Andreas Boll pushed to branch debian-unstable at X Strike Force / xserver / xorg-server
Commits:
-
cfc3dec0
by Peter Hutterer at 2018-10-16T14:22:05Z
-
8a59e3b7
by Matthieu Herrb at 2018-10-25T13:18:06Z
-
da15c741
by Matthieu Herrb at 2018-10-25T13:18:06Z
-
971d4181
by Adam Jackson at 2018-10-25T13:18:06Z
-
92afe8a7
by Andreas Boll at 2018-10-25T17:54:47Z
-
2de2bf45
by Andreas Boll at 2018-10-25T17:55:21Z
-
3ae799da
by Andreas Boll at 2018-10-25T18:15:04Z
-
9cad8963
by Andreas Boll at 2018-10-25T18:15:29Z
6 changed files:
- configure.ac
- debian/changelog
- hw/xfree86/common/xf86Init.c
- hw/xfree86/fbdevhw/fbdevhw.c
- meson.build
- os/log.c
Changes:
... | ... | @@ -26,9 +26,9 @@ dnl |
26 | 26 |
dnl Process this file with autoconf to create configure.
|
27 | 27 |
|
28 | 28 |
AC_PREREQ(2.60)
|
29 |
-AC_INIT([xorg-server], 1.20.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
|
|
30 |
-RELEASE_DATE="2018-10-15"
|
|
31 |
-RELEASE_NAME="Tofu Biryani"
|
|
29 |
+AC_INIT([xorg-server], 1.20.3, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
|
|
30 |
+RELEASE_DATE="2018-10-25"
|
|
31 |
+RELEASE_NAME="Harissa Roasted Carrots"
|
|
32 | 32 |
AC_CONFIG_SRCDIR([Makefile.am])
|
33 | 33 |
AC_CONFIG_MACRO_DIR([m4])
|
34 | 34 |
AM_INIT_AUTOMAKE([foreign dist-bzip2])
|
1 |
+xorg-server (2:1.20.3-1) unstable; urgency=medium
|
|
2 |
+ |
|
3 |
+ * New upstream release.
|
|
4 |
+ - Disables -logfile and -modulepath when running with elevated
|
|
5 |
+ privileges (CVE-2018-14665).
|
|
6 |
+ |
|
7 |
+ -- Andreas Boll <aboll@debian.org> Thu, 25 Oct 2018 20:15:23 +0200
|
|
8 |
+ |
|
1 | 9 |
xorg-server (2:1.20.2-1) unstable; urgency=medium
|
2 | 10 |
|
3 | 11 |
* New upstream release.
|
... | ... | @@ -1027,14 +1027,18 @@ ddxProcessArgument(int argc, char **argv, int i) |
1027 | 1027 |
/* First the options that are not allowed with elevated privileges */
|
1028 | 1028 |
if (!strcmp(argv[i], "-modulepath")) {
|
1029 | 1029 |
CHECK_FOR_REQUIRED_ARGUMENT();
|
1030 |
- xf86CheckPrivs(argv[i], argv[i + 1]);
|
|
1030 |
+ if (xf86PrivsElevated())
|
|
1031 |
+ FatalError("\nInvalid argument -modulepath "
|
|
1032 |
+ "with elevated privileges\n");
|
|
1031 | 1033 |
xf86ModulePath = argv[i + 1];
|
1032 | 1034 |
xf86ModPathFrom = X_CMDLINE;
|
1033 | 1035 |
return 2;
|
1034 | 1036 |
}
|
1035 | 1037 |
if (!strcmp(argv[i], "-logfile")) {
|
1036 | 1038 |
CHECK_FOR_REQUIRED_ARGUMENT();
|
1037 |
- xf86CheckPrivs(argv[i], argv[i + 1]);
|
|
1039 |
+ if (xf86PrivsElevated())
|
|
1040 |
+ FatalError("\nInvalid argument -logfile "
|
|
1041 |
+ "with elevated privileges\n");
|
|
1038 | 1042 |
xf86LogFile = argv[i + 1];
|
1039 | 1043 |
xf86LogFileFrom = X_CMDLINE;
|
1040 | 1044 |
return 2;
|
... | ... | @@ -336,7 +336,7 @@ fbdev_open(int scrnIndex, const char *dev, char **namep) |
336 | 336 |
char *node = strrchr(dev, '/') + 1;
|
337 | 337 |
|
338 | 338 |
if (asprintf(&sysfs_path, "/sys/class/graphics/%s", node) < 0 ||
|
339 |
- readlink(sysfs_path, buf, sizeof(buf) < 0) ||
|
|
339 |
+ readlink(sysfs_path, buf, sizeof(buf)) < 0 ||
|
|
340 | 340 |
strstr(buf, "devices/pci")) {
|
341 | 341 |
free(sysfs_path);
|
342 | 342 |
close(fd);
|
... | ... | @@ -3,7 +3,7 @@ project('xserver', 'c', |
3 | 3 |
'buildtype=debugoptimized',
|
4 | 4 |
'c_std=gnu99',
|
5 | 5 |
],
|
6 |
- version: '1.20.2',
|
|
6 |
+ version: '1.20.3',
|
|
7 | 7 |
meson_version: '>= 0.42.0',
|
8 | 8 |
)
|
9 | 9 |
add_project_arguments('-DHAVE_DIX_CONFIG_H', language: 'c')
|
... | ... | @@ -194,6 +194,8 @@ LogFilePrep(const char *fname, const char *backup, const char *idstring) |
194 | 194 |
{
|
195 | 195 |
char *logFileName = NULL;
|
196 | 196 |
|
197 |
+ /* the format string below is controlled by the user,
|
|
198 |
+ this code should never be called with elevated privileges */
|
|
197 | 199 |
if (asprintf(&logFileName, fname, idstring) == -1)
|
198 | 200 |
FatalError("Cannot allocate space for the log file name\n");
|
199 | 201 |
|