From unknown Fri Jun 20 07:17:38 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#27600 <27600@debbugs.gnu.org> To: bug#27600 <27600@debbugs.gnu.org> Subject: Status: [PATCH] gnu: xorg-server: Fix CVE-2017-{10971,10972}. Reply-To: bug#27600 <27600@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:17:38 +0000 retitle 27600 [PATCH] gnu: xorg-server: Fix CVE-2017-{10971,10972}. reassign 27600 guix-patches submitter 27600 Kei Kebreau severity 27600 normal tag 27600 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 06 15:28:55 2017 Received: (at submit) by debbugs.gnu.org; 6 Jul 2017 19:28:55 +0000 Received: from localhost ([127.0.0.1]:55422 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTCSN-0003g0-5x for submit@debbugs.gnu.org; Thu, 06 Jul 2017 15:28:55 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58970) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTCSI-0003fk-9Q for submit@debbugs.gnu.org; Thu, 06 Jul 2017 15:28:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTCSB-0007lK-Av for submit@debbugs.gnu.org; Thu, 06 Jul 2017 15:28:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_50,RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41009) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dTCSB-0007l7-6A for submit@debbugs.gnu.org; Thu, 06 Jul 2017 15:28:43 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49911) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTCS9-0007Af-8K for guix-patches@gnu.org; Thu, 06 Jul 2017 15:28:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTCS5-0007iJ-ME for guix-patches@gnu.org; Thu, 06 Jul 2017 15:28:41 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:60289 helo=mail.openmailbox.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dTCS5-0007hb-8k for guix-patches@gnu.org; Thu, 06 Jul 2017 15:28:37 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id B2DDA503CE0; Thu, 6 Jul 2017 21:28:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1499369315; bh=Ss1zTWlRZ4Z2PTrpCCcoI6dI2UgZy45k8i/Op/xsQ6k=; h=From:To:Cc:Subject:Date:From; b=QvGBrRMzIGMI09fjsqpDifvcLG0r/rZfH9ytnl5NziUvWGwFcyrg/ajrPuA+xWsha Bm4abHbdB6tbiUeHsaPaPnn30bACSMayBfOd7Xh2sgwopUncQw3ODCq3X9lL44H7Vq Ey1xrY+cEsSZXM5rAq9RuAprg0524mBMYsQvuwtM= From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1499369314; bh=Ss1zTWlRZ4Z2PTrpCCcoI6dI2UgZy45k8i/Op/xsQ6k=; h=From:To:Cc:Subject:Date:From; b=0PkwLUG9HC47tSmBbDpN6y55VIvRXZs1zguKyfWNmzhgHpE8c6Qz7Y4YmbZX07kbg Ru6rliHPj8kuqvc32r4GQhDNBRJs/U3iJdCoLj+xlcGIMpTblxzcrsa4AsZU7e8hUL ycPfrMPQCH8+TYCO8BvWs8X2hk4/cNgQ8Rm6V4LE= To: guix-patches@gnu.org Subject: [PATCH] gnu: xorg-server: Fix CVE-2017-{10971,10972}. Date: Thu, 6 Jul 2017 15:28:07 -0400 Message-Id: <20170706192807.30599-1-kei@openmailbox.org> X-Mailer: git-send-email 2.13.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -3.5 (---) X-Debbugs-Envelope-To: submit Cc: Kei Kebreau X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.5 (---) * gnu/packages/xorg.scm (xorg-server)[source]: Add patches. * gnu/packages/patches/xorg-CVE-2017-10971.patch, gnu/packages/patches/xorg-CVE-2017-10972.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 + gnu/packages/patches/xorg-CVE-2017-10971.patch | 153 +++++++++++++++++++++++++ gnu/packages/patches/xorg-CVE-2017-10972.patch | 35 ++++++ gnu/packages/xorg.scm | 5 +- 4 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/xorg-CVE-2017-10971.patch create mode 100644 gnu/packages/patches/xorg-CVE-2017-10972.patch diff --git a/gnu/local.mk b/gnu/local.mk index 8dbce7c05..bb93cac53 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1081,6 +1081,8 @@ dist_patch_DATA = \ %D%/packages/patches/xinetd-fix-fd-leak.patch \ %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ + %D%/packages/patches/xorg-CVE-2017-10971.patch \ + %D%/packages/patches/xorg-CVE-2017-10972.patch \ %D%/packages/patches/libyaml-CVE-2014-9130.patch \ %D%/packages/patches/zathura-plugindir-environment-variable.patch \ %D%/packages/patches/zziplib-CVE-2017-5974.patch \ diff --git a/gnu/packages/patches/xorg-CVE-2017-10971.patch b/gnu/packages/patches/xorg-CVE-2017-10971.patch new file mode 100644 index 000000000..2696033e5 --- /dev/null +++ b/gnu/packages/patches/xorg-CVE-2017-10971.patch @@ -0,0 +1,153 @@ +From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:40 +0300 +Subject: dix: Disallow GenericEvent in SendEvent request. + +The SendEvent request holds xEvent which is exactly 32 bytes long, no more, +no less. Both ProcSendEvent and SProcSendEvent verify that the received data +exactly match the request size. However nothing stops the client from passing +in event with xEvent::type = GenericEvent and any value of +xGenericEvent::length. + +In the case of ProcSendEvent, the event will be eventually passed to +WriteEventsToClient which will see that it is Generic event and copy the +arbitrary length from the receive buffer (and possibly past it) and send it to +the other client. This allows clients to copy unitialized heap memory out of X +server or to crash it. + +In case of SProcSendEvent, it will attempt to swap the incoming event by +calling a swapping function from the EventSwapVector array. The swapped event +is written to target buffer, which in this case is local xEvent variable. The +xEvent variable is 32 bytes long, but the swapping functions for GenericEvents +expect that the target buffer has size matching the size of the source +GenericEvent. This allows clients to cause stack buffer overflows. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/dix/events.c b/dix/events.c +index 3e3a01e..d3a33ea 100644 +--- a/dix/events.c ++++ b/dix/events.c +@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client) + client->errorValue = stuff->event.u.u.type; + return BadValue; + } ++ /* Generic events can have variable size, but SendEvent request holds ++ exactly 32B of event data. */ ++ if (stuff->event.u.u.type == GenericEvent) { ++ client->errorValue = stuff->event.u.u.type; ++ return BadValue; ++ } + if (stuff->event.u.u.type == ClientMessage && + stuff->event.u.u.detail != 8 && + stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) { +diff --git a/dix/swapreq.c b/dix/swapreq.c +index 719e9b8..6785059 100644 +--- a/dix/swapreq.c ++++ b/dix/swapreq.c +@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client) + swapl(&stuff->destination); + swapl(&stuff->eventMask); + ++ /* Generic events can have variable size, but SendEvent request holds ++ exactly 32B of event data. */ ++ if (stuff->event.u.u.type == GenericEvent) { ++ client->errorValue = stuff->event.u.u.type; ++ return BadValue; ++ } ++ + /* Swap event */ + proc = EventSwapVector[stuff->event.u.u.type & 0177]; + if (!proc || proc == NotImplemented) /* no swapping proc; invalid event type? */ +-- +cgit v0.10.2 + +From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:41 +0300 +Subject: Xi: Verify all events in ProcXSendExtensionEvent. + +The requirement is that events have type in range +EXTENSION_EVENT_BASE..lastEvent, but it was tested +only for first event of all. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 1cf118a..5e63bfc 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client) + int + ProcXSendExtensionEvent(ClientPtr client) + { +- int ret; ++ int ret, i; + DeviceIntPtr dev; + xEvent *first; + XEventClass *list; +@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client) + /* The client's event type must be one defined by an extension. */ + + first = ((xEvent *) &stuff[1]); +- if (!((EXTENSION_EVENT_BASE <= first->u.u.type) && +- (first->u.u.type < lastEvent))) { +- client->errorValue = first->u.u.type; +- return BadValue; ++ for (i = 0; i < stuff->num_events; i++) { ++ if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) && ++ (first[i].u.u.type < lastEvent))) { ++ client->errorValue = first[i].u.u.type; ++ return BadValue; ++ } + } + + list = (XEventClass *) (first + stuff->num_events); +-- +cgit v0.10.2 + +From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:42 +0300 +Subject: Xi: Do not try to swap GenericEvent. + +The SProcXSendExtensionEvent must not attempt to swap GenericEvent because +it is assuming that the event has fixed size and gives the swapping function +xEvent-sized buffer. + +A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 5e63bfc..5c2e0fc 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client) + + eventP = (xEvent *) &stuff[1]; + for (i = 0; i < stuff->num_events; i++, eventP++) { ++ if (eventP->u.u.type == GenericEvent) { ++ client->errorValue = eventP->u.u.type; ++ return BadValue; ++ } ++ + proc = EventSwapVector[eventP->u.u.type & 0177]; +- if (proc == NotImplemented) /* no swapping proc; invalid event type? */ ++ /* no swapping proc; invalid event type? */ ++ if (proc == NotImplemented) { ++ client->errorValue = eventP->u.u.type; + return BadValue; ++ } + (*proc) (eventP, &eventT); + *eventP = eventT; + } +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/xorg-CVE-2017-10972.patch b/gnu/packages/patches/xorg-CVE-2017-10972.patch new file mode 100644 index 000000000..f24e9c0ae --- /dev/null +++ b/gnu/packages/patches/xorg-CVE-2017-10972.patch @@ -0,0 +1,35 @@ +From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:39 +0300 +Subject: Xi: Zero target buffer in SProcXSendExtensionEvent. + +Make sure that the xEvent eventT is initialized with zeros, the same way as +in SProcSendEvent. + +Some event swapping functions do not overwrite all 32 bytes of xEvent +structure, for example XSecurityAuthorizationRevoked. Two cooperating +clients, one swapped and the other not, can send +XSecurityAuthorizationRevoked event to each other to retrieve old stack data +from X server. This can be potentialy misused to go around ASLR or +stack-protector. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 11d8202..1cf118a 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client) + { + CARD32 *p; + int i; +- xEvent eventT; ++ xEvent eventT = { .u.u.type = 0 }; + xEvent *eventP; + EventSwapPtr proc; + +-- +cgit v0.10.2 + diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 7b1d00f47..ec6fe6069 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5000,7 +5000,10 @@ over Xlib, including: name "-" version ".tar.bz2")) (sha256 (base32 - "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7")))) + "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7")) + (patches + (search-patches "xorg-CVE-2017-10971.patch" + "xorg-CVE-2017-10972.patch")))) (build-system gnu-build-system) (propagated-inputs `(("dri2proto" ,dri2proto) -- 2.13.2 From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 06 19:43:52 2017 Received: (at 27600) by debbugs.gnu.org; 6 Jul 2017 23:43:52 +0000 Received: from localhost ([127.0.0.1]:55519 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTGR6-000114-6i for submit@debbugs.gnu.org; Thu, 06 Jul 2017 19:43:52 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:53247) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTGQy-00010p-GA for 27600@debbugs.gnu.org; Thu, 06 Jul 2017 19:43:48 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 5B96220816; Thu, 6 Jul 2017 19:43:44 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 06 Jul 2017 19:43:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=ECDfkJZUSLpat4sqkNHuO39gNg4o5OF85kRKDM PlyxI=; b=koz1lAoSYTyjojruNZRS6ds6qWUqpXC26g5612BSFlv25vnATScbPS 9gCGTXlUK8UyuRkH95kZvex9uzGpobDuZz6tC1CuBJUDI+uq1RA5RKMxlMsbxgkp XZczPLPRcDVjCSQY7XwzFcKJVENaTARrN8qbklX/NH5RXwpflhHMA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=ECDfkJZUSLpat4sqkN HuO39gNg4o5OF85kRKDMPlyxI=; b=bdJ3JZXOu9TA01X9yMmopKeBmTP+1a0ryF ykV4/P+zCyxa+UWMRMaeZdukiZUHc1yGY0k2t9+eVJlnVklXcKacpPd1tSyVNJWq JnMSATwMxC6EeVuKNVgbuBA415QMwENX/aUJ39YJxCs71CMANCKohAKUhkcTD4yX bvgFgEv0q3Em14KzRErfrapdXw+WLqSUTcQGzGl7+lThCqwRaL6XPYDbn9RfZy0a WkbVxkT2SNH96n8fKpWuiLT8adSL1LbjzA8CCehyo5rBJk/XvTdsdBlweIgRGo1w OnuvevqGQMFmKEsN4KGyrRMcbN1SnzU4mZOtsNIsk7e02gXYa0aw== X-ME-Sender: X-Sasl-enc: K7Cwfr6g0vFoy4ygGVvkQCdH3TfVlwA9dI8RzxqjTLbR 1499384624 Received: from localhost (pool-108-26-246-73.bstnma.fios.verizon.net [108.26.246.73]) by mail.messagingengine.com (Postfix) with ESMTPA id 24614240AF; Thu, 6 Jul 2017 19:43:44 -0400 (EDT) Date: Thu, 6 Jul 2017 19:43:43 -0400 From: Leo Famulari To: Kei Kebreau Subject: Re: [bug#27600] [PATCH] gnu: xorg-server: Fix CVE-2017-{10971, 10972}. Message-ID: <20170706234343.GC1280@jasmine.lan> References: <20170706192807.30599-1-kei@openmailbox.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="UPT3ojh+0CqEDtpF" Content-Disposition: inline In-Reply-To: <20170706192807.30599-1-kei@openmailbox.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27600 Cc: 27600@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --UPT3ojh+0CqEDtpF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jul 06, 2017 at 03:28:07PM -0400, Kei Kebreau wrote: > * gnu/packages/xorg.scm (xorg-server)[source]: Add patches. > * gnu/packages/patches/xorg-CVE-2017-10971.patch, > gnu/packages/patches/xorg-CVE-2017-10972.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. Yikes, these bugs! > --- > gnu/local.mk | 2 + > gnu/packages/patches/xorg-CVE-2017-10971.patch | 153 +++++++++++++++++++++++++ > gnu/packages/patches/xorg-CVE-2017-10972.patch | 35 ++++++ > gnu/packages/xorg.scm | 5 +- > 4 files changed, 194 insertions(+), 1 deletion(-) > create mode 100644 gnu/packages/patches/xorg-CVE-2017-10971.patch > create mode 100644 gnu/packages/patches/xorg-CVE-2017-10972.patch Please rename the patch files to include the name of the package (xorg-server), adjust the changes to local.mk accordingly, and please push! --UPT3ojh+0CqEDtpF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlleyy8ACgkQJkb6MLrK fwhvchAAxbQGu6l3ZoUjJfaQUFSZhu4bQEOko9LpdJYG0+9TgeS/5hPZUC2aU24m P5LCQeTefAD4V6oN5y74XjO0ke/NkZ+LoDHLZmAU2hjfyJptSLzx8OLw6AXAwWEQ qGrROZLhez+uRcSLqQOImnjubS3XPVsq8sXwxoznd5qXDz43Y99v6QKnaZfvzmyn dBJxObyyxtqCwIn9B4UFkaSYT7VytaY56ftNRYXxknDugWamTfJgbCcA6AITWZNv nYtiT6sYIKRjXAhfDFW6VtYWgv/3nuEJ+bBPDGwBiJrhWRe7rYpet2YKkQnEM7rZ 5TUYAp68OYRgxw74ollzyyV9176kt3kHK6wLya3ZpX/SQNX0vvKNmIwUnG/+annl 4nOgCKbz+h3W5FLVWSxHOAnkoTovPoDyS6BeLC7pUQZKePfTne2ZUC8vEM6TD8D6 K2ELyJpScODC2jJV8Tp5j68yLrZCnruP6p0r3NgsnHgx3i6CYFmagzZklUN7cZdw TfaUnV96hwWZl6w0qGm3H2AxeVG2kYdtIMl/K4Uph34ScPAW4qxRct0i4z6pr7Ss AyOnMTiWUto/fhkQboKlKDv4Er0ZvVhFxzBnfe8nfpOu05o6pkuN5BJzu0UfnmLw 3xHI7cgPSBFU7Y7fsFhyONLWxbb+uiZQqt+JsHqmTM90D/pfKUU= =scQf -----END PGP SIGNATURE----- --UPT3ojh+0CqEDtpF-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 06 23:53:25 2017 Received: (at 27600-done) by debbugs.gnu.org; 7 Jul 2017 03:53:25 +0000 Received: from localhost ([127.0.0.1]:55619 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTKKb-0001jv-04 for submit@debbugs.gnu.org; Thu, 06 Jul 2017 23:53:25 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:37489) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTKKX-0001jl-Fn for 27600-done@debbugs.gnu.org; Thu, 06 Jul 2017 23:53:24 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B4D2620967; Thu, 6 Jul 2017 23:53:20 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 06 Jul 2017 23:53:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=NGJyYIkU0+FG7U0TRI0hGLvz5Ny4Xh5yOX6WlY pmhi0=; b=1/eqxZKsAt1XxrCzQgDpMFrkJuhxFCQ/0Z7L5GeSEP182RaihHZ4R2 FFFTw1BUPbZTj1RA2kY78WDclMEH7nYklX63tEZv1dIY9m/zapH5LjzC1kZeN4XP 3s1HHpZUDyfQRjVXx9g1B3rabkmC7wPR4gwEQfSqTxl2r2zJ6zFFk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=NGJyYIkU0+FG7U0TRI 0hGLvz5Ny4Xh5yOX6WlYpmhi0=; b=D/Hxxlr9eKtj+5KOxgpWYPTvWda501cay4 D1QJLJUZf1n+PXvpvFi/LvghkxINtoaxLXeC8lQyWMGGcvt0htNLzhX6sKfhQAu3 xo0IT7VNSokrLEacia1ZyQ1XV8bPZ/JYX4Y3arSRbBfoeHJ9x0ZseeEVEspq8M1D c76gSOnJhPcMT9LkzKZO3SayMJZmywCocqNmqcLn1RmRL5kOQRlf9AnxPNeaiqks Fc4cy2KU1iJy8lcuuRbYnGW7Z8WGGwyP22Vi9fprlHrl3gq2Hh6tfAac16hV/Kjn 1Wjwf0nfp6gugb3AQncUcJb9FujGwEP4S6MWXk6qDs0Ix3AVtWZQ== X-ME-Sender: X-Sasl-enc: z7TYD0hk3WgpSTmsti1Aw8FGFRnH29zLZMeFiAn9qR5V 1499399600 Received: from localhost (pool-108-26-246-73.bstnma.fios.verizon.net [108.26.246.73]) by mail.messagingengine.com (Postfix) with ESMTPA id 71C677E2C1; Thu, 6 Jul 2017 23:53:20 -0400 (EDT) Date: Thu, 6 Jul 2017 23:53:19 -0400 From: Leo Famulari To: Kei Kebreau Subject: Re: [bug#27600] [PATCH] gnu: xorg-server: Fix CVE-2017-{10971, 10972}. Message-ID: <20170707035319.GA20475@jasmine.lan> References: <20170706192807.30599-1-kei@openmailbox.org> <20170706234343.GC1280@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline In-Reply-To: <20170706234343.GC1280@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27600-done Cc: 27600-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 06, 2017 at 07:43:43PM -0400, Leo Famulari wrote: > On Thu, Jul 06, 2017 at 03:28:07PM -0400, Kei Kebreau wrote: > > * gnu/packages/xorg.scm (xorg-server)[source]: Add patches. > > * gnu/packages/patches/xorg-CVE-2017-10971.patch, > > gnu/packages/patches/xorg-CVE-2017-10972.patch: New files. > > * gnu/local.mk (dist_patch_DATA): Add them. >=20 > Yikes, these bugs! >=20 > > --- > > gnu/local.mk | 2 + > > gnu/packages/patches/xorg-CVE-2017-10971.patch | 153 +++++++++++++++++= ++++++++ > > gnu/packages/patches/xorg-CVE-2017-10972.patch | 35 ++++++ > > gnu/packages/xorg.scm | 5 +- > > 4 files changed, 194 insertions(+), 1 deletion(-) > > create mode 100644 gnu/packages/patches/xorg-CVE-2017-10971.patch > > create mode 100644 gnu/packages/patches/xorg-CVE-2017-10972.patch >=20 > Please rename the patch files to include the name of the package > (xorg-server), adjust the changes to local.mk accordingly, and please > push! I had some time so I made the adjustment and pushed on your behalf. Thanks again! --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllfBa8ACgkQJkb6MLrK fwiQRg/+L30z7HC3Xha8yy4hYosAO5tyiMaGuezuN/EUbv3NTi1dhjFi8KXASUQp 31mQJ2ZL7lM0P/OSlJTgIAIkCG2nb5snaB6VyI1dX0Ry4RNI/jfDy4+LEFUEDHmQ 5xnzzPVAYsLwqRobaReJ4WeS/NPiWgZ6409msH6YQE15gjaRKhp2nEOck8XfSX/n UAOFAPkHKzwX4ihYWJVwM7uv0ja7RnQkPZsuK+crBxmwl6Wb9ZLT/SnxwAjw2fgE pHHf5i0BmS7wWlZ7h1HXE6bPS9pjuXzYvZiWMkTOpvLYa+7w/xF+w0J8Lp5Iqu1z fNUB0NXatXHvKp0y1WwyvKMjUwMceat149SwK28qlhr9aol88dE65qHQLYAD/LaN YNMhqkExOGWxqxGHjiUCW6cdk2slATo4cuniBuiXHGVWFDex1i7HplS69qnGrjwL WRbcpUe7lxX4vhyCqeFKGE23rMZdOOXxtBaWcIxjJ6eRuxuelDTDiY/C4IPUvCsj c9AXkmcBZzkQN2+1CsjIhFbrULTUxYf6FcQMXe7ISoRiFkVJpxwPvQmXYF6ERwGd 60WqjZyyczozfFU61o5Oxty64DbKcJyNtsbVX2+mg9fzjOshCNifs5/pUOLXxRMo n7lkRxyLTyJ/2YUxsStWxpCAiktcPgcMLy1VeRqzSf70P8fAE+M= =uQa4 -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 07 00:21:19 2017 Received: (at 27600-done) by debbugs.gnu.org; 7 Jul 2017 04:21:20 +0000 Received: from localhost ([127.0.0.1]:55640 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTKlb-0002PX-N4 for submit@debbugs.gnu.org; Fri, 07 Jul 2017 00:21:19 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:57378 helo=mail.openmailbox.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTKlX-0002PM-JF for 27600-done@debbugs.gnu.org; Fri, 07 Jul 2017 00:21:18 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id 7B04F541188; Fri, 7 Jul 2017 06:21:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1499401274; bh=oN+64IGnwMEG2EhcSgVFh8xvVaGcuzoyu7sZ1o2jHkI=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=GE843iHgkHYWRE4BuW+vEJUZcS7zetRjsScERrlz0Bh/9EEBesiChuD38LZK2+vZ5 XLfPC5avfQHi0jr+H9S3+M9yc2vFSy0JSAG6bxKl2qG1GbmkmvUpFQkKSs8MXaxOJs EXgfE+jhjTOSGtZLe6bxz5aLpGRq7LhVeVC4eVR4= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR002 X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS, T_DKIM_INVALID autolearn=disabled version=3.4.0 From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1499401273; bh=oN+64IGnwMEG2EhcSgVFh8xvVaGcuzoyu7sZ1o2jHkI=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=ke484+p3Ejj2uVnJtjvYk8UUX4LViUaCHEjPzDlZM6psJ6PTLm0VKGxp8kTWjSPP3 P9nMpiTM2pe0RNq2gO661qTM4SuMiy+Kceb9xee/ZMYV67iA6iGzcQSOa/M1/0c3Hq pwdNwk6H9HpE1hbJjIBb3dFaEn859f0JWAlW4BaY= To: Leo Famulari Subject: Re: [bug#27600] [PATCH] gnu: xorg-server: Fix CVE-2017-{10971, 10972}. References: <20170706192807.30599-1-kei@openmailbox.org> <20170706234343.GC1280@jasmine.lan> <20170707035319.GA20475@jasmine.lan> Date: Fri, 07 Jul 2017 00:20:37 -0400 In-Reply-To: <20170707035319.GA20475@jasmine.lan> (Leo Famulari's message of "Thu, 6 Jul 2017 23:53:19 -0400") Message-ID: <878tk07u96.fsf@openmailbox.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -0.2 (/) X-Debbugs-Envelope-To: 27600-done Cc: 27600-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Thu, Jul 06, 2017 at 07:43:43PM -0400, Leo Famulari wrote: >> On Thu, Jul 06, 2017 at 03:28:07PM -0400, Kei Kebreau wrote: >> > * gnu/packages/xorg.scm (xorg-server)[source]: Add patches. >> > * gnu/packages/patches/xorg-CVE-2017-10971.patch, >> > gnu/packages/patches/xorg-CVE-2017-10972.patch: New files. >> > * gnu/local.mk (dist_patch_DATA): Add them. >>=20 >> Yikes, these bugs! >>=20 >> > --- >> > gnu/local.mk | 2 + >> > gnu/packages/patches/xorg-CVE-2017-10971.patch | 153 ++++++++++++++++= +++++++++ >> > gnu/packages/patches/xorg-CVE-2017-10972.patch | 35 ++++++ >> > gnu/packages/xorg.scm | 5 +- >> > 4 files changed, 194 insertions(+), 1 deletion(-) >> > create mode 100644 gnu/packages/patches/xorg-CVE-2017-10971.patch >> > create mode 100644 gnu/packages/patches/xorg-CVE-2017-10972.patch >>=20 >> Please rename the patch files to include the name of the package >> (xorg-server), adjust the changes to local.mk accordingly, and please >> push! > > I had some time so I made the adjustment and pushed on your behalf. > Thanks again! Thank you! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAllfDBUACgkQ5qXuPBlG eg3aCA/+M8i57uhvkdrx9xMpJnxmlX3gXzErELz6V0HPNG8AND0VPpzuB8dkq6OO j3cpC3ba+InLyL1WUU/IIQAgVS5G/HilMHR0vIlclH8Nrq9SYBvO+EIczbnDCPnH HD6wyMmz8FPbks7ldVSJ1D2lP7OLeE/cxoUrVh+rjS0z9RO6950yw3s5QPv1NHu8 iWrQ8cVd9GGqp4KYU0tmkZR5B27PNAX5F4scZ1gLFprMTiyd0xWDcGtIToz1Ug5U ui0AGamDRuNBIi2+ZMaE5wtq6VzxVgXa4yq/XsynCMPOLHbMGz/xCLAR7IpiEk8P wVHkbUbHapwvZccdQ9e7rst9kNwr2hF6JMzLfZi5ql+ZrzmB5hnD0KSHJkQAxEXu 7nnm4Q15kfRLwkpa+hrUaCpduiTvkizzTFwyvXajrRByq+4JnPC0QdbQa+E0VaKk 2IX/JKjoJIkztvYPSEANSKLi+s69dK5YgOGmY0Oizlg8aZfTEKfKl3inkkg0541X YA9j2p57HK96dOL3t0biT53my2HOJGymAdc1joNPtfOTfYsFll9UMMnFg0Ij2f1p acpkoabVTLdkvjYGfYI3eb50xJjFlN0rOdtmxCtnhe4RixuigSPg+iVvBqnSIv1+ tXiJ/HCQR/G9ntiBYgqpCqogoiaeGCtZPPRhTDb1TZq2AffBOnI= =a6Xp -----END PGP SIGNATURE----- --=-=-=-- From unknown Fri Jun 20 07:17:38 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 04 Aug 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator