[Call for testers] Update to xorg-server 1.14
JEREMY COX
jeremy.m.cox at gmail.com
Thu Dec 11 07:30:13 UTC 2014
I recently tried to apply the December 10 patch rollup to apply the CVE
updates and 1 patch did not apply cleanly.
_____________________________________________________________________________
===>>> xorg-server-1.14.7,1 1/1
===>>> Currently installed version: xorg-server-1.14.7,1
===>>> Port directory: /usr/ports/x11-servers/xorg-server
===> Cleaning for xorg-server-1.14.7,1
By default, the X Server installs as a set-user-id root binary. When run by
a normal user, it checks arguments and environment as done in the
x11/wrapper
port before handling them normally. If you are concerned about the security
of this, but still want to run an X Server (for example using xdm/kdm/gdm,
which will still run the server as root), you can cancel the build and set
xorg-server_UNSET=SUID in /etc/make.conf.
===> License MIT accepted by the user
===> Found saved configuration for xorg-server-1.14.7,1
===> xorg-server-1.14.7,1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by xorg-server-1.14.7,1 for building
===> Extracting for xorg-server-1.14.7,1
=> SHA256 Checksum OK for xorg/xserver/xorg-server-1.14.7.tar.bz2.
===> Patching for xorg-server-1.14.7,1
===> Applying FreeBSD patches for xorg-server-1.14.7,1
2 out of 6 hunks failed--saving rejects to Xi/xipassivegrab.c.rej
=> Patch patch-CVE-2014-8095 failed to apply cleanly.
=> Patch(es) patch-CVE-2014-8092-1-4 patch-CVE-2014-8092-2-4
patch-CVE-2014-8092-3-4 patch-CVE-2014-8092-4-4 patch-CVE-2014-8092-pt5
patch-CVE-2014-8092-pt6 patch-CVE-2014-8093-1-6 patch-CVE-2014-8093-2-6
patch-CVE-2014-8093-3-6 patch-CVE-2014-8093-4-6 patch-CVE-2014-8093-5-6
patch-CVE-2014-8093-6-6 patch-CVE-2014-8094 applied cleanly.
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/x11-servers/xorg-server
*** Error code 1
Stop.
make: stopped in /usr/ports/x11-servers/xorg-server
===>>> make build failed for x11-servers/xorg-server
===>>> Aborting update
===>>> Update for xorg-server-1.14.7,1 failed
===>>> Aborting update
_____________________________________________________________________________
I used the command portmaster -r xorg-server and also tried make install
from the port's directory and both failed. The xipassivegrab.c.rej file:
____________________________________________________________________________
@@ -50,9 +50,10 @@
SProcXIPassiveGrabDevice(ClientPtr client)
{
int i;
- xXIModifierInfo *mods;
+ uint32_t *mods;
REQUEST(xXIPassiveGrabDeviceReq);
+ REQUEST_AT_LEAST_SIZE(xXIPassiveGrabDeviceReq);
swaps(&stuff->length);
swaps(&stuff->deviceid);
@@ -63,12 +64,12 @@
swaps(&stuff->mask_len);
swaps(&stuff->num_modifiers);
- mods = (xXIModifierInfo *) &stuff[1];
+ REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq,
+ ((uint32_t) stuff->mask_len + stuff->num_modifiers) *4);
+ mods = (uint32_t *) &stuff[1] + stuff->mask_len;
for (i = 0; i < stuff->num_modifiers; i++, mods++) {
- swapl(&mods->base_mods);
- swapl(&mods->latched_mods);
- swapl(&mods->locked_mods);
+ swapl(mods);
}
return ProcXIPassiveGrabDevice(client);
I reverted to server 1.12 to see if it would build and it was able to
successfully patch server 1.12. The problem file is (obviously)
patch-CVE-2014-8095.
More information about the freebsd-x11
mailing list