[PATCH] gnu: xorg-server: CVE-2021-3472.

DoneSubmitted by Leo Famulari.
Details
One participant
  • Leo Famulari
Owner
unassigned
Severity
normal
Merged with
L
L
Leo Famulari wrote on 24 Apr 21:38 +0200
(address . guix-patches@gnu.org)
dacfdb6bb4549e538777842d345baa860de6d114.1619293138.git.leo@famulari.name
* gnu/packages/patches/xorg-server-CVE-2021-3472.patch: New file.* gnu/local.mk (dist_patch_DATA): Add it.* gnu/packages/xorg.scm (xorg-server)[source]: Use it.--- gnu/local.mk | 1 + .../patches/xorg-server-CVE-2021-3472.patch | 44 +++++++++++++++++++ gnu/packages/xorg.scm | 5 ++- 3 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/xorg-server-CVE-2021-3472.patch
Toggle diff (87 lines)diff --git a/gnu/local.mk b/gnu/local.mkindex 50b11a8ca2..3d076de924 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -1815,6 +1815,7 @@ dist_patch_DATA = \ %D%/packages/patches/xfce4-panel-plugins.patch \ %D%/packages/patches/xfce4-settings-defaults.patch \ %D%/packages/patches/xmonad-dynamic-linking.patch \+ %D%/packages/patches/xorg-server-CVE-2021-3472.patch \ %D%/packages/patches/xplanet-1.3.1-cxx11-eof.patch \ %D%/packages/patches/xplanet-1.3.1-libdisplay_DisplayOutput.cpp.patch \ %D%/packages/patches/xplanet-1.3.1-libimage_gif.c.patch \diff --git a/gnu/packages/patches/xorg-server-CVE-2021-3472.patch b/gnu/packages/patches/xorg-server-CVE-2021-3472.patchnew file mode 100644index 0000000000..523a5b1dbf--- /dev/null+++ b/gnu/packages/patches/xorg-server-CVE-2021-3472.patch@@ -0,0 +1,44 @@+Fix CVE-2021-3472:++https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472+https://seclists.org/oss-sec/2021/q2/20++Patch copied from upstream source repository:++https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd++From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001+From: Matthieu Herrb <matthieu@herrb.eu>+Date: Sun, 21 Mar 2021 18:38:57 +0100+Subject: [PATCH] Fix XChangeFeedbackControl() request underflow++CVE-2021-3472 / ZDI-CAN-1259++This vulnerability was discovered by:+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative++Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>+---+ Xi/chgfctl.c | 5 ++++-+ 1 file changed, 4 insertions(+), 1 deletion(-)++diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c+index 1de4da9ef..7a597e43d 100644+--- a/Xi/chgfctl.c++++ b/Xi/chgfctl.c+@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)+ break;+ case StringFeedbackClass:+ {+- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);++ xStringFeedbackCtl *f;+ ++ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,++ sizeof(xStringFeedbackCtl));++ f = ((xStringFeedbackCtl *) &stuff[1]);+ if (client->swapped) {+ if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))+ return BadLength;+-- +2.31.1+diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scmindex 97ff8ab92b..df0055c704 100644--- a/gnu/packages/xorg.scm+++ b/gnu/packages/xorg.scm@@ -5312,7 +5312,7 @@ over Xlib, including: (base32 "16bwrf0ag41l7jbrllbix8z6avc5yimga7ihvq4ch3a5hb020x4p")) (patches- (list+ (cons ;; See: ;; https://lists.fedoraproject.org/archives/list/devel@lists. ;; fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/@@ -5324,7 +5324,8 @@ over Xlib, including: (sha256 (base32 "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))- (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))))))+ (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))+ (search-patches "xorg-server-CVE-2021-3472.patch"))))) (build-system gnu-build-system) (propagated-inputs `(("libpciaccess" ,libpciaccess)-- 2.31.1
L
L
Leo Famulari wrote on 24 Apr 23:36 +0200
(address . 48001@debbugs.gnu.org)
YISPXgLbiVYNzzDN@jasmine.lan
The first revision of this patch does not take care to avoid changingthe derivation of xorg-server-for-tests, so it would cause way too manypackages to be rebuilt.
Here is a revised patch that ensures the derivation remains the same.
For example:
------$ guix build -e '(@@ (gnu packages xorg) xorg-server-for-tests)' --no-grafts -d /gnu/store/nhs1c9q04g6k4prxxv4kb9q5lg1p872q-xorg-server-1.20.10.drv$ ./pre-inst-env guix build -e '(@@ (gnu packages xorg) xorg-server-for-tests)' --no-grafts -d/gnu/store/nhs1c9q04g6k4prxxv4kb9q5lg1p872q-xorg-server-1.20.10.drv------
From cc4b92215511eb4cd0853438194004159964cbd4 Mon Sep 17 00:00:00 2001From: Leo Famulari <leo@famulari.name>Date: Sat, 24 Apr 2021 15:34:24 -0400Subject: [PATCH] gnu: xorg-server: CVE-2021-3472.
* gnu/packages/patches/xorg-server-CVE-2021-3472.patch: New file.* gnu/local.mk (dist_patch_DATA): Add it.* gnu/packages/xorg.scm (xorg-server)[source]: Use it.[xorg-server-for-tests]: Do not use it, to avoid changing the derivation of thispackage.--- gnu/local.mk | 1 + .../patches/xorg-server-CVE-2021-3472.patch | 44 +++++++++++++++++++ gnu/packages/xorg.scm | 31 +++++++++++-- 3 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/xorg-server-CVE-2021-3472.patch
Toggle diff (120 lines)diff --git a/gnu/local.mk b/gnu/local.mkindex 50b11a8ca2..3d076de924 100644--- a/gnu/local.mk+++ b/gnu/local.mk@@ -1815,6 +1815,7 @@ dist_patch_DATA = \ %D%/packages/patches/xfce4-panel-plugins.patch \ %D%/packages/patches/xfce4-settings-defaults.patch \ %D%/packages/patches/xmonad-dynamic-linking.patch \+ %D%/packages/patches/xorg-server-CVE-2021-3472.patch \ %D%/packages/patches/xplanet-1.3.1-cxx11-eof.patch \ %D%/packages/patches/xplanet-1.3.1-libdisplay_DisplayOutput.cpp.patch \ %D%/packages/patches/xplanet-1.3.1-libimage_gif.c.patch \diff --git a/gnu/packages/patches/xorg-server-CVE-2021-3472.patch b/gnu/packages/patches/xorg-server-CVE-2021-3472.patchnew file mode 100644index 0000000000..523a5b1dbf--- /dev/null+++ b/gnu/packages/patches/xorg-server-CVE-2021-3472.patch@@ -0,0 +1,44 @@+Fix CVE-2021-3472:++https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472+https://seclists.org/oss-sec/2021/q2/20++Patch copied from upstream source repository:++https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd++From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001+From: Matthieu Herrb <matthieu@herrb.eu>+Date: Sun, 21 Mar 2021 18:38:57 +0100+Subject: [PATCH] Fix XChangeFeedbackControl() request underflow++CVE-2021-3472 / ZDI-CAN-1259++This vulnerability was discovered by:+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative++Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>+---+ Xi/chgfctl.c | 5 ++++-+ 1 file changed, 4 insertions(+), 1 deletion(-)++diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c+index 1de4da9ef..7a597e43d 100644+--- a/Xi/chgfctl.c++++ b/Xi/chgfctl.c+@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)+ break;+ case StringFeedbackClass:+ {+- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);++ xStringFeedbackCtl *f;+ ++ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,++ sizeof(xStringFeedbackCtl));++ f = ((xStringFeedbackCtl *) &stuff[1]);+ if (client->swapped) {+ if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))+ return BadLength;+-- +2.31.1+diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scmindex 97ff8ab92b..941958aa7a 100644--- a/gnu/packages/xorg.scm+++ b/gnu/packages/xorg.scm@@ -5312,7 +5312,7 @@ over Xlib, including: (base32 "16bwrf0ag41l7jbrllbix8z6avc5yimga7ihvq4ch3a5hb020x4p")) (patches- (list+ (cons ;; See: ;; https://lists.fedoraproject.org/archives/list/devel@lists. ;; fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/@@ -5324,7 +5324,8 @@ over Xlib, including: (sha256 (base32 "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))- (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))))))+ (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))+ (search-patches "xorg-server-CVE-2021-3472.patch"))))) (build-system gnu-build-system) (propagated-inputs `(("libpciaccess" ,libpciaccess)@@ -5432,7 +5433,31 @@ draggable titlebars and borders.") (define-public xorg-server-for-tests (hidden-package (package- (inherit xorg-server))))+ (inherit xorg-server)+ (version "1.20.10")+ ;; Don't apply xorg-server-CVE-2021-3472.patch+ (source+ (origin+ (method url-fetch)+ (uri (string-append "mirror://xorg/individual/xserver/"+ "xorg-server-" version ".tar.bz2"))+ (sha256+ (base32+ "16bwrf0ag41l7jbrllbix8z6avc5yimga7ihvq4ch3a5hb020x4p"))+ (patches+ (list+ ;; See:+ ;; https://lists.fedoraproject.org/archives/list/devel@lists.+ ;; fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/+ (origin+ (method url-fetch)+ (uri (string-append+ "http://pkgs.fedoraproject.org/cgit/rpms/xorg-x11-server.git"+ "/plain/06_use-intel-only-on-pre-gen4.diff"))+ (sha256+ (base32+ "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))+ (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))))))))) (define-public xorg-server-xwayland (package/inherit xorg-server-- 2.31.1
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmCEj14ACgkQJkb6MLrKfwgdUg//cdMjEAoBDKyDpXX31YsG5xYVw0L0Wy91LyiGDMeBVuueqvfig7qYrZEFu3/BwjYSbGIxrAG2NhEvQacqj6LpttIkp205isxMaMLvz/Jm9l8TixN5iBuckPIzxuAKR5tzjL2YhQLLMCGM7jUlg7ffhFoPoXQ3sQ64pGAzUfRZO8lA8mP21PBA69YZ2zObd8+uOE2osyJ9lt5sVaM9LPvhWaPIx1WRwhwy3TwuxEm5Y/U9jbJqJZk/mrMCVS7efAnm8lO6DLu6GYfstzQOgKalDwOrK6ks9Hlahp4RUhuu9vL1x3XEhQ9PDHJJiYE0fueKgbALp2m0gVnLlJ+AaozUFa4v0nMtXscLLxsSRIYby7uDxWvMUJeCObEFyBeMU3X3GNRmYBmyxRBeeepAI7L39BxsX7k0wraExIFpag7Km27SdemJJP8A/d0yjQgW0Ru0o1pZAkI8mDL93q423um/GVcEeqbHPRKddkGMYm/zYKhoQfyXNAC7MUr+pUzWfA4NKQFDb6jZIqySYTQwLO2LP0tfYbEcllgi44VsE5qXUwMmsSuD5ItVv2iy9pdOCzEDUU/qk7NHopPz0s7n5qT5y2qZORCPkRUqJDPnj7tv0aEZpxS7BdrxBMn8UZW8edx7RZLuSydfsKRjGY6WXG/KsU6I2AZiprkBFfezDtQtyZ8==+JTq-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 26 Apr 21:29 +0200
(no subject)
(name . GNU bug tracker automated control server)(address . control@debbugs.gnu.org)
YIcUm//YHswe/bKP@jasmine.lan
reassign 48039 guix-patchesmerge 48001 48039
?