Hello community,
here is the log from the commit of package libXfont for openSUSE:Factory checked in at 2017-12-03 10:08:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
and /work/SRC/openSUSE:Factory/.libXfont.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXfont"
Sun Dec 3 10:08:51 2017 rev:19 rq:546295 version:1.5.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes 2017-10-28 14:18:36.210310647 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes 2017-12-03 10:08:53.308877063 +0100
@@ -1,0 +2,6 @@
+Tue Nov 28 19:20:44 UTC 2017 - sndirsch@suse.com
+
+- Update to release 1.5.4
+ * Open files with O_NOFOLLOW. (CVE-2017-16611)
+
+-------------------------------------------------------------------
Old:
----
libXfont-1.5.3.tar.bz2
New:
----
libXfont-1.5.4.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libXfont.spec ++++++
--- /var/tmp/diff_new_pack.yw2A3a/_old 2017-12-03 10:08:53.896855686 +0100
+++ /var/tmp/diff_new_pack.yw2A3a/_new 2017-12-03 10:08:53.900855540 +0100
@@ -18,7 +18,7 @@
Name: libXfont
%define lname libXfont1
-Version: 1.5.3
+Version: 1.5.4
Release: 0
Summary: X font handling library for server and utilities
License: MIT
++++++ libXfont-1.5.3.tar.bz2 -> libXfont-1.5.4.tar.bz2 ++++++
++++ 1967 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont-1.5.3/ChangeLog new/libXfont-1.5.4/ChangeLog
--- old/libXfont-1.5.3/ChangeLog 2017-10-19 22:50:17.000000000 +0200
+++ new/libXfont-1.5.4/ChangeLog 2017-11-28 15:34:44.000000000 +0100
@@ -1,3 +1,22 @@
+commit 7d246751628bb877e04da762ec1a2e41ffa62154
+Author: Matthieu Herrb
+Date: Tue Nov 28 15:33:15 2017 +0100
+
+ libXfont 1.5.4
+
+commit 5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
+Author: Michal Srb
+Date: Thu Oct 26 09:48:13 2017 +0200
+
+ Open files with O_NOFOLLOW. (CVE-2017-16611)
+
+ A non-privileged X client can instruct X server running under root to open any
+ file by creating own directory with "fonts.dir", "fonts.alias" or any font file
+ being a symbolic link to any other file in the system. X server will then open
+ it. This can be issue with special files such as /dev/watchdog.
+
+ Reviewed-by: Matthieu Herrb
+
commit f581c2346d025d5b15926db9e58f254173fb58dc
Author: Matt Turner
Date: Thu Oct 19 13:45:58 2017 -0700
@@ -50,21 +69,21 @@
Found by clang's Address Sanitizer
- crac.num_auths = set_font_authorizations(&authorizations, &authlen,
- client);
- /* Work around bug in xfs versions up through modular release 1.0.8
- which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
- if (crac.num_auths == 0) {
- authorizations = padding;
- authlen = 4;
- } else {
- authlen = (authlen + 3) & ~0x3;
- }
- crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
- crac.acid = cur->acid;
- _fs_add_req_log(conn, FS_CreateAC);
- _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
- _fs_write(conn, authorizations, authlen);
+ crac.num_auths = set_font_authorizations(&authorizations, &authlen,
+ client);
+ /* Work around bug in xfs versions up through modular release 1.0.8
+ which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
+ if (crac.num_auths == 0) {
+ authorizations = padding;
+ authlen = 4;
+ } else {
+ authlen = (authlen + 3) & ~0x3;
+ }
+ crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
+ crac.acid = cur->acid;
+ _fs_add_req_log(conn, FS_CreateAC);
+ _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
+ _fs_write(conn, authorizations, authlen);
In the case in the report, set_font_authorizations setup authorizations as a
34 byte buffer (and authlen set to 34 as one would expect). The following
@@ -1409,7 +1428,7 @@
Conflicts:
- ChangeLog
+ ChangeLog
Signed-off-by: Yaakov Selkowitz
@@ -2222,7 +2241,7 @@
This patch adds a new FPE type, which will match font path elements of the
form
- catalogue:<dir>
+ catalogue:<dir>
The dir specified after the catalogue: prefix will be scanned for symlinks
and each symlink destination will be added as a local fontfile FPE.
@@ -2232,22 +2251,22 @@
An example configuration:
- 75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi
- ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript
- misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc
- type1:pri=40 -> /usr/share/X11/fonts/Type1
- type1:pri=50 -> /usr/share/fonts/default/Type1
+ 75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi
+ ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript
+ misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc
+ type1:pri=40 -> /usr/share/X11/fonts/Type1
+ type1:pri=50 -> /usr/share/fonts/default/Type1
will add /usr/share/X11/fonts/misc as the first FPE with the attribute
'unscaled', second FPE will be /usr/share/X11/fonts/75dpi, also with
the attribute unscaled etc. This is functionally equivalent to setting
the following font path:
- /usr/share/X11/fonts/misc:unscaled,
- /usr/share/X11/fonts/75dpi:unscaled,
- /usr/share/X11/fonts/Type1,
- /usr/share/fonts/default/Type1,
- /usr/share/fonts/default/ghostscript
+ /usr/share/X11/fonts/misc:unscaled,
+ /usr/share/X11/fonts/75dpi:unscaled,
+ /usr/share/X11/fonts/Type1,
+ /usr/share/fonts/default/Type1,
+ /usr/share/fonts/default/ghostscript
The motivation is to let font packages add a symlink to the new font
directory they provide instead of rewriting either the Xorg config file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont-1.5.3/configure.ac new/libXfont-1.5.4/configure.ac
--- old/libXfont-1.5.3/configure.ac 2017-10-19 22:50:07.000000000 +0200
+++ new/libXfont-1.5.4/configure.ac 2017-11-28 15:34:20.000000000 +0100
@@ -21,7 +21,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libXfont], [1.5.3],
+AC_INIT([libXfont], [1.5.4],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfont])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h include/X11/fonts/fontconf.h])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont-1.5.3/src/fontfile/dirfile.c new/libXfont-1.5.4/src/fontfile/dirfile.c
--- old/libXfont-1.5.3/src/fontfile/dirfile.c 2017-10-19 22:50:07.000000000 +0200
+++ new/libXfont-1.5.4/src/fontfile/dirfile.c 2017-11-28 15:34:21.000000000 +0100
@@ -41,6 +41,7 @@
#include
#include
#include
+#include
#include
#include
@@ -60,8 +61,9 @@
char dir_file[MAXFONTFILENAMELEN];
char dir_path[MAXFONTFILENAMELEN];
char *ptr;
- FILE *file;
- int count,
+ FILE *file = 0;
+ int file_fd,
+ count,
num_fonts,
status;
struct stat statb;
@@ -91,7 +93,14 @@
if (dir_file[strlen(dir_file) - 1] != '/')
strcat(dir_file, "/");
strcat(dir_file, FontDirFile);
+#ifndef WIN32
+ file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW);
+ if (file_fd >= 0) {
+ file = fdopen(file_fd, "rt");
+ }
+#else
file = fopen(dir_file, "rt");
+#endif
if (file) {
#ifndef WIN32
if (fstat (fileno(file), &statb) == -1)
@@ -261,7 +270,8 @@
char alias[MAXFONTNAMELEN];
char font_name[MAXFONTNAMELEN];
char alias_file[MAXFONTFILENAMELEN];
- FILE *file;
+ int file_fd;
+ FILE *file = 0;
FontDirectoryPtr dir;
int token;
char *lexToken;
@@ -279,7 +289,16 @@
strcat(alias_file, "/");
strcat(alias_file, FontAliasFile);
}
+
+#ifndef WIN32
+ file_fd = open(alias_file, O_RDONLY | O_NOFOLLOW);
+ if (file_fd >= 0) {
+ file = fdopen(file_fd, "rt");
+ }
+#else
file = fopen(alias_file, "rt");
+#endif
+
if (!file)
return ((errno == ENOENT) ? Successful : BadFontPath);
if (!dir)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont-1.5.3/src/fontfile/fileio.c new/libXfont-1.5.4/src/fontfile/fileio.c
--- old/libXfont-1.5.3/src/fontfile/fileio.c 2017-10-19 22:50:07.000000000 +0200
+++ new/libXfont-1.5.4/src/fontfile/fileio.c 2017-11-28 15:34:21.000000000 +0100
@@ -39,6 +39,9 @@
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
+#endif
FontFilePtr
FontFileOpen (const char *name)
@@ -47,7 +50,7 @@
int len;
BufFilePtr raw, cooked;
- fd = open (name, O_BINARY|O_CLOEXEC);
+ fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW);
if (fd < 0)
return 0;
raw = BufFileOpenRead (fd);