Hello community, here is the log from the commit of package xorg-x11-server for openSUSE:Factory checked in at 2018-11-08 09:42:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xorg-x11-server (Old) and /work/SRC/openSUSE:Factory/.xorg-x11-server.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xorg-x11-server" Thu Nov 8 09:42:08 2018 rev:363 rq:645321 version:1.20.3 Changes: -------- --- /work/SRC/openSUSE:Factory/xorg-x11-server/xorg-x11-server.changes 2018-10-22 11:06:43.712102447 +0200 +++ /work/SRC/openSUSE:Factory/.xorg-x11-server.new/xorg-x11-server.changes 2018-11-08 09:42:11.165542223 +0100 @@ -1,0 +2,9 @@ +Mon Oct 29 15:35:59 UTC 2018 - [email protected] + +- Update to version 1.20.3 + * Disable -logfile and -modulepath when running with elevated + privileges (bsc#1112020) + * LogFilePrep: add a comment to the unsafe format string. + * xfree86: fix readlink call + +------------------------------------------------------------------- Old: ---- xorg-server-1.20.2.tar.bz2 New: ---- xorg-server-1.20.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xorg-x11-server.spec ++++++ --- /var/tmp/diff_new_pack.eQhD5U/_old 2018-11-08 09:42:11.949541312 +0100 +++ /var/tmp/diff_new_pack.eQhD5U/_new 2018-11-08 09:42:11.953541308 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -46,7 +46,7 @@ %endif Name: xorg-x11-server -Version: 1.20.2 +Version: 1.20.3 Release: 0 Url: http://xorg.freedesktop.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ xorg-server-1.20.2.tar.bz2 -> xorg-server-1.20.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/ChangeLog new/xorg-server-1.20.3/ChangeLog --- old/xorg-server-1.20.2/ChangeLog 2018-10-15 17:59:54.000000000 +0200 +++ new/xorg-server-1.20.3/ChangeLog 2018-10-25 16:13:41.000000000 +0200 @@ -1,3 +1,57 @@ +commit 971d418113740cae2d7d393850bad4926d1a7e86 +Author: Adam Jackson <[email protected]> +Date: Thu Oct 25 09:03:18 2018 -0400 + + xserver 1.20.3 + + Signed-off-by: Adam Jackson <[email protected]> + +commit da15c7413916f754708c62c2089265528cd661e2 +Author: Matthieu Herrb <[email protected]> +Date: Tue Oct 23 21:29:09 2018 +0200 + + LogFilePrep: add a comment to the unsafe format string. + + CVE-2018-14665 also made it possible to exploit this to access + memory. With -logfile forbidden when running with elevated privileges + this is no longer an issue. + + Signed-off-by: Matthieu Herrb <[email protected]> + Reviewed-by: Adam Jackson <[email protected]> + (cherry picked from commit 248d164eae27f1f310266d78e52f13f64362f81e) + +commit 8a59e3b7dbb30532a7c3769c555e00d7c4301170 +Author: Matthieu Herrb <[email protected]> +Date: Tue Oct 23 21:29:08 2018 +0200 + + Disable -logfile and -modulepath when running with elevated privileges + + Could cause privilege elevation and/or arbitrary files overwrite, when + the X server is running with elevated privileges (ie when Xorg is + installed with the setuid bit set and started by a non-root user). + + CVE-2018-14665 + + Issue reported by Narendra Shinde and Red Hat. + + Signed-off-by: Matthieu Herrb <[email protected]> + Reviewed-by: Alan Coopersmith <[email protected]> + Reviewed-by: Peter Hutterer <[email protected]> + Reviewed-by: Adam Jackson <[email protected]> + (cherry picked from commit 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e) + +commit cfc3dec09e1a56bb050ba31bde0bbf499596063a +Author: Peter Hutterer <[email protected]> +Date: Tue Oct 16 09:42:51 2018 +1000 + + xfree86: fix readlink call + + Misplaced parenthesis caused us to compare the sizeof, not the readlink return + value. + + Signed-off-by: Peter Hutterer <[email protected]> + (cherry picked from commit bd5fe7593fd0df236f3b2be1f062166ddba7d67c) + commit 2a0c6c15c35cd262e7cdb86dcc43cb1aeb714c8e Author: Adam Jackson <[email protected]> Date: Mon Oct 15 11:17:35 2018 -0400 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/configure new/xorg-server-1.20.3/configure --- old/xorg-server-1.20.2/configure 2018-10-15 17:59:39.000000000 +0200 +++ new/xorg-server-1.20.3/configure 2018-10-25 16:13:27.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xorg-server 1.20.2. +# Generated by GNU Autoconf 2.69 for xorg-server 1.20.3. # # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=xorg>. # @@ -651,8 +651,8 @@ # Identity of this package. PACKAGE_NAME='xorg-server' PACKAGE_TARNAME='xorg-server' -PACKAGE_VERSION='1.20.2' -PACKAGE_STRING='xorg-server 1.20.2' +PACKAGE_VERSION='1.20.3' +PACKAGE_STRING='xorg-server 1.20.3' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg' PACKAGE_URL='' @@ -2033,7 +2033,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xorg-server 1.20.2 to adapt to many kinds of systems. +\`configure' configures xorg-server 1.20.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2103,7 +2103,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xorg-server 1.20.2:";; + short | recursive ) echo "Configuration of xorg-server 1.20.3:";; esac cat <<\_ACEOF @@ -2294,10 +2294,10 @@ org.x) --with-bundle-version=VERSION Version to use for X11.app's CFBundleVersion - (default: 1.20.2) + (default: 1.20.3) --with-bundle-version-string=VERSION Version to use for X11.app's - CFBundleShortVersionString (default: 1.20.2) + CFBundleShortVersionString (default: 1.20.3) --with-sparkle-feed-url=URL URL for the Sparkle feed (default: https://www.xquartz.org/releases/sparkle/release.xml) @@ -2558,7 +2558,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xorg-server configure 1.20.2 +xorg-server configure 1.20.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3267,7 +3267,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xorg-server $as_me 1.20.2, which was +It was created by xorg-server $as_me 1.20.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3615,8 +3615,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -RELEASE_DATE="2018-10-15" -RELEASE_NAME="Tofu Biryani" +RELEASE_DATE="2018-10-25" +RELEASE_NAME="Harissa Roasted Carrots" am__api_version='1.15' @@ -4134,7 +4134,7 @@ # Define the identity of the package. PACKAGE='xorg-server' - VERSION='1.20.2' + VERSION='1.20.3' cat >>confdefs.h <<_ACEOF @@ -23656,7 +23656,7 @@ if test "${with_bundle_version+set}" = set; then : withval=$with_bundle_version; BUNDLE_VERSION="${withval}" else - BUNDLE_VERSION="1.20.2" + BUNDLE_VERSION="1.20.3" fi @@ -33517,7 +33517,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xorg-server $as_me 1.20.2, which was +This file was extended by xorg-server $as_me 1.20.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33583,7 +33583,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xorg-server config.status 1.20.2 +xorg-server config.status 1.20.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/configure.ac new/xorg-server-1.20.3/configure.ac --- old/xorg-server-1.20.2/configure.ac 2018-10-15 17:59:33.000000000 +0200 +++ new/xorg-server-1.20.3/configure.ac 2018-10-25 16:13:21.000000000 +0200 @@ -26,9 +26,9 @@ dnl Process this file with autoconf to create configure. AC_PREREQ(2.60) -AC_INIT([xorg-server], 1.20.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) -RELEASE_DATE="2018-10-15" -RELEASE_NAME="Tofu Biryani" +AC_INIT([xorg-server], 1.20.3, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) +RELEASE_DATE="2018-10-25" +RELEASE_NAME="Harissa Roasted Carrots" AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([foreign dist-bzip2]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/hw/xfree86/common/xf86Init.c new/xorg-server-1.20.3/hw/xfree86/common/xf86Init.c --- old/xorg-server-1.20.2/hw/xfree86/common/xf86Init.c 2018-10-15 17:59:33.000000000 +0200 +++ new/xorg-server-1.20.3/hw/xfree86/common/xf86Init.c 2018-10-25 16:13:21.000000000 +0200 @@ -1027,14 +1027,18 @@ /* First the options that are not allowed with elevated privileges */ if (!strcmp(argv[i], "-modulepath")) { CHECK_FOR_REQUIRED_ARGUMENT(); - xf86CheckPrivs(argv[i], argv[i + 1]); + if (xf86PrivsElevated()) + FatalError("\nInvalid argument -modulepath " + "with elevated privileges\n"); xf86ModulePath = argv[i + 1]; xf86ModPathFrom = X_CMDLINE; return 2; } if (!strcmp(argv[i], "-logfile")) { CHECK_FOR_REQUIRED_ARGUMENT(); - xf86CheckPrivs(argv[i], argv[i + 1]); + if (xf86PrivsElevated()) + FatalError("\nInvalid argument -logfile " + "with elevated privileges\n"); xf86LogFile = argv[i + 1]; xf86LogFileFrom = X_CMDLINE; return 2; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/hw/xfree86/fbdevhw/fbdevhw.c new/xorg-server-1.20.3/hw/xfree86/fbdevhw/fbdevhw.c --- old/xorg-server-1.20.2/hw/xfree86/fbdevhw/fbdevhw.c 2018-10-15 17:59:33.000000000 +0200 +++ new/xorg-server-1.20.3/hw/xfree86/fbdevhw/fbdevhw.c 2018-10-25 16:13:21.000000000 +0200 @@ -336,7 +336,7 @@ char *node = strrchr(dev, '/') + 1; if (asprintf(&sysfs_path, "/sys/class/graphics/%s", node) < 0 || - readlink(sysfs_path, buf, sizeof(buf) < 0) || + readlink(sysfs_path, buf, sizeof(buf)) < 0 || strstr(buf, "devices/pci")) { free(sysfs_path); close(fd); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/meson.build new/xorg-server-1.20.3/meson.build --- old/xorg-server-1.20.2/meson.build 2018-10-15 17:59:33.000000000 +0200 +++ new/xorg-server-1.20.3/meson.build 2018-10-25 16:13:21.000000000 +0200 @@ -3,7 +3,7 @@ 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '1.20.2', + version: '1.20.3', meson_version: '>= 0.42.0', ) add_project_arguments('-DHAVE_DIX_CONFIG_H', language: 'c') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xorg-server-1.20.2/os/log.c new/xorg-server-1.20.3/os/log.c --- old/xorg-server-1.20.2/os/log.c 2018-10-15 17:59:33.000000000 +0200 +++ new/xorg-server-1.20.3/os/log.c 2018-10-25 16:13:21.000000000 +0200 @@ -194,6 +194,8 @@ { char *logFileName = NULL; + /* the format string below is controlled by the user, + this code should never be called with elevated privileges */ if (asprintf(&logFileName, fname, idstring) == -1) FatalError("Cannot allocate space for the log file name\n");
