Index: branches/2017Q4/x11-servers/xorg-nestserver/Makefile =================================================================== --- branches/2017Q4/x11-servers/xorg-nestserver/Makefile (revision 451637) +++ branches/2017Q4/x11-servers/xorg-nestserver/Makefile (revision 451638) @@ -1,32 +1,36 @@ # Created by: Eric Anholt # $FreeBSD$ PORTNAME= xorg-nestserver PORTVERSION= 1.19.1 +PORTREVISION= 1 PORTEPOCH= 2 COMMENT= Nesting X server from X.Org LICENSE= MIT MASTERDIR= ${.CURDIR}/../xorg-server DESCR= ${.CURDIR}/pkg-descr DISTINFO_FILE= ${.CURDIR}/distinfo PATCHDIR= ${.CURDIR}/files RUN_DEPENDS= xkeyboard-config>=2.5:x11/xkeyboard-config SLAVE_PORT= yes OPTIONS_EXCLUDE=DEVD HAL SUID USE_XORG= x11 xext xfont2 CONFIGURE_ARGS+=--enable-xnest --disable-dmx --disable-xephyr --disable-xvfb \ --disable-xwayland PLIST_FILES= bin/Xnest man/man1/Xnest.1.gz + +EXTRA_PATCHES= ${MASTERDIR}/files/patch-CVE-2017-13721 \ + ${MASTERDIR}/files/patch-CVE-2017-13723 do-install: cd ${WRKSRC}/hw/xnest; DESTDIR=${STAGEDIR} ${MAKE} install .include "${MASTERDIR}/Makefile" Index: branches/2017Q4/x11-servers/xorg-server/Makefile =================================================================== --- branches/2017Q4/x11-servers/xorg-server/Makefile (revision 451637) +++ branches/2017Q4/x11-servers/xorg-server/Makefile (revision 451638) @@ -1,137 +1,137 @@ # Created by: Eric Anholt # $FreeBSD$ PORTNAME?= xorg-server PORTVERSION?= 1.18.4 -PORTREVISION?= 3 +PORTREVISION?= 4 PORTEPOCH?= 1 CATEGORIES= x11-servers MASTER_SITES= XORG/individual/xserver DISTNAME= xorg-server-${PORTVERSION} MAINTAINER= x11@FreeBSD.org COMMENT?= X.Org X server and related programs LICENSE= MIT RUN_DEPENDS+= xkeyboard-config>=2.5:x11/xkeyboard-config \ xkbcomp:x11/xkbcomp XORG_CAT= xserver SLAVE_PORT?= no OPTIONS_SUB= yes OPTIONS_DEFINE= SUID OPTIONS_RADIO= CONF OPTIONS_RADIO_CONF= DEVD HAL DEVD_DESC= Use devd for autoconfiguration of input devices HAL_DESC= Use hald for autoconfiguration of input devices SUID_DESC= Install the Xorg server with setuid bit set OPTIONS_DEFAULT=DEVD SUID OPTIONS_EXCLUDE_sparc64= HAL .include USES= gmake libtool perl5 ssl tar:bzip2 USE_PERL5= build USE_GL+= gl USE_XORG+= bigreqsproto compositeproto damageproto dri2proto dri3proto \ fixesproto fontsproto glproto inputproto kbproto pixman \ presentproto randrproto recordproto renderproto \ resourceproto scrnsaverproto videoproto xau \ xcmiscproto xdmcp xextproto xf86driproto xfont \ xineramaproto xkbfile xproto xshmfence xtrans CONFIGURE_ARGS+=--without-doxygen --without-xmlto --without-fop \ --localstatedir=/var --with-shared-memory-dir=/tmp \ --disable-config-udev --disable-config-udev-kms \ --without-dtrace --enable-glamor INSTALL_TARGET= install-strip .if ${SLAVE_PORT} == "no" || ${PORTNAME} == "xephyr" || ${PORTNAME} == "xwayland" LIB_DEPENDS+= libdrm.so:graphics/libdrm \ libepoxy.so:graphics/libepoxy .else BUILD_DEPENDS+= libepoxy>0:graphics/libepoxy # only for configure .endif .if ${SLAVE_PORT} == "no" USE_GL+= gbm USE_XORG+= pciaccess xf86dgaproto xf86vidmodeproto CONFIGURE_ARGS+=--disable-dmx --disable-xephyr --disable-xnest --disable-xvfb \ --disable-xwayland SUB_FILES= pkg-install pkg-deinstall .else CONFIGURE_ARGS+=--disable-xorg # for slave ports we need to overwrite PLIST, so it doesn't overwrite # PLIST_FILES, with the masterport plist. PLIST= ${.CURDIR}/pkg-plist .endif .include .if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't install a .pc file # and configure will fail trying to find it. Setting both of those variables to # a *non-empty* value by-passes the pkg-config check. CONFIGURE_ENV= SHA1_LIB="-L/usr/lib -lcrypto" SHA1_CFLAGS="-I/usr/include" .endif .if ${PORT_OPTIONS:MHAL} LIB_DEPENDS+= libhal.so:sysutils/hal CONFIGURE_ARGS+= --enable-config-hal .else CONFIGURE_ARGS+= --disable-config-hal .endif # We handle Xorg setuid in the plist. This allows to build xorg-server as a user. CONFIGURE_ARGS+=--disable-install-setuid .if ${ARCH} == "i386" || ${ARCH} == "amd64" LIB_DEPENDS+= libunwind.so:devel/libunwind .endif .if ${ARCH} == "sparc64" PLIST_SUB+= SPARC64="" .else PLIST_SUB+= SPARC64="@comment " .endif .if ${PORT_OPTIONS:MSUID} pre-everything:: @${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by" @${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper" @${ECHO_MSG} "port before handling them normally. If you are concerned about the security" @${ECHO_MSG} "of this, but still want to run an X Server (for example using xdm/kdm/gdm," @${ECHO_MSG} "which will still run the server as root), you can cancel the build and set" @${ECHO_MSG} "xorg-server_UNSET=SUID in /etc/make.conf." .endif post-patch: @${REINPLACE_CMD} 's/test.*-traditional.*;/true;/' \ ${WRKSRC}/configure # build libglx.so but don't install it yet. which is done in pre-install. @${REINPLACE_CMD} -e 's|@GLX_TRUE@GLXMODS =|@GLX_BOGUS@GLXMODS =|g' \ -e 's|^LTLIBRARIES = |LTLIBRARIES = libglx.la |g' \ ${WRKSRC}/hw/xfree86/dixmods/Makefile.in post-configure: .if ${PORT_OPTIONS:MDEVD} @${REINPLACE_CMD} -e 's|config\.c|config.c devd.c|g' \ -e 's|config\.lo|config.lo devd.lo|g' \ ${WRKSRC}/config/Makefile @${REINPLACE_CMD} -e 's|^/\* #undef CONFIG_UDEV \*/|#define CONFIG_DEVD 1|' \ ${WRKSRC}/include/dix-config.h .endif .if ${SLAVE_PORT} == "no" post-install: # The .xorg dir because else the xorg-server might not load the correct # libglx module. @${MKDIR} ${STAGEDIR}${PREFIX}/lib/xorg/modules/extensions/.xorg ${INSTALL_LIB} ${WRKSRC}/hw/xfree86/dixmods/.libs/libglx.so \ ${STAGEDIR}${PREFIX}/lib/xorg/modules/extensions/.xorg/ @${MKDIR} ${STAGEDIR}${PREFIX}/etc/X11/xorg.conf.d .endif # ! SLAVE_PORT .include Index: branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13721 =================================================================== --- branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13721 (nonexistent) +++ branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13721 (revision 451638) @@ -0,0 +1,26 @@ +From b95f25af141d33a65f6f821ea9c003f66a01e1f1 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Fri, 28 Jul 2017 16:27:10 +0200 +Subject: Xext/shm: Validate shmseg resource id (CVE-2017-13721) + +Otherwise it can belong to a non-existing client and abort X server with +FatalError "client not in use", or overwrite existing segment of another +existing client. + +Signed-off-by: Julien Cristau + +diff --git a/Xext/shm.c b/Xext/shm.c +index 91ea90b..2f9a788 100644 +--- Xext/shm.c ++++ Xext/shm.c +@@ -1238,6 +1238,7 @@ ProcShmCreateSegment(ClientPtr client) + }; + + REQUEST_SIZE_MATCH(xShmCreateSegmentReq); ++ LEGAL_NEW_RESOURCE(stuff->shmseg, client); + if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) { + client->errorValue = stuff->readOnly; + return BadValue; +-- +cgit v0.10.2 + Property changes on: branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13721 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13723 =================================================================== --- branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13723 (nonexistent) +++ branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13723 (revision 451638) @@ -0,0 +1,115 @@ +From 94f11ca5cf011ef123bd222cabeaef6f424d76ac Mon Sep 17 00:00:00 2001 +From: Keith Packard +Date: Thu, 27 Jul 2017 10:08:32 -0700 +Subject: xkb: Handle xkb formated string output safely (CVE-2017-13723) + +Generating strings for XKB data used a single shared static buffer, +which offered several opportunities for errors. Use a ring of +resizable buffers instead, to avoid problems when strings end up +longer than anticipated. + +Reviewed-by: Michal Srb +Signed-off-by: Keith Packard +Signed-off-by: Julien Cristau + +diff --git a/xkb/xkbtext.c b/xkb/xkbtext.c +index ead2b1a..d2a2567 100644 +--- xkb/xkbtext.c ++++ xkb/xkbtext.c +@@ -47,23 +47,27 @@ + + /***====================================================================***/ + +-#define BUFFER_SIZE 512 +- +-static char textBuffer[BUFFER_SIZE]; +-static int tbNext = 0; ++#define NUM_BUFFER 8 ++static struct textBuffer { ++ int size; ++ char *buffer; ++} textBuffer[NUM_BUFFER]; ++static int textBufferIndex; + + static char * + tbGetBuffer(unsigned size) + { +- char *rtrn; ++ struct textBuffer *tb; + +- if (size >= BUFFER_SIZE) +- return NULL; +- if ((BUFFER_SIZE - tbNext) <= size) +- tbNext = 0; +- rtrn = &textBuffer[tbNext]; +- tbNext += size; +- return rtrn; ++ tb = &textBuffer[textBufferIndex]; ++ textBufferIndex = (textBufferIndex + 1) % NUM_BUFFER; ++ ++ if (size > tb->size) { ++ free(tb->buffer); ++ tb->buffer = xnfalloc(size); ++ tb->size = size; ++ } ++ return tb->buffer; + } + + /***====================================================================***/ +@@ -79,8 +83,6 @@ XkbAtomText(Atom atm, unsigned format) + int len; + + len = strlen(atmstr) + 1; +- if (len > BUFFER_SIZE) +- len = BUFFER_SIZE - 2; + rtrn = tbGetBuffer(len); + strlcpy(rtrn, atmstr, len); + } +@@ -128,8 +130,6 @@ XkbVModIndexText(XkbDescPtr xkb, unsigned ndx, unsigned format) + len = strlen(tmp) + 1; + if (format == XkbCFile) + len += 4; +- if (len >= BUFFER_SIZE) +- len = BUFFER_SIZE - 1; + rtrn = tbGetBuffer(len); + if (format == XkbCFile) { + strcpy(rtrn, "vmod_"); +@@ -140,6 +140,8 @@ XkbVModIndexText(XkbDescPtr xkb, unsigned ndx, unsigned format) + return rtrn; + } + ++#define VMOD_BUFFER_SIZE 512 ++ + char * + XkbVModMaskText(XkbDescPtr xkb, + unsigned modMask, unsigned mask, unsigned format) +@@ -147,7 +149,7 @@ XkbVModMaskText(XkbDescPtr xkb, + register int i, bit; + int len; + char *mm, *rtrn; +- char *str, buf[BUFFER_SIZE]; ++ char *str, buf[VMOD_BUFFER_SIZE]; + + if ((modMask == 0) && (mask == 0)) { + rtrn = tbGetBuffer(5); +@@ -173,7 +175,7 @@ XkbVModMaskText(XkbDescPtr xkb, + len = strlen(tmp) + 1 + (str == buf ? 0 : 1); + if (format == XkbCFile) + len += 4; +- if ((str - (buf + len)) <= BUFFER_SIZE) { ++ if ((str - (buf + len)) <= VMOD_BUFFER_SIZE) { + if (str != buf) { + if (format == XkbCFile) + *str++ = '|'; +@@ -199,8 +201,6 @@ XkbVModMaskText(XkbDescPtr xkb, + len = 0; + if (str) + len += strlen(str) + (mm == NULL ? 0 : 1); +- if (len >= BUFFER_SIZE) +- len = BUFFER_SIZE - 1; + rtrn = tbGetBuffer(len + 1); + rtrn[0] = '\0'; + +-- +cgit v0.10.2 + Property changes on: branches/2017Q4/x11-servers/xorg-server/files/patch-CVE-2017-13723 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/x11-servers/xorg-vfbserver/Makefile =================================================================== --- branches/2017Q4/x11-servers/xorg-vfbserver/Makefile (revision 451637) +++ branches/2017Q4/x11-servers/xorg-vfbserver/Makefile (revision 451638) @@ -1,30 +1,34 @@ # Created by: Eric Anholt # $FreeBSD$ PORTNAME= xorg-vfbserver PORTVERSION= 1.19.1 +PORTREVISION= 1 PORTEPOCH= 1 COMMENT= X virtual framebuffer server from X.Org LICENSE= MIT MASTERDIR= ${.CURDIR}/../xorg-server DESCR= ${.CURDIR}/pkg-descr DISTINFO_FILE= ${.CURDIR}/distinfo PATCHDIR= ${.CURDIR}/files SLAVE_PORT= yes OPTIONS_EXCLUDE=DEVD HAL SUID USE_XORG= xfont2 CONFIGURE_ARGS+=--enable-xvfb --disable-dmx --disable-xephyr --disable-xnest \ --disable-xwayland PLIST_FILES= bin/Xvfb man/man1/Xvfb.1.gz + +EXTRA_PATCHES= ${MASTERDIR}/files/patch-CVE-2017-13721 \ + ${MASTERDIR}/files/patch-CVE-2017-13723 do-install: cd ${WRKSRC}/hw/vfb; DESTDIR=${STAGEDIR} ${MAKE} install .include "${MASTERDIR}/Makefile" Index: branches/2017Q4/x11-servers/xwayland/Makefile =================================================================== --- branches/2017Q4/x11-servers/xwayland/Makefile (revision 451637) +++ branches/2017Q4/x11-servers/xwayland/Makefile (revision 451638) @@ -1,34 +1,38 @@ # $FreeBSD$ PORTNAME= xwayland PORTVERSION= 1.19.1 +PORTREVISION= 1 COMMENT= X Clients under Wayland LICENSE= MIT BUILD_DEPENDS= ${LOCALBASE}/libdata/pkgconfig/wayland-protocols.pc:graphics/wayland-protocols LIB_DEPENDS= libwayland-client.so:graphics/wayland \ libinput.so:x11/libinput MASTERDIR= ${.CURDIR}/../xorg-server DESCR= ${.CURDIR}/pkg-descr DISTINFO_FILE= ${.CURDIR}/distinfo PATCHDIR= ${.CURDIR}/files SLAVE_PORT= yes OPTIONS_EXCLUDE=DEVD HAL SUID USE_XORG= x11 xext xfont2 USE_GL+= egl gbm CONFIGURE_ARGS+= --disable-docs --disable-devel-docs \ --enable-xwayland --disable-xorg --disable-xvfb --disable-xnest \ --disable-xquartz --disable-xwin PLIST_FILES= bin/Xwayland + +EXTRA_PATCHES= ${MASTERDIR}/files/patch-CVE-2017-13721 \ + ${MASTERDIR}/files/patch-CVE-2017-13723 do-install: cd ${WRKSRC}/hw/xwayland; DESTDIR=${STAGEDIR} ${MAKE_CMD} install .include "${MASTERDIR}/Makefile" Index: branches/2017Q4 =================================================================== --- branches/2017Q4 (revision 451637) +++ branches/2017Q4 (revision 451638) Property changes on: branches/2017Q4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r451632