---
- branch: MAIN
  date: Fri Jul 31 16:50:57 UTC 2020
  files:
  - new: '1.128'
    old: '1.127'
    path: pkgsrc/x11/modular-xorg-server/Makefile
    pathrev: pkgsrc/x11/modular-xorg-server/Makefile@1.128
    type: modified
  - new: '1.102'
    old: '1.101'
    path: pkgsrc/x11/modular-xorg-server/distinfo
    pathrev: pkgsrc/x11/modular-xorg-server/distinfo@1.102
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/x11/modular-xorg-server/patches/patch-dix_pixmap.c
    pathrev: pkgsrc/x11/modular-xorg-server/patches/patch-dix_pixmap.c@1.1
    type: added
  - new: '1.20'
    old: '1.19'
    path: pkgsrc/x11/modular-xorg-xephyr/Makefile
    pathrev: pkgsrc/x11/modular-xorg-xephyr/Makefile@1.20
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/x11/modular-xorg-xwayland/Makefile
    pathrev: pkgsrc/x11/modular-xorg-xwayland/Makefile@1.8
    type: modified
  id: 20200731T165057Z.a5561878edf6c07b7429ef85340afe119a48cb13
  log: |
    modular-xorg-*: provide patch (making this package equivalent to
    xorg-server 1.20.9, couldn't find a tarball).

    X.Org security advisory: July 31, 2020

    X Server Pixel Data Uninitialized Memory Information Disclosure
    ===============================================================

    CVE-2020-14347

    Allocation for pixmap data in AllocatePixmap() does not initialize the
    memory in xserver, it leads to leak uninitialize heap memory to
    clients. When the X server runs with elevated privileges.

    This flaw can lead to ASLR bypass, which when combined with other
    flaws (known/unknown) could lead to lead to privilege elevation in the
    client.

    Patch
    =====

    A patch for this issue has been commited to the xorg server git
    repository.  xorg-server 1.20.9 will be released shortly and will
    include this patch.

    https://gitlab.freedesktop.org/xorg/xserver.git

    diff --git a/dix/pixmap.c b/dix/pixmap.c
    index 1186d7dbb..5a0146bbb 100644
    --- a/dix/pixmap.c
    +++ b/dix/pixmap.c
    @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
         if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
             return NullPixmap;

    -    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
    +    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
         if (!pPixmap)
             return NullPixmap;

    Thanks
    ======

    This vulnerability was discovered by Jan-Niklas Sohn working with
    Trend Micro Zero Day Initiative.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/x11'
  unixtime: '1596214257'
  user: maya