[Buildroot] [PATCH] package/xserver_xorg-server: security bump to version 21.1.2

Peter Korsgaard peter at korsgaard.com
Thu Dec 16 17:16:55 UTC 2021 

Fixes the following vulnerabilities:

* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
  access

  The handler for the CompositeGlyphs request of the Render extension does
  not properly validate the request length leading to out of bounds memory
  write.

* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
  access

  The handler for the CreatePointerBarrier request of the XFixes extension
  does not properly validate the request length leading to out of bounds
  memory write.

* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access

  The handler for the Suspend request of the Screen Saver extension does not
  properly validate the request length leading to out of bounds memory
  write.

* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access

  The handlers for the RecordCreateContext and RecordRegisterClients
  requests of the Record extension do not properly validate the request
  length leading to out of bounds memory write.

For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html

Builds without systemd unfortunately got broken.  Add a patch fixing that
from an upstream merge request:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 ...error-when-built-without-logind-plat.patch | 90 +++++++++++++++++++
 .../xserver_xorg-server.hash                  |  6 +-
 .../xserver_xorg-server.mk                    |  2 +-
 3 files changed, 94 insertions(+), 4 deletions(-)
 create mode 100644 package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch

diff --git a/package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch b/package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch
new file mode 100644
index 0000000000..164c0039bd
--- /dev/null
+++ b/package/x11r7/xserver_xorg-server/0002-Fix-compilation-error-when-built-without-logind-plat.patch
@@ -0,0 +1,90 @@
+From 17b6ab4d8cecf55a3784dbefbef9bfcf84ee3b1b Mon Sep 17 00:00:00 2001
+From: Jocelyn Falempe <jfalempe at redhat.com>
+Date: Thu, 16 Dec 2021 15:46:43 +0100
+Subject: [PATCH] Fix compilation error when built without logind/platform bus
+
+This was introduced by commit 8eb1396d
+
+Signed-off-by: Jocelyn Falempe <jfalempe at redhat.com>
+[Peter: from https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827]
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ hw/xfree86/common/xf86Events.c               |  9 +--------
+ hw/xfree86/os-support/linux/systemd-logind.c | 16 +++++++++++-----
+ include/systemd-logind.h                     |  4 ++--
+ 3 files changed, 14 insertions(+), 15 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Events.c b/hw/xfree86/common/xf86Events.c
+index 6076efa80..395bbc7b3 100644
+--- a/hw/xfree86/common/xf86Events.c
++++ b/hw/xfree86/common/xf86Events.c
+@@ -383,14 +383,7 @@ xf86VTLeave(void)
+         xf86GPUScreens[i]->LeaveVT(xf86GPUScreens[i]);
+ 
+     if (systemd_logind_controls_session()) {
+-        for (i = 0; i < xf86_num_platform_devices; i++) {
+-            if (xf86_platform_devices[i].flags & XF86_PDEV_SERVER_FD) {
+-                int major, minor;
+-                major = xf86_platform_odev_attributes(i)->major;
+-                minor = xf86_platform_odev_attributes(i)->minor;
+-                systemd_logind_drop_master(major, minor);
+-            }
+-        }
++        systemd_logind_drop_master();
+     }
+ 
+     if (!xf86VTSwitchAway())
+diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c
+index 35d5cc75b..f6a223a55 100644
+--- a/hw/xfree86/os-support/linux/systemd-logind.c
++++ b/hw/xfree86/os-support/linux/systemd-logind.c
+@@ -308,13 +308,19 @@ cleanup:
+  * and ensure the drm_drop_master is done before
+  * VT_RELDISP when switching VT
+  */
+-void systemd_logind_drop_master(int _major, int _minor)
++void systemd_logind_drop_master(void)
+ {
+-    struct systemd_logind_info *info = &logind_info;
+-    dbus_int32_t major = _major;
+-    dbus_int32_t minor = _minor;
++    int i;
++    for (i = 0; i < xf86_num_platform_devices; i++) {
++        if (xf86_platform_devices[i].flags & XF86_PDEV_SERVER_FD) {
++            dbus_int32_t major, minor;
++            struct systemd_logind_info *info = &logind_info;
+ 
+-    systemd_logind_ack_pause(info, minor, major);
++            major = xf86_platform_odev_attributes(i)->major;
++            minor = xf86_platform_odev_attributes(i)->minor;
++            systemd_logind_ack_pause(info, minor, major);
++        }
++    }
+ }
+ 
+ static DBusHandlerResult
+diff --git a/include/systemd-logind.h b/include/systemd-logind.h
+index a8af2b96d..5c04d0130 100644
+--- a/include/systemd-logind.h
++++ b/include/systemd-logind.h
+@@ -33,7 +33,7 @@ int systemd_logind_take_fd(int major, int minor, const char *path, Bool *paus);
+ void systemd_logind_release_fd(int major, int minor, int fd);
+ int systemd_logind_controls_session(void);
+ void systemd_logind_vtenter(void);
+-void systemd_logind_drop_master(int major, int minor);
++void systemd_logind_drop_master(void);
+ #else
+ #define systemd_logind_init()
+ #define systemd_logind_fini()
+@@ -41,7 +41,7 @@ void systemd_logind_drop_master(int major, int minor);
+ #define systemd_logind_release_fd(major, minor, fd) close(fd)
+ #define systemd_logind_controls_session() 0
+ #define systemd_logind_vtenter()
+-#define systemd_logind_drop_master(major, minor)
++#define systemd_logind_drop_master()
+ #endif
+ 
+ #endif
+-- 
+2.20.1
+
diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
index d389e6713a..6008661db1 100644
--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.hash
@@ -1,6 +1,6 @@
-# From https://lists.x.org/archives/xorg-announce/2021-November/003116.html
-sha256  782e7fef2ca0c7cbe60a937b8bf42dac69c904fb841950fd0363e1c2346ea755  xorg-server-21.1.1.tar.xz
-sha512  8608ed9c1537c95e8a3adea5e3e372a3c5eb841f8e27c84283093f22fb1909e16a800006510da684b13f8f237f33b8a4be3e2537f5f9ab9af4c5ad12770eef0d  xorg-server-21.1.1.tar.xz
+# From https://lists.x.org/archives/xorg-announce/2021-December/003125.html
+sha256  c20bf46a9fe8e74bf4e75430637e58d49a02d806609dc161462bceb1ef7e8db0  xorg-server-21.1.2.tar.xz
+sha512  6d7a0d29d5be09f80ed505c4d6ae964795127525a0ab73a4eab4f601788ab3627033143e5aeb4c2565c6683dd3402084d13acab5554606fbd519c4aec0a79def  xorg-server-21.1.2.tar.xz
 
 # Locally calculated
 sha256  4cc0447a22635c7b2f1a93fec4aa94f1970fadeb72a063de006b51cf4963a06f  COPYING
diff --git a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
index 2518776da8..0cadba92a3 100644
--- a/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
+++ b/package/x11r7/xserver_xorg-server/xserver_xorg-server.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-XSERVER_XORG_SERVER_VERSION = 21.1.1
+XSERVER_XORG_SERVER_VERSION = 21.1.2
 XSERVER_XORG_SERVER_SOURCE = xorg-server-$(XSERVER_XORG_SERVER_VERSION).tar.xz
 XSERVER_XORG_SERVER_SITE = https://xorg.freedesktop.org/archive/individual/xserver
 XSERVER_XORG_SERVER_LICENSE = MIT
-- 
2.20.1

More information about the buildroot mailing list