| 1 |
commit: fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 |
| 2 |
Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Jun 11 15:35:34 2021 +0000 |
| 4 |
Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Jun 11 15:36:08 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbfd1bff |
| 7 |
|
| 8 |
x11-misc/xscreensaver: CVE-2021-34557 |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/794475 |
| 11 |
Signed-off-by: Sebastian Pipping <sping <AT> gentoo.org> |
| 12 |
Package-Manager: Portage-3.0.19, Repoman-3.0.3 |
| 13 |
|
| 14 |
.../files/xscreensaver-5.45-cve-2021-34557.patch | 40 +++++ |
| 15 |
x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild | 168 +++++++++++++++++++++ |
| 16 |
2 files changed, 208 insertions(+) |
| 17 |
|
| 18 |
diff --git a/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch b/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch |
| 19 |
new file mode 100644 |
| 20 |
index 00000000000..3d002b40877 |
| 21 |
--- /dev/null |
| 22 |
+++ b/x11-misc/xscreensaver/files/xscreensaver-5.45-cve-2021-34557.patch |
| 23 |
@@ -0,0 +1,40 @@ |
| 24 |
+From c1e43f7fa01b7536bc90ad5a9b61c568f4db4dd1 Mon Sep 17 00:00:00 2001 |
| 25 |
+From: Marek Marczykowski-Górecki <marmarek@××××××××××××××××××.com> |
| 26 |
+Date: Tue, 18 May 2021 15:41:55 +0200 |
| 27 |
+Subject: [PATCH] Fix updating outputs info |
| 28 |
+ |
| 29 |
+When an output is disconnected, update_screen_layout() will try to unset |
| 30 |
+a property on window assigned to that output. It does that by iterating |
| 31 |
+si->screens up to 'count', while 'good_count' signifies how many outputs |
| 32 |
+are currently connected (good_count <= count). si->screens has few more |
| 33 |
+entries allocated (at start 10), but if there are more disconnected |
| 34 |
+outputs, the iteration will go beyond si->screens array. |
| 35 |
+The only out of bound access there is reading window ID to delete |
| 36 |
+property from, which in most cases will be a bogus number -> crashing |
| 37 |
+xscreensaver with BadWindow error. |
| 38 |
+ |
| 39 |
+Fix this by allocating array up to full 'count' entries, even if much |
| 40 |
+fewer outputs are connected at the moment. |
| 41 |
+--- |
| 42 |
+ driver/screens.c | 4 ++-- |
| 43 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
| 44 |
+ |
| 45 |
+diff --git a/driver/screens.c b/driver/screens.c |
| 46 |
+index 5aeb55d..16d6ec3 100644 |
| 47 |
+--- a/driver/screens.c |
| 48 |
++++ b/driver/screens.c |
| 49 |
+@@ -1020,9 +1020,9 @@ update_screen_layout (saver_info *si) |
| 50 |
+ calloc (sizeof(*si->screens), si->ssi_count); |
| 51 |
+ } |
| 52 |
+ |
| 53 |
+- if (si->ssi_count <= good_count) |
| 54 |
++ if (si->ssi_count <= count) |
| 55 |
+ { |
| 56 |
+- si->ssi_count = good_count + 10; |
| 57 |
++ si->ssi_count = count; |
| 58 |
+ si->screens = (saver_screen_info *) |
| 59 |
+ realloc (si->screens, sizeof(*si->screens) * si->ssi_count); |
| 60 |
+ memset (si->screens + si->nscreens, 0, |
| 61 |
+-- |
| 62 |
+2.31.1 |
| 63 |
+ |
| 64 |
|
| 65 |
diff --git a/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild b/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild |
| 66 |
new file mode 100644 |
| 67 |
index 00000000000..9a996f52f7a |
| 68 |
--- /dev/null |
| 69 |
+++ b/x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild |
| 70 |
@@ -0,0 +1,168 @@ |
| 71 |
+# Copyright 1999-2021 Gentoo Authors |
| 72 |
+# Distributed under the terms of the GNU General Public License v2 |
| 73 |
+ |
| 74 |
+EAPI=7 |
| 75 |
+inherit autotools flag-o-matic l10n multilib optfeature pam |
| 76 |
+ |
| 77 |
+DESCRIPTION="modular screen saver and locker for the X Window System" |
| 78 |
+HOMEPAGE="https://www.jwz.org/xscreensaver/" |
| 79 |
+SRC_URI="https://www.jwz.org/xscreensaver/${P}.tar.gz" |
| 80 |
+ |
| 81 |
+LICENSE="BSD" |
| 82 |
+SLOT="0" |
| 83 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" |
| 84 |
+IUSE="caps +gdk-pixbuf gdm +gtk jpeg +locking new-login offensive opengl pam +perl selinux suid systemd xinerama" |
| 85 |
+REQUIRED_USE=" |
| 86 |
+ gdk-pixbuf? ( gtk ) |
| 87 |
+" |
| 88 |
+ |
| 89 |
+COMMON_DEPEND=" |
| 90 |
+ >=gnome-base/libglade-2 |
| 91 |
+ dev-libs/libxml2 |
| 92 |
+ media-libs/netpbm |
| 93 |
+ x11-apps/appres |
| 94 |
+ x11-apps/xwininfo |
| 95 |
+ x11-libs/libX11 |
| 96 |
+ x11-libs/libXext |
| 97 |
+ x11-libs/libXft |
| 98 |
+ x11-libs/libXi |
| 99 |
+ x11-libs/libXmu |
| 100 |
+ x11-libs/libXrandr |
| 101 |
+ x11-libs/libXt |
| 102 |
+ x11-libs/libXxf86vm |
| 103 |
+ caps? ( sys-libs/libcap ) |
| 104 |
+ gdk-pixbuf? ( |
| 105 |
+ x11-libs/gdk-pixbuf-xlib |
| 106 |
+ >=x11-libs/gdk-pixbuf-2.42.0:2 |
| 107 |
+ ) |
| 108 |
+ gtk? ( x11-libs/gtk+:2 ) |
| 109 |
+ jpeg? ( virtual/jpeg:0 ) |
| 110 |
+ new-login? ( |
| 111 |
+ gdm? ( gnome-base/gdm ) |
| 112 |
+ !gdm? ( || ( x11-misc/lightdm lxde-base/lxdm ) ) |
| 113 |
+ ) |
| 114 |
+ opengl? ( |
| 115 |
+ virtual/glu |
| 116 |
+ virtual/opengl |
| 117 |
+ ) |
| 118 |
+ pam? ( sys-libs/pam ) |
| 119 |
+ systemd? ( >=sys-apps/systemd-221 ) |
| 120 |
+ xinerama? ( x11-libs/libXinerama ) |
| 121 |
+" |
| 122 |
+# For USE="perl" see output of `qlist xscreensaver | grep bin | xargs grep '::'` |
| 123 |
+RDEPEND=" |
| 124 |
+ ${COMMON_DEPEND} |
| 125 |
+ perl? ( |
| 126 |
+ dev-lang/perl |
| 127 |
+ dev-perl/libwww-perl |
| 128 |
+ virtual/perl-Digest-MD5 |
| 129 |
+ ) |
| 130 |
+ selinux? ( sec-policy/selinux-xscreensaver ) |
| 131 |
+" |
| 132 |
+DEPEND=" |
| 133 |
+ ${COMMON_DEPEND} |
| 134 |
+ dev-util/intltool |
| 135 |
+ sys-devel/bc |
| 136 |
+ sys-devel/gettext |
| 137 |
+ virtual/pkgconfig |
| 138 |
+ x11-base/xorg-proto |
| 139 |
+" |
| 140 |
+PATCHES=( |
| 141 |
+ "${FILESDIR}"/${PN}-5.45-remove-libXxf86misc-dep.patch |
| 142 |
+ "${FILESDIR}"/${PN}-5.45-interix.patch |
| 143 |
+ "${FILESDIR}"/${PN}-5.31-pragma.patch |
| 144 |
+ "${FILESDIR}"/${PN}-5.44-blurb-hndl-test-passwd.patch |
| 145 |
+ "${FILESDIR}"/${PN}-5.44-gentoo.patch |
| 146 |
+ "${FILESDIR}"/${PN}-5.45-gcc.patch |
| 147 |
+ "${FILESDIR}"/${PN}-5.45-configure.ac-sandbox.patch |
| 148 |
+ "${FILESDIR}"/${P}-cve-2021-34557.patch # bug 794475 |
| 149 |
+) |
| 150 |
+ |
| 151 |
+src_prepare() { |
| 152 |
+ sed -i configure.ac -e '/^ALL_LINGUAS=/d' || die |
| 153 |
+ strip-linguas -i po/ |
| 154 |
+ export ALL_LINGUAS="${LINGUAS}" |
| 155 |
+ |
| 156 |
+ if use new-login && ! use gdm; then #392967 |
| 157 |
+ sed -i \ |
| 158 |
+ -e "/default_l.*1/s:gdmflexiserver -ls:${EPREFIX}/usr/libexec/lightdm/&:" \ |
| 159 |
+ configure{,.ac} || die |
| 160 |
+ fi |
| 161 |
+ |
| 162 |
+ default |
| 163 |
+ |
| 164 |
+ if ! use offensive; then |
| 165 |
+ sed -i \ |
| 166 |
+ -e '/boobies/d;/boobs/d;/cock/d;/pussy/d;/viagra/d;/vibrator/d' \ |
| 167 |
+ hacks/barcode.c || die |
| 168 |
+ sed -i \ |
| 169 |
+ -e 's|erect penis|shuffle board|g' \ |
| 170 |
+ -e 's|flaccid penis|flaccid anchor|g' \ |
| 171 |
+ -e 's|vagina|engagement ring|g' \ |
| 172 |
+ -e 's|Penis|Shuttle|g' \ |
| 173 |
+ hacks/glx/glsnake.c || break |
| 174 |
+ fi |
| 175 |
+ |
| 176 |
+ eapply_user |
| 177 |
+ |
| 178 |
+ eautoconf |
| 179 |
+ eautoheader |
| 180 |
+} |
| 181 |
+ |
| 182 |
+src_configure() { |
| 183 |
+ if use ppc || use ppc64; then |
| 184 |
+ filter-flags -maltivec -mabi=altivec |
| 185 |
+ append-flags -U__VEC__ |
| 186 |
+ fi |
| 187 |
+ |
| 188 |
+ unset BC_ENV_ARGS #24568 |
| 189 |
+ export RPM_PACKAGE_VERSION=no #368025 |
| 190 |
+ |
| 191 |
+ econf \ |
| 192 |
+ $(use_enable locking) \ |
| 193 |
+ $(use_with caps setcap-hacks) \ |
| 194 |
+ $(use_with gdk-pixbuf pixbuf) \ |
| 195 |
+ $(use_with gtk) \ |
| 196 |
+ $(use_with jpeg) \ |
| 197 |
+ $(use_with new-login login-manager) \ |
| 198 |
+ $(use_with opengl gl) \ |
| 199 |
+ $(use_with pam) \ |
| 200 |
+ $(use_with suid setuid-hacks) \ |
| 201 |
+ $(use_with systemd) \ |
| 202 |
+ $(use_with xinerama xinerama-ext) \ |
| 203 |
+ --with-app-defaults="${EPREFIX}"/usr/share/X11/app-defaults \ |
| 204 |
+ --with-configdir="${EPREFIX}"/usr/share/${PN}/config \ |
| 205 |
+ --with-dpms-ext \ |
| 206 |
+ --with-hackdir="${EPREFIX}"/usr/$(get_libdir)/misc/${PN} \ |
| 207 |
+ --with-proc-interrupts \ |
| 208 |
+ --with-randr-ext \ |
| 209 |
+ --with-text-file="${EPREFIX}"/etc/gentoo-release \ |
| 210 |
+ --with-xdbe-ext \ |
| 211 |
+ --with-xf86gamma-ext \ |
| 212 |
+ --with-xf86vmode-ext \ |
| 213 |
+ --with-xinput-ext \ |
| 214 |
+ --with-xshm-ext \ |
| 215 |
+ --without-gle \ |
| 216 |
+ --without-kerberos \ |
| 217 |
+ --without-motif \ |
| 218 |
+ --x-includes="${EPREFIX}"/usr/include \ |
| 219 |
+ --x-libraries="${EPREFIX}"/usr/$(get_libdir) |
| 220 |
+} |
| 221 |
+ |
| 222 |
+src_install() { |
| 223 |
+ emake install_prefix="${D}" install |
| 224 |
+ |
| 225 |
+ dodoc README{,.hacking} |
| 226 |
+ |
| 227 |
+ if use pam; then |
| 228 |
+ fperms 755 /usr/bin/${PN} |
| 229 |
+ pamd_mimic_system ${PN} auth |
| 230 |
+ fi |
| 231 |
+ |
| 232 |
+ rm -f "${ED}"/usr/share/${PN}/config/{electricsheep,fireflies}.xml |
| 233 |
+} |
| 234 |
+ |
| 235 |
+pkg_postinst() { |
| 236 |
+ optfeature 'Bitmap fonts 75dpi' media-fonts/font-adobe-75dpi |
| 237 |
+ optfeature 'Bitmap fonts 100dpi' media-fonts/font-adobe-100dpi |
| 238 |
+} |
Archives