[crux-commits] ports/xorg (3.6): [notify] xorg-server: updated to 1.20.9. Fix for CVE-2020-14345 CVE-2020-14346, CVE-2020-14361, CVE-2020-14362

crux at crux.nu crux at crux.nu
Tue Aug 25 18:15:24 UTC 2020


commit 6aa00ecd4e22721f9efab25dde2cf967834ccb57
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Tue Aug 25 20:15:00 2020 +0200

    [notify] xorg-server: updated to 1.20.9. Fix for CVE-2020-14345
    CVE-2020-14346, CVE-2020-14361, CVE-2020-14362
    
    Multiple input validation failures in X server extensions
    =========================================================
    
    All theses issuses  can lead to local privileges elevation
    on systems where the X server is running privileged.
    
    * CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access
    
    The handler for the XkbSetNames request does not validate the request
    length before accessing its contents.
    
    * CVE-2020-14346 / ZDI CAN 11429 XIChangeHierarchy Integer Underflow
    
    An integer underflow exists in the handler for the XIChangeHierarchy
    request.
    
    * CVE-2020-14361 / ZDI CAN 11573 XkbSelectEvents Integer Underflow
    
    An integer underflow exist in the handler for the XkbSelectEvents
    request.
    
    * CVE-2020-1436 / ZDI CAN 11574 XRecordRegisterClients Integer Underflow
    
    An integer underflow exist in the handler for the CreateRegister
    request of the X record extension.

diff --git a/xorg-server/.signature b/xorg-server/.signature
index c019d3b2..b16c38d7 100644
--- a/xorg-server/.signature
+++ b/xorg-server/.signature
@@ -1,6 +1,5 @@
 untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndO6ucO1zqkMnuHKTjsfLzAeeCsVuNPNeyBRjpEFi1wF2R38IGZBO5CQtDCF+UmiGXmKiKjs1LE3agFVeTjhh9A4=
-SHA256 (Pkgfile) = 3b300ca40982d994f747b1832e1bb939677aff193dd9a969ded6ce4b3ec453b6
+RWTSGWF5Q7TndLiXG/Mse5mSkOO2Qzva0uXLVaAem+/I1MX/GcGGnjNs2okLKyzG3wB5Yffqou//IE6o6W/IQ9jld2nVIqqATQQ=
+SHA256 (Pkgfile) = 5e27a4794eae50de0b5ed40522481ba0889d31016808f081cc50b16aee5a0b83
 SHA256 (.footprint) = d159a275a4868001332954580ab4f70976c97a80334b157023935b36722e50cd
-SHA256 (xorg-server-1.20.8.tar.bz2) = d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146
-SHA256 (CVE-2020-14347.patch) = 8ec70385e7e8195c27db0a86c851b7505249ec4ef167e1b0d171b187bc837604
+SHA256 (xorg-server-1.20.9.tar.bz2) = e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571
diff --git a/xorg-server/Pkgfile b/xorg-server/Pkgfile
index d8513c3c..66cf40f5 100644
--- a/xorg-server/Pkgfile
+++ b/xorg-server/Pkgfile
@@ -4,16 +4,13 @@
 # Depends on: libepoxy xorg-bdftopcf xorg-font-util xorg-libdmx xorg-libxaw xorg-libxcomposite xorg-libxcursor xorg-libxfont2 xorg-libxft xorg-libxinerama xorg-libxkbfile xorg-libxres xorg-libxtst xorg-libxxf86dga xorg-mkfontscale xorg-xcb-util-keysyms
 
 name=xorg-server
-version=1.20.8
-release=2
-source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.bz2 \
-	CVE-2020-14347.patch)
+version=1.20.9
+release=1
+source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.bz2)
 
 build() {
     cd $name-$version
 
-    patch -p1 -i $SRC/CVE-2020-14347.patch
-
     ./configure --prefix=/usr \
                 --localstatedir=/var \
                 --with-fontrootdir=/usr/share/fonts/X11 \


More information about the crux-commits mailing list