xorg-xserver/xorg-server: fix CVD-2018-14665, security update

author: Florian Franzmann 2018-10-28 09:37:04 +0100
committer: Florian Franzmann 2018-10-28 09:37:22 +0100
commit: ad24c693d7b035f8bf99bbd5d3b713ee0b7aa2d0 (patch)
tree: b341703356a424d342b2d780f743b7956256a4cd /xorg-xserver/xorg-server
parent: 982bd2d2305fec8fb3adb739f9b920ec575e8cda (diff)
4 files changed, 33 insertions, 2 deletions
diff --git a/xorg-xserver/xorg-server/DETAILS b/xorg-xserver/xorg-server/DETAILS
index c726c1865e..bc030a1c2a 100755
--- a/xorg-xserver/xorg-server/DETAILS
+++ b/xorg-xserver/xorg-server/DETAILS
@@ -10,7 +10,7 @@
          WEB_SITE=https://xorg.freedesktop.org/
           ENTERED=20051125
        LICENSE[0]=XCL
-   SECURITY_PATCH=13
+   SECURITY_PATCH=14
             SHORT="X servers (including Xorg, Xprt, Xvfb, Xnest & Xdmx)"
 cat << EOF
 X servers (including Xorg, Xprt, Xvfb, Xnest & Xdmx), the core of the X
diff --git a/xorg-xserver/xorg-server/HISTORY b/xorg-xserver/xorg-server/HISTORY
index 11b14421e9..8866cb002c 100644
--- a/xorg-xserver/xorg-server/HISTORY
+++ b/xorg-xserver/xorg-server/HISTORY
@@ -1,3 +1,7 @@
+2018-10-28 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de>
+	* PRE_BUILD, fix-CVE-2018-14665.patch: fix CVE-2018-14665
+	* DETAILS: SECURITY_PATCH++
+
 2018-08-30 Pavel Vinogradov <public@sourcemage.org>
 	* POST_RESURRECT, PRE_BUILD, REPAIR^all^POST_RESURRECT: added check
 	  for smgl-gl_select availability
diff --git a/xorg-xserver/xorg-server/PRE_BUILD b/xorg-xserver/xorg-server/PRE_BUILD
index 8a67cbfd3a..77dcea15e7 100755
--- a/xorg-xserver/xorg-server/PRE_BUILD
+++ b/xorg-xserver/xorg-server/PRE_BUILD
@@ -6,5 +6,7 @@ if spell_ok "smgl-gl_select"; then
   # some install scripts are missing!
   autoreconf -f -i --symlink &&
   patch -p1 < $SPELL_DIRECTORY/gl_select.patch
-fi
+fi &&
+
+patch -p1 < "$SPELL_DIRECTORY/fix-CVE-2018-14665.patch"
 
diff --git a/xorg-xserver/xorg-server/fix-CVE-2018-14665.patch b/xorg-xserver/xorg-server/fix-CVE-2018-14665.patch
new file mode 100644
index 0000000000..bfa7773e43
--- /dev/null
+++ b/xorg-xserver/xorg-server/fix-CVE-2018-14665.patch
@@ -0,0 +1,25 @@
+diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
+index 6c25eda739719d11f0e4c2dcf59c2a06d2b9ac97..0f57efa86324bb933fe9e239b46f62d04a739d39 100644
+--- a/hw/xfree86/common/xf86Init.c
++++ b/hw/xfree86/common/xf86Init.c
+@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
+     /* First the options that are not allowed with elevated privileges */
+     if (!strcmp(argv[i], "-modulepath")) {
+         CHECK_FOR_REQUIRED_ARGUMENT();
+-        xf86CheckPrivs(argv[i], argv[i + 1]);
++        if (xf86PrivsElevated())
++              FatalError("\nInvalid argument -modulepath "
++                "with elevated privileges\n");
+         xf86ModulePath = argv[i + 1];
+         xf86ModPathFrom = X_CMDLINE;
+         return 2;
+     }
+     if (!strcmp(argv[i], "-logfile")) {
+         CHECK_FOR_REQUIRED_ARGUMENT();
+-        xf86CheckPrivs(argv[i], argv[i + 1]);
++        if (xf86PrivsElevated())
++              FatalError("\nInvalid argument -logfile "
++                "with elevated privileges\n");
+         xf86LogFile = argv[i + 1];
+         xf86LogFileFrom = X_CMDLINE;
+         return 2;
author	Florian Franzmann	2018-10-28 09:37:04 +0100
committer	Florian Franzmann	2018-10-28 09:37:22 +0100
commit	ad24c693d7b035f8bf99bbd5d3b713ee0b7aa2d0 (patch)
tree	b341703356a424d342b2d780f743b7956256a4cd /xorg-xserver/xorg-server
parent	982bd2d2305fec8fb3adb739f9b920ec575e8cda (diff)