Hello community,
here is the log from the commit of package Mesa for openSUSE:Factory checked in
at 2019-11-18 20:02:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/Mesa (Old)
and /work/SRC/openSUSE:Factory/.Mesa.new.26869 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "Mesa"
Mon Nov 18 20:02:56 2019 rev:361 rq:749087 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/Mesa/Mesa-drivers.changes 2019-11-10
22:32:09.908681074 +0100
+++ /work/SRC/openSUSE:Factory/.Mesa.new.26869/Mesa-drivers.changes
2019-11-18 20:02:58.149816473 +0100
@@ -1,0 +2,21 @@
+Thu Nov 14 14:36:08 UTC 2019 - Stefan Dirsch <sndir...@suse.com>
+
+- u_call-shmget-with-permission-0600-instead-of-0777.patch
+ * CVE-2019-5068 (bsc#1156015)
+
+-------------------------------------------------------------------
+Thu Nov 14 10:15:13 UTC 2019 - Stefan Dirsch <sndir...@suse.com>
+
+- Update to version 19.2.4
+ * This is an emergency release, to fix a critical bug found in
+ the 19.2.3 release which causes incomplete rendering on all
+ mesa drivers. This release contains a single patch to fix
+ that bug.
+
+-------------------------------------------------------------------
+Wed Nov 13 14:01:29 UTC 2019 - Frederic Crozat <fcro...@suse.com>
+
+- Update _contraints, Mesa-drivers needs 7GB of disk to build
+ safely.
+
+-------------------------------------------------------------------
Mesa.changes: same change
Old:
----
mesa-19.2.3.tar.xz
mesa-19.2.3.tar.xz.sig
New:
----
mesa-19.2.4.tar.xz
mesa-19.2.4.tar.xz.sig
u_call-shmget-with-permission-0600-instead-of-0777.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ Mesa-drivers.spec ++++++
--- /var/tmp/diff_new_pack.AEIafW/_old 2019-11-18 20:03:05.621812722 +0100
+++ /var/tmp/diff_new_pack.AEIafW/_new 2019-11-18 20:03:05.629812718 +0100
@@ -42,7 +42,7 @@
%define glamor 1
%define _name_archive mesa
-%define _version 19.2.3
+%define _version 19.2.4
%define with_opencl 0
%define with_vulkan 0
%define with_llvm 0
@@ -110,7 +110,7 @@
%endif
Name: Mesa-drivers
-Version: 19.2.3
+Version: 19.2.4
Release: 0
Summary: System for rendering 3-D graphics
License: MIT
@@ -126,6 +126,7 @@
Source7: Mesa.keyring
Patch1: n_opencl_dep_libclang.patch
Patch2: n_add-Mesa-headers-again.patch
+Patch3: u_call-shmget-with-permission-0600-instead-of-0777.patch
# never to be upstreamed
Patch54: n_drirc-disable-rgb10-for-chromium-on-amd.patch
Patch58: u_dep_xcb.patch
@@ -733,6 +734,7 @@
%endif
%endif
%patch2 -p1
+%patch3 -p1
%patch54 -p1
%patch58 -p1
++++++ Mesa.spec ++++++
--- /var/tmp/diff_new_pack.AEIafW/_old 2019-11-18 20:03:05.681812692 +0100
+++ /var/tmp/diff_new_pack.AEIafW/_new 2019-11-18 20:03:05.689812688 +0100
@@ -41,7 +41,7 @@
%define glamor 1
%define _name_archive mesa
-%define _version 19.2.3
+%define _version 19.2.4
%define with_opencl 0
%define with_vulkan 0
%define with_llvm 0
@@ -109,7 +109,7 @@
%endif
Name: Mesa
-Version: 19.2.3
+Version: 19.2.4
Release: 0
Summary: System for rendering 3-D graphics
License: MIT
@@ -125,6 +125,7 @@
Source7: Mesa.keyring
Patch1: n_opencl_dep_libclang.patch
Patch2: n_add-Mesa-headers-again.patch
+Patch3: u_call-shmget-with-permission-0600-instead-of-0777.patch
# never to be upstreamed
Patch54: n_drirc-disable-rgb10-for-chromium-on-amd.patch
Patch58: u_dep_xcb.patch
@@ -732,6 +733,7 @@
%endif
%endif
%patch2 -p1
+%patch3 -p1
%patch54 -p1
%patch58 -p1
++++++ _constraints ++++++
--- /var/tmp/diff_new_pack.AEIafW/_old 2019-11-18 20:03:05.905812579 +0100
+++ /var/tmp/diff_new_pack.AEIafW/_new 2019-11-18 20:03:05.917812573 +0100
@@ -7,7 +7,7 @@
</conditions>
<hardware>
<disk>
- <size unit="G">6</size>
+ <size unit="G">7</size>
</disk>
</hardware>
</overwrite>
++++++ mesa-19.2.3.tar.xz -> mesa-19.2.4.tar.xz ++++++
/work/SRC/openSUSE:Factory/Mesa/mesa-19.2.3.tar.xz
/work/SRC/openSUSE:Factory/.Mesa.new.26869/mesa-19.2.4.tar.xz differ: char 27,
line 1
++++++ u_call-shmget-with-permission-0600-instead-of-0777.patch ++++++
A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
creating shared memory regions with permission mode 0777 could allow
any user to access that memory. Several Mesa drivers use shared-
memory XImages to implement back buffers for improved performance.
This path changes the shmget() calls to use 0600 (user r/w).
Tested with legacy Xlib driver and llvmpipe.
Cc: <a
href="https://lists.freedesktop.org/mailman/listinfo/mesa-dev";>mesa-stable at
lists.freedesktop.org</a>
---
src/gallium/winsys/sw/dri/dri_sw_winsys.c | 3 ++-
src/gallium/winsys/sw/xlib/xlib_sw_winsys.c | 3 ++-
src/mesa/drivers/x11/xm_buffer.c | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/gallium/winsys/sw/dri/dri_sw_winsys.c
b/src/gallium/winsys/sw/dri/dri_sw_winsys.c
index 761f5d1..2e5970b 100644
--- a/src/gallium/winsys/sw/dri/dri_sw_winsys.c
+++ b/src/gallium/winsys/sw/dri/dri_sw_winsys.c
@@ -92,7 +92,8 @@ alloc_shm(struct dri_sw_displaytarget *dri_sw_dt, unsigned
size)
{
char *addr;
- dri_sw_dt->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0777);
+ /* 0600 = user read+write */
+ dri_sw_dt->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0600);
if (dri_sw_dt->shmid < 0)
return NULL;
diff --git a/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c
b/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c
index c14c9de..edebb48 100644
--- a/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c
+++ b/src/gallium/winsys/sw/xlib/xlib_sw_winsys.c
@@ -126,7 +126,8 @@ alloc_shm(struct xlib_displaytarget *buf, unsigned size)
shminfo->shmid = -1;
shminfo->shmaddr = (char *) -1;
- shminfo->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0777);
+ /* 0600 = user read+write */
+ shminfo->shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|0600);
if (shminfo->shmid < 0) {
return NULL;
}
diff --git a/src/mesa/drivers/x11/xm_buffer.c b/src/mesa/drivers/x11/xm_buffer.c
index d945d8a..0da08a6 100644
--- a/src/mesa/drivers/x11/xm_buffer.c
+++ b/src/mesa/drivers/x11/xm_buffer.c
@@ -89,8 +89,9 @@ alloc_back_shm_ximage(XMesaBuffer b, GLuint width, GLuint
height)
return GL_FALSE;
}
+ /* 0600 = user read+write */
b->shminfo.shmid = shmget(IPC_PRIVATE, b->backxrb->ximage->bytes_per_line
- * b->backxrb->ximage->height, IPC_CREAT|0777);
+ * b->backxrb->ximage->height, IPC_CREAT|0600);
if (b->shminfo.shmid < 0) {
_mesa_warning(NULL, "shmget failed while allocating back buffer.\n");
XDestroyImage(b->backxrb->ximage);
--
1.8.5.6
