[notify] xorg-server: Fix for CVE-2020-14347.

X.Org security advisory: July 31, 2020 X Server Pixel Data Uninitialized Memory Information Disclosure =============================================================== CVE-2020-14347 Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.
author: Fredrik Rinnestam <fredrik@crux.nu> 2020-08-01 16:16:55 +0200
committer: Fredrik Rinnestam <fredrik@crux.nu> 2020-08-01 16:17:09 +0200
commit: 3a026cd9c14551db0164ea400ac6b799bb28e945 (patch)
tree: 5d5adef5fca89d908c510c9f1c3eb4c5e76af3e7 /xorg-server
parent: 7617936b6ec8893f24f2716b3f419b9143abc49c (diff)
download: xorg-3a026cd9c14551db0164ea400ac6b799bb28e945.tar.gz
xorg-3a026cd9c14551db0164ea400ac6b799bb28e945.tar.xz
3 files changed, 20 insertions, 4 deletions
diff --git a/xorg-server/.signature b/xorg-server/.signature
index 032a5a98..c019d3b2 100644
--- a/xorg-server/.signature
+++ b/xorg-server/.signature
@@ -1,5 +1,6 @@
 untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndDg1Anu2ouJAb7KUFEPSKqh472+MCvxVBHiDcuPT93VorAqVbFCmcpsSEI4l73lkhcm04cQvMdHdNpknkA/mJwA=
-SHA256 (Pkgfile) = d051963ce7c6250aabc5c609700c293f4c4a93df5ce436958f6c729734b14a97
+RWTSGWF5Q7TndO6ucO1zqkMnuHKTjsfLzAeeCsVuNPNeyBRjpEFi1wF2R38IGZBO5CQtDCF+UmiGXmKiKjs1LE3agFVeTjhh9A4=
+SHA256 (Pkgfile) = 3b300ca40982d994f747b1832e1bb939677aff193dd9a969ded6ce4b3ec453b6
 SHA256 (.footprint) = d159a275a4868001332954580ab4f70976c97a80334b157023935b36722e50cd
 SHA256 (xorg-server-1.20.8.tar.bz2) = d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146
+SHA256 (CVE-2020-14347.patch) = 8ec70385e7e8195c27db0a86c851b7505249ec4ef167e1b0d171b187bc837604
diff --git a/xorg-server/CVE-2020-14347.patch b/xorg-server/CVE-2020-14347.patch
new file mode 100644
index 00000000..7adec3a1
--- /dev/null
+++ b/xorg-server/CVE-2020-14347.patch
@@ -0,0 +1,12 @@
+diff --git a/dix/pixmap.c b/dix/pixmap.c
+index 1186d7dbb..5a0146bbb 100644
+--- a/dix/pixmap.c
++++ b/dix/pixmap.c
+@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
+     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
+         return NullPixmap;
+ 
+-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
++    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
+     if (!pPixmap)
+         return NullPixmap;
diff --git a/xorg-server/Pkgfile b/xorg-server/Pkgfile
index 5e908298..d8513c3c 100644
--- a/xorg-server/Pkgfile
+++ b/xorg-server/Pkgfile
@@ -5,12 +5,15 @@
 
 name=xorg-server
 version=1.20.8
-release=1
-source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.bz2)
+release=2
+source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.bz2 \
+	CVE-2020-14347.patch)
 
 build() {
     cd $name-$version
 
+    patch -p1 -i $SRC/CVE-2020-14347.patch
+
     ./configure --prefix=/usr \
                 --localstatedir=/var \
                 --with-fontrootdir=/usr/share/fonts/X11 \
author	Fredrik Rinnestam <fredrik@crux.nu>	2020-08-01 16:16:55 +0200
committer	Fredrik Rinnestam <fredrik@crux.nu>	2020-08-01 16:17:09 +0200
commit	3a026cd9c14551db0164ea400ac6b799bb28e945 (patch)
tree	5d5adef5fca89d908c510c9f1c3eb4c5e76af3e7 /xorg-server
parent	7617936b6ec8893f24f2716b3f419b9143abc49c (diff)
download	xorg-3a026cd9c14551db0164ea400ac6b799bb28e945.tar.gz xorg-3a026cd9c14551db0164ea400ac6b799bb28e945.tar.xz