diff options
author | Florian Franzmann | 2018-10-28 09:37:04 +0100 |
---|---|---|
committer | Florian Franzmann | 2018-10-28 09:37:22 +0100 |
commit | ad24c693d7b035f8bf99bbd5d3b713ee0b7aa2d0 (patch) | |
tree | b341703356a424d342b2d780f743b7956256a4cd /xorg-xserver | |
parent | 982bd2d2305fec8fb3adb739f9b920ec575e8cda (diff) |
xorg-xserver/xorg-server: fix CVD-2018-14665, security update
Diffstat (limited to 'xorg-xserver')
-rwxr-xr-x | xorg-xserver/xorg-server/DETAILS | 2 | ||||
-rw-r--r-- | xorg-xserver/xorg-server/HISTORY | 4 | ||||
-rwxr-xr-x | xorg-xserver/xorg-server/PRE_BUILD | 4 | ||||
-rw-r--r-- | xorg-xserver/xorg-server/fix-CVE-2018-14665.patch | 25 |
4 files changed, 33 insertions, 2 deletions
diff --git a/xorg-xserver/xorg-server/DETAILS b/xorg-xserver/xorg-server/DETAILS index c726c1865e..bc030a1c2a 100755 --- a/xorg-xserver/xorg-server/DETAILS +++ b/xorg-xserver/xorg-server/DETAILS @@ -10,7 +10,7 @@ WEB_SITE=https://xorg.freedesktop.org/ ENTERED=20051125 LICENSE[0]=XCL - SECURITY_PATCH=13 + SECURITY_PATCH=14 SHORT="X servers (including Xorg, Xprt, Xvfb, Xnest & Xdmx)" cat << EOF X servers (including Xorg, Xprt, Xvfb, Xnest & Xdmx), the core of the X diff --git a/xorg-xserver/xorg-server/HISTORY b/xorg-xserver/xorg-server/HISTORY index 11b14421e9..8866cb002c 100644 --- a/xorg-xserver/xorg-server/HISTORY +++ b/xorg-xserver/xorg-server/HISTORY @@ -1,3 +1,7 @@ +2018-10-28 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> + * PRE_BUILD, fix-CVE-2018-14665.patch: fix CVE-2018-14665 + * DETAILS: SECURITY_PATCH++ + 2018-08-30 Pavel Vinogradov <public@sourcemage.org> * POST_RESURRECT, PRE_BUILD, REPAIR^all^POST_RESURRECT: added check for smgl-gl_select availability diff --git a/xorg-xserver/xorg-server/PRE_BUILD b/xorg-xserver/xorg-server/PRE_BUILD index 8a67cbfd3a..77dcea15e7 100755 --- a/xorg-xserver/xorg-server/PRE_BUILD +++ b/xorg-xserver/xorg-server/PRE_BUILD @@ -6,5 +6,7 @@ if spell_ok "smgl-gl_select"; then # some install scripts are missing! autoreconf -f -i --symlink && patch -p1 < $SPELL_DIRECTORY/gl_select.patch -fi +fi && + +patch -p1 < "$SPELL_DIRECTORY/fix-CVE-2018-14665.patch" diff --git a/xorg-xserver/xorg-server/fix-CVE-2018-14665.patch b/xorg-xserver/xorg-server/fix-CVE-2018-14665.patch new file mode 100644 index 0000000000..bfa7773e43 --- /dev/null +++ b/xorg-xserver/xorg-server/fix-CVE-2018-14665.patch @@ -0,0 +1,25 @@ +diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c +index 6c25eda739719d11f0e4c2dcf59c2a06d2b9ac97..0f57efa86324bb933fe9e239b46f62d04a739d39 100644 +--- a/hw/xfree86/common/xf86Init.c ++++ b/hw/xfree86/common/xf86Init.c +@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) + /* First the options that are not allowed with elevated privileges */ + if (!strcmp(argv[i], "-modulepath")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -modulepath " ++ "with elevated privileges\n"); + xf86ModulePath = argv[i + 1]; + xf86ModPathFrom = X_CMDLINE; + return 2; + } + if (!strcmp(argv[i], "-logfile")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -logfile " ++ "with elevated privileges\n"); + xf86LogFile = argv[i + 1]; + xf86LogFileFrom = X_CMDLINE; + return 2; |