diff options
| author |   Sebastian Pipping <sping@gentoo.org> | 2021-06-11 17:35:34 +0200 |
|---|---|---|
| committer | Sebastian Pipping <sping@gentoo.org> | 2021-06-11 17:36:08 +0200 |
| commit | fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 (patch) | |
| tree | 33f6685c915e47db250c42849e659066678997d4 /x11-misc/xscreensaver | |
| parent | dev-python/subprocess-tee: initial import (diff) | |
| download | gentoo-fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239.tar.gz gentoo-fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239.tar.bz2 gentoo-fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239.zip | |
x11-misc/xscreensaver: CVE-2021-34557
Bug: https://bugs.gentoo.org/794475
Signed-off-by: Sebastian Pipping <sping@gentoo.org>
Package-Manager: Portage-3.0.19, Repoman-3.0.3
Diffstat (limited to 'x11-misc/xscreensaver')
| -rw-r--r-- | x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch | 40 | ||||
| -rw-r--r-- | x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild | 168 |
2 files changed, 208 insertions, 0 deletions
diff --git a/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch b/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch new file mode 100644 index 000000000000..3d002b40877a --- /dev/null +++ b/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch @@ -0,0 +1,40 @@ +From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001 +From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> +Date: Tue, 18 May 2021 15:41:55 +0200 +Subject: [PATCH] Fix updating outputs info + +When an output is disconnected, update_screen_layout() will try to unset +a property on window assigned to that output. It does that by iterating +si->screens up to 'count', while 'good_count' signifies how many outputs +are currently connected (good_count <= count). si->screens has few more +entries allocated (at start 10), but if there are more disconnected +outputs, the iteration will go beyond si->screens array. +The only out of bound access there is reading window ID to delete +property from, which in most cases will be a bogus number -> crashing +xscreensaver with BadWindow error. + +Fix this by allocating array up to full 'count' entries, even if much +fewer outputs are connected at the moment. +--- + driver/screens.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/driver/screens.c b/driver/screens.c +index 5aeb55d..16d6ec3 100644 +--- a/driver/screens.c ++++ b/driver/screens.c +@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si) + calloc (sizeof(*si->screens), si->ssi_count); + } + +- if (si->ssi_count <= good_count) ++ if (si->ssi_count <= count) + { +- si->ssi_count = good_count + 10; ++ si->ssi_count = count; + si->screens = (saver_screen_info *) + realloc (si->screens, sizeof(*si->screens) * si->ssi_count); + memset (si->screens + si->nscreens, 0, +-- +2.31.1 + diff --git a/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild b/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild new file mode 100644 index 000000000000..9a996f52f7a7 --- /dev/null +++ b/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild @@ -0,0 +1,168 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit autotools flag-o-matic l10n multilib optfeature pam + +DESCRIPTION="modular screen saver and locker for the X Window System" +HOMEPAGE="https://www.jwz.org/xscreensaver/" +SRC_URI="https://www.jwz.org/xscreensaver/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="caps +gdk-pixbuf gdm +gtk jpeg +locking new-login offensive opengl pam +perl selinux suid systemd xinerama" +REQUIRED_USE=" + gdk-pixbuf? ( gtk ) +" + +COMMON_DEPEND=" + >=gnome-base/libglade-2 + dev-libs/libxml2 + media-libs/netpbm + x11-apps/appres + x11-apps/xwininfo + x11-libs/libX11 + x11-libs/libXext + x11-libs/libXft + x11-libs/libXi + x11-libs/libXmu + x11-libs/libXrandr + x11-libs/libXt + x11-libs/libXxf86vm + caps? ( sys-libs/libcap ) + gdk-pixbuf? ( + x11-libs/gdk-pixbuf-xlib + >=x11-libs/gdk-pixbuf-2.42.0:2 + ) + gtk? ( x11-libs/gtk+:2 ) + jpeg? ( virtual/jpeg:0 ) + new-login? ( + gdm? ( gnome-base/gdm ) + !gdm? ( || ( x11-misc/lightdm lxde-base/lxdm ) ) + ) + opengl? ( + virtual/glu + virtual/opengl + ) + pam? ( sys-libs/pam ) + systemd? ( >=sys-apps/systemd-221 ) + xinerama? ( x11-libs/libXinerama ) +" +# For USE="perl" see output of `qlist xscreensaver | grep bin | xargs grep '::'` +RDEPEND=" + ${COMMON_DEPEND} + perl? ( + dev-lang/perl + dev-perl/libwww-perl + virtual/perl-Digest-MD5 + ) + selinux? ( sec-policy/selinux-xscreensaver ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-util/intltool + sys-devel/bc + sys-devel/gettext + virtual/pkgconfig + x11-base/xorg-proto +" +PATCHES=( + "${FILESDIR}"/${PN}-5.45-remove-libXxf86misc-dep.patch + "${FILESDIR}"/${PN}-5.45-interix.patch + "${FILESDIR}"/${PN}-5.31-pragma.patch + "${FILESDIR}"/${PN}-5.44-blurb-hndl-test-passwd.patch + "${FILESDIR}"/${PN}-5.44-gentoo.patch + "${FILESDIR}"/${PN}-5.45-gcc.patch + "${FILESDIR}"/${PN}-5.45-configure.ac-sandbox.patch + "${FILESDIR}"/${P}-cve-2021-34557.patch # bug 794475 +) + +src_prepare() { + sed -i configure.ac -e '/^ALL_LINGUAS=/d' || die + strip-linguas -i po/ + export ALL_LINGUAS="${LINGUAS}" + + if use new-login && ! use gdm; then #392967 + sed -i \ + -e "/default_l.*1/s:gdmflexiserver -ls:${EPREFIX}/usr/libexec/lightdm/&:" \ + configure{,.ac} || die + fi + + default + + if ! use offensive; then + sed -i \ + -e '/boobies/d;/boobs/d;/cock/d;/pussy/d;/viagra/d;/vibrator/d' \ + hacks/barcode.c || die + sed -i \ + -e 's|erect penis|shuffle board|g' \ + -e 's|flaccid penis|flaccid anchor|g' \ + -e 's|vagina|engagement ring|g' \ + -e 's|Penis|Shuttle|g' \ + hacks/glx/glsnake.c || break + fi + + eapply_user + + eautoconf + eautoheader +} + +src_configure() { + if use ppc || use ppc64; then + filter-flags -maltivec -mabi=altivec + append-flags -U__VEC__ + fi + + unset BC_ENV_ARGS #24568 + export RPM_PACKAGE_VERSION=no #368025 + + econf \ + $(use_enable locking) \ + $(use_with caps setcap-hacks) \ + $(use_with gdk-pixbuf pixbuf) \ + $(use_with gtk) \ + $(use_with jpeg) \ + $(use_with new-login login-manager) \ + $(use_with opengl gl) \ + $(use_with pam) \ + $(use_with suid setuid-hacks) \ + $(use_with systemd) \ + $(use_with xinerama xinerama-ext) \ + --with-app-defaults="${EPREFIX}"/usr/share/X11/app-defaults \ + --with-configdir="${EPREFIX}"/usr/share/${PN}/config \ + --with-dpms-ext \ + --with-hackdir="${EPREFIX}"/usr/$(get_libdir)/misc/${PN} \ + --with-proc-interrupts \ + --with-randr-ext \ + --with-text-file="${EPREFIX}"/etc/gentoo-release \ + --with-xdbe-ext \ + --with-xf86gamma-ext \ + --with-xf86vmode-ext \ + --with-xinput-ext \ + --with-xshm-ext \ + --without-gle \ + --without-kerberos \ + --without-motif \ + --x-includes="${EPREFIX}"/usr/include \ + --x-libraries="${EPREFIX}"/usr/$(get_libdir) +} + +src_install() { + emake install_prefix="${D}" install + + dodoc README{,.hacking} + + if use pam; then + fperms 755 /usr/bin/${PN} + pamd_mimic_system ${PN} auth + fi + + rm -f "${ED}"/usr/share/${PN}/config/{electricsheep,fireflies}.xml +} + +pkg_postinst() { + optfeature 'Bitmap fonts 75dpi' media-fonts/font-adobe-75dpi + optfeature 'Bitmap fonts 100dpi' media-fonts/font-adobe-100dpi +} |