xorg/xorg-server
Fredrik Rinnestam 3a026cd9c1 [notify] xorg-server: Fix for CVE-2020-14347.
X.Org security advisory: July 31, 2020

X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================

CVE-2020-14347

Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
2020-08-01 16:17:09 +02:00
..
.footprint xorg-server: updated to 1.20.0 2018-05-10 20:39:25 +02:00
.signature [notify] xorg-server: Fix for CVE-2020-14347. 2020-08-01 16:17:09 +02:00
CVE-2020-14347.patch [notify] xorg-server: Fix for CVE-2020-14347. 2020-08-01 16:17:09 +02:00
Pkgfile [notify] xorg-server: Fix for CVE-2020-14347. 2020-08-01 16:17:09 +02:00
README

WARNING:

  If you fail to rebuild input and video packages for xorg-server
  on major ABI changes, eg. 1.16.0 -> 1.17.0. You will end up with
  no mouse or keyboard and possibly no direct 3D acceleration for video.

  If you do happen to forget and have sys-rq enabled in your kernel
  you can do a safe reboot with holding down Alt + SysRq, and typing the
  following sequence in order, pausing for several seconds between each key:

  reisub

PRE-INSTALL

	xorg-server 1.16 new dependency libepoxy
	xorg-server 1.16 removed dependency xorg-glamor-egl
	xorg-server 1.17 new dependency xorg-xcb-util-keysyms
	xorg-server 1.17 removed dependency xorg-xf86-video-modesetting

	The current version of xorg-server needs these packages sorted out before 
	a prt-get sysup from crux 3.1 release is done.

prt-get remove xorg-xf86-video-modesetting xorg-glamor-egl
prt-get depinst libepoxy xorg-xcb-util-keysyms

POST-INSTALL

  After upgrading xorg-server, from major versions rebuild video
  and input packages:

  NOTE: This only applies on ABI changes between major versions
  eg, 1.16.0 -> 1.17.0.

prt-get update -fr $(prt-get listinst --regex '^xorg-xf86-(input|video)|^mesa3d')

  If you use nvidia you also need to do this:

gl-select use xorg && gl-select use nvidia