drivers.changes +++ b/Mesa-drivers.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Nov 13 14:01:29 UTC 2019 - Frederic Crozat + +- Update _contraints, Mesa-drivers needs 7GB of disk to build + safely. + ------------------------------------------------------------------- Thu Nov 7 11:20:41 UTC 2019 - Stefan Dirsch diff --git a/Mesa.changes b/Mesa.changes index 01df779..351f1e7 100644 --- a/Mesa.changes +++ b/Mesa.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Nov 13 14:01:29 UTC 2019 - Frederic Crozat + +- Update _contraints, Mesa-drivers needs 7GB of disk to build + safely. + ------------------------------------------------------------------- Thu Nov 7 11:20:41 UTC 2019 - Stefan Dirsch diff --git a/_constraints b/_constraints index 5f95421..13d1758 100644 --- a/_constraints +++ b/_constraints @@ -7,7 +7,7 @@ - 6 + 7 From 6c0bceff1b71bcaca7af590c9b55e5a8e69e7256ff38e7199bbb0aa48a7af0bd Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Thu, 14 Nov 2019 10:21:22 +0000 Subject: [PATCH 2/3] - Update to version 19.2.4 * This is an emergency release, to fix a critical bug found in the 19.2.3 release which causes incomplete rendering on all mesa drivers. This release contains a single patch to fix that bug. OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/Mesa?expand=0&rev=899 --- Mesa-drivers.changes | 9 +++++++++ Mesa-drivers.spec | 4 ++-- Mesa.changes | 9 +++++++++ Mesa.spec | 4 ++-- mesa-19.2.3.tar.xz | 3 --- mesa-19.2.3.tar.xz.sig | Bin 119 -> 0 bytes mesa-19.2.4.tar.xz | 3 +++ mesa-19.2.4.tar.xz.sig | Bin 0 -> 119 bytes 8 files changed, 25 insertions(+), 7 deletions(-) delete mode 100644 mesa-19.2.3.tar.xz delete mode 100644 mesa-19.2.3.tar.xz.sig create mode 100644 mesa-19.2.4.tar.xz create mode 100644 mesa-19.2.4.tar.xz.sig diff --git a/Mesa-drivers.changes b/Mesa-drivers.changes index 351f1e7..5d3ede4 100644 --- a/Mesa-drivers.changes +++ b/Mesa-drivers.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Nov 14 10:15:13 UTC 2019 - Stefan Dirsch + +- Update to version 19.2.4 + * This is an emergency release, to fix a critical bug found in + the 19.2.3 release which causes incomplete rendering on all + mesa drivers. This release contains a single patch to fix + that bug. + ------------------------------------------------------------------- Wed Nov 13 14:01:29 UTC 2019 - Frederic Crozat diff --git a/Mesa-drivers.spec b/Mesa-drivers.spec index f536a76..0871679 100644 --- a/Mesa-drivers.spec +++ b/Mesa-drivers.spec @@ -42,7 +42,7 @@ %define glamor 1 %define _name_archive mesa -%define _version 19.2.3 +%define _version 19.2.4 %define with_opencl 0 %define with_vulkan 0 %define with_llvm 0 @@ -110,7 +110,7 @@ %endif Name: Mesa-drivers -Version: 19.2.3 +Version: 19.2.4 Release: 0 Summary: System for rendering 3-D graphics License: MIT diff --git a/Mesa.changes b/Mesa.changes index 351f1e7..5d3ede4 100644 --- a/Mesa.changes +++ b/Mesa.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Nov 14 10:15:13 UTC 2019 - Stefan Dirsch + +- Update to version 19.2.4 + * This is an emergency release, to fix a critical bug found in + the 19.2.3 release which causes incomplete rendering on all + mesa drivers. This release contains a single patch to fix + that bug. + ------------------------------------------------------------------- Wed Nov 13 14:01:29 UTC 2019 - Frederic Crozat diff --git a/Mesa.spec b/Mesa.spec index 73746b1..310cf51 100644 --- a/Mesa.spec +++ b/Mesa.spec @@ -41,7 +41,7 @@ %define glamor 1 %define _name_archive mesa -%define _version 19.2.3 +%define _version 19.2.4 %define with_opencl 0 %define with_vulkan 0 %define with_llvm 0 @@ -109,7 +109,7 @@ %endif Name: Mesa -Version: 19.2.3 +Version: 19.2.4 Release: 0 Summary: System for rendering 3-D graphics License: MIT diff --git a/mesa-19.2.3.tar.xz b/mesa-19.2.3.tar.xz deleted file mode 100644 index 967f91c..0000000 --- a/mesa-19.2.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ee6e42504fe41dcc9a6eba26982656a675b2550a640946f463927ed7f1c5047 -size 11457544 diff --git a/mesa-19.2.3.tar.xz.sig b/mesa-19.2.3.tar.xz.sig deleted file mode 100644 index 3c8c56984c3b71269fd1df966a751093842a49d7a5e86821b598b2bd6942a849..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGVvrS6WGOtdJxpOwX+gL5ZB?JCzgF9AD1O7r6np5mHUk%@08C`Y8%BmL z3u6+vK0bP{eoTs|NmD4EVQJu->ud9U!j1Q=d75=;0>eMcH*z5>dH$~QEEl}@zh;NC V`0n1gW46yN^uJHqb$``51^}JhHd_Dy diff --git a/mesa-19.2.4.tar.xz b/mesa-19.2.4.tar.xz new file mode 100644 index 0000000..add1895 --- /dev/null +++ b/mesa-19.2.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:09000a0f7dbbd82e193b81a8f1bf0c118eab7ca975c0329181968596e548e30f +size 11458340 diff --git a/mesa-19.2.4.tar.xz.sig b/mesa-19.2.4.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..8737d885032d518b0401ecd1b2e20f91b243c0fd6833094bd50179611203f4aa GIT binary patch literal 119 zcmeAuWnmEGVvrS6WGOtdJxpOwX+gL5ZB?JCzgF9AD1O7r6niG{BLf$w08FGzoZ){| z6N_!|n~1)QKR%YzmzWzwX83Sj)o(NTp3$}PdfSn64F7aYc)qELPFcR?^Ua8t<$2o= UvBoKMuhx+7HGH2}Im?q70At-VtN;K2 literal 0 HcmV?d00001 From 573aa2f2416c89ce962e3011093c9be45c4d51d279018b4ce2910264b57fa465 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Thu, 14 Nov 2019 14:52:13 +0000 Subject: [PATCH 3/3] - u_call-shmget-with-permission-0600-instead-of-0777.patch * CVE-2019-5068 (bsc#1156015) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/Mesa?expand=0&rev=900 --- Mesa-drivers.changes | 6 ++ Mesa-drivers.spec | 2 + Mesa.changes | 6 ++ Mesa.spec | 2 + ...with-permission-0600-instead-of-0777.patch | 61 +++++++++++++++++++ 5 files changed, 77 insertions(+) create mode 100644 u_call-shmget-with-permission-0600-instead-of-0777.patch diff --git a/Mesa-drivers.changes b/Mesa-drivers.changes index 5d3ede4..53eb8fb 100644 --- a/Mesa-drivers.changes +++ b/Mesa-drivers.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 14 14:36:08 UTC 2019 - Stefan Dirsch + +- u_call-shmget-with-permission-0600-instead-of-0777.patch + * CVE-2019-5068 (bsc#1156015) + ------------------------------------------------------------------- Thu Nov 14 10:15:13 UTC 2019 - Stefan Dirsch diff --git a/Mesa-drivers.spec b/Mesa-drivers.spec index 0871679..8f8640f 100644 --- a/Mesa-drivers.spec +++ b/Mesa-drivers.spec @@ -126,6 +126,7 @@ Source6: %{name}-rpmlintrc Source7: Mesa.keyring Patch1: n_opencl_dep_libclang.patch Patch2: n_add-Mesa-headers-again.patch +Patch3: u_call-shmget-with-permission-0600-instead-of-0777.patch # never to be upstreamed Patch54: n_drirc-disable-rgb10-for-chromium-on-amd.patch Patch58: u_dep_xcb.patch @@ -733,6 +734,7 @@ rm -rf docs/README.{VMS,WIN32,OS2} %endif %endif %patch2 -p1 +%patch3 -p1 %patch54 -p1 %patch58 -p1 diff --git a/Mesa.changes b/Mesa.changes index 5d3ede4..53eb8fb 100644 --- a/Mesa.changes +++ b/Mesa.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 14 14:36:08 UTC 2019 - Stefan Dirsch + +- u_call-shmget-with-permission-0600-instead-of-0777.patch + * CVE-2019-5068 (bsc#1156015) + ------------------------------------------------------------------- Thu Nov 14 10:15:13 UTC 2019 - Stefan Dirsch diff --git a/Mesa.spec b/Mesa.spec index 310cf51..39a3b3b 100644 --- a/Mesa.spec +++ b/Mesa.spec @@ -125,6 +125,7 @@ Source6: %{name}-rpmlintrc Source7: Mesa.keyring Patch1: n_opencl_dep_libclang.patch Patch2: n_add-Mesa-headers-again.patch +Patch3: u_call-shmget-with-permission-0600-instead-of-0777.patch # never to be upstreamed Patch54: n_drirc-disable-rgb10-for-chromium-on-amd.patch Patch58: u_dep_xcb.patch @@ -732,6 +733,7 @@ rm -rf docs/README.{VMS,WIN32,OS2} %endif %endif %patch2 -p1 +%patch3 -p1 %patch54 -p1 %patch58 -p1 diff --git a/u_call-shmget-with-permission-0600-instead-of-0777.patch b/u_call-shmget-with-permission-0600-instead-of-0777.patch new file mode 100644 index 0000000..abd141a --- /dev/null +++ b/u_call-shmget-with-permission-0600-instead-of-0777.patch @@ -0,0 +1,61 @@ +A security advisory (TALOS-2019-0857/CVE-2019-5068) found that +creating shared memory regions with permission mode 0777 could allow +any user to access that memory. Several Mesa drivers use shared- +memory XImages to implement back buffers for improved performance. + +This path changes the shmget() calls to use 0600 (user r/w). + +Tested with legacy Xlib driver and llvmpipe. + +Cc: mesa-stable at lists.freedesktop.org +--- + src/gallium/winsys/sw/dri/dri_sw_winsys.c | 3 ++- + src/gallium/winsys/sw/xlib/xlib_sw_winsys.c | 3 ++- + src/mesa/drivers/x11/xm_buffer.c | 3 ++- + 3 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/gallium/winsys/sw/dri/dri_sw_winsys.c b/src/gallium/winsys/sw/dri/dri_sw_winsys.c +index 761f5d1..2e5970b 100644 +--- a/src/gallium/winsys/sw/dri/dri_sw_winsys.c ++++ b/src/gallium/winsys/sw/dri/dri_sw_winsys.c +@@ -92,7 +92,8 @@ alloc_shm(struct dri_sw_displaytarget *dri_sw_dt, unsigned size) + { + char *addr; + +- dri_sw_dt->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0777); ++ /* 0600 = user read+write */ ++ dri_sw_dt->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0600); + if (dri_sw_dt->shmid < 0) + return NULL; + +diff --git a/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c b/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c +index c14c9de..edebb48 100644 +--- a/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c ++++ b/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c +@@ -126,7 +126,8 @@ alloc_shm(struct xlib_displaytarget *buf, unsigned size) + shminfo->shmid = -1; + shminfo->shmaddr = (char *) -1; + +- shminfo->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0777); ++ /* 0600 = user read+write */ ++ shminfo->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0600); + if (shminfo->shmid < 0) { + return NULL; + } +diff --git a/src/mesa/drivers/x11/xm_buffer.c b/src/mesa/drivers/x11/xm_buffer.c +index d945d8a..0da08a6 100644 +--- a/src/mesa/drivers/x11/xm_buffer.c ++++ b/src/mesa/drivers/x11/xm_buffer.c +@@ -89,8 +89,9 @@ alloc_back_shm_ximage(XMesaBuffer b, GLuint width, GLuint height) + return GL_FALSE; + } + ++ /* 0600 = user read+write */ + b->shminfo.shmid = shmget(IPC_PRIVATE, b->backxrb->ximage->bytes_per_line +- * b->backxrb->ximage->height, IPC_CREAT|0777); ++ * b->backxrb->ximage->height, IPC_CREAT|0600); + if (b->shminfo.shmid < 0) { + _mesa_warning(NULL, "shmget failed while allocating back buffer.\n"); + XDestroyImage(b->backxrb->ximage); +-- +1.8.5.6