From 5caba0411b6440e5db67eb3d3b5d6e8a8ab12a641205083312fb33caa2c19b91 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Tue, 14 Dec 2021 15:39:29 +0000 Subject: [PATCH] - U_rendercompositeglyphs.patch * X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192] (boo#1193030) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=810 --- U_rendercompositeglyphs.patch | 29 +++++++++++++++++++++++++++++ xorg-x11-server.changes | 18 +++++++++++++----- xorg-x11-server.spec | 3 +++ 3 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 U_rendercompositeglyphs.patch diff --git a/U_rendercompositeglyphs.patch b/U_rendercompositeglyphs.patch new file mode 100644 index 0000000..7e59fa2 --- /dev/null +++ b/U_rendercompositeglyphs.patch @@ -0,0 +1,29 @@ +--- a/render/render.c ++++ a/render/render.c +@@ -2309,6 +2309,8 @@ SProcRenderCompositeGlyphs(ClientPtr client) + + i = elt->len; + if (i == 0xff) { ++ if (buffer + 4 >= end) ++ return BadLength; + swapl((int *) buffer); + buffer += 4; + } +@@ -2320,12 +2322,16 @@ SProcRenderCompositeGlyphs(ClientPtr client) + break; + case 2: + while (i--) { ++ if (buffer + 2 >= end) ++ return BadLength; + swaps((short *) buffer); + buffer += 2; + } + break; + case 4: + while (i--) { ++ if (buffer + 4 >= end) ++ return BadLength; + swapl((int *) buffer); + buffer += 4; + } + diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 8c8981c..d8da6f8 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Dec 14 15:31:41 UTC 2021 - Stefan Dirsch + +- U_rendercompositeglyphs.patch + * X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access + Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192] + (boo#1193030) + ------------------------------------------------------------------- Tue Dec 14 14:14:45 UTC 2021 - Thomas Zimmermann @@ -14,16 +22,16 @@ Tue Dec 14 14:14:45 UTC 2021 - Thomas Zimmermann Fri Dec 3 14:41:55 UTC 2021 - Thomas Zimmermann - u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch - * Fix SEGFAULT when parsing bus IDs of NULL + * Fix SEGFAULT when parsing bus IDs of NULL (boo#1193250) - u_Support-configuration-files-under-run-X11-xorg.conf..patch * Support configuration files under /run. Required for generating - configuration files via udev. + configuration files via udev. (boo#1193250) - u_Add-udev-scripts-for-configuration-of-platform-devic.patch - * Generate configuration files for platform devices + * Generate configuration files for platform devices (boo#1193250) - u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch - * Code has been obsoleted by udev patchset + * Code has been obsoleted by udev patchset (boo#1193250) - u_Add-udev-rule-for-HyperV-devices.patch - * Same as for platform devices, but on HyperV + * Same as for platform devices, but on HyperV (boo#1193250) ------------------------------------------------------------------- Fri Nov 19 15:49:28 UTC 2021 - Stefan Dirsch diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index b7d7ee7..eb9a9dc 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -241,6 +241,8 @@ Patch1910: u_modesetting-Fix-dirty-updates-for-sw-rotation.patch Patch1920: u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch +Patch1193030: U_rendercompositeglyphs.patch + %description This package contains the X.Org Server. @@ -396,6 +398,7 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch1900 -p1 %patch1910 -p1 %patch1920 -p1 +%patch1193030 -p1 %build %global _lto_cflags %{?_lto_cflags} -ffat-lto-objects