[packages/xorg-xserver-server] up to 21.1.20 (fixes CVE-2025-62229 CVE-2025-62230 CVE-2025-62231)
atler
atler at pld-linux.org
Tue Oct 28 19:03:34 CET 2025
commit 682242e98b0c810bc959437434077e5f7e812a59
Author: Jan Palus <atler at pld-linux.org>
Date: Tue Oct 28 19:02:16 2025 +0100
up to 21.1.20 (fixes CVE-2025-62229 CVE-2025-62230 CVE-2025-62231)
xorg-xserver-server-builtin-SHA1.patch | 49 +++++++++++++++++++++++++++++++++-
xorg-xserver-server.spec | 4 +--
2 files changed, 50 insertions(+), 3 deletions(-)
---
diff --git a/xorg-xserver-server.spec b/xorg-xserver-server.spec
index ca40b15..8e49cec 100644
--- a/xorg-xserver-server.spec
+++ b/xorg-xserver-server.spec
@@ -35,12 +35,12 @@
Summary: X.org server
Summary(pl.UTF-8): Serwer X.org
Name: xorg-xserver-server
-Version: 21.1.18
+Version: 21.1.20
Release: 1
License: MIT
Group: X11/Servers
Source0: https://xorg.freedesktop.org/releases/individual/xserver/xorg-server-%{version}.tar.xz
-# Source0-md5: 43225ddc1fd8d7ae7671c25ab6d1f927
+# Source0-md5: 3778c462b6f199c29d64705d337e9dc7
Source1: 10-quirks.conf
Source2: xserver.pamd
Source10: %{name}-Xvfb.init
diff --git a/xorg-xserver-server-builtin-SHA1.patch b/xorg-xserver-server-builtin-SHA1.patch
index f104b40..be0a404 100644
--- a/xorg-xserver-server-builtin-SHA1.patch
+++ b/xorg-xserver-server-builtin-SHA1.patch
@@ -188,7 +188,7 @@ diff -urN xorg-server-1.17.0.org/os/Makefile.am xorg-server-1.17.0/os/Makefile.a
diff -urN xorg-server-1.17.0.org/os/xsha1.c xorg-server-1.17.0/os/xsha1.c
--- xorg-server-1.17.0.org/os/xsha1.c 2015-01-18 00:42:52.000000000 +0100
+++ xorg-server-1.17.0/os/xsha1.c 2015-02-04 19:34:23.455234679 +0100
-@@ -23,279 +23,3 @@
+@@ -23,326 +23,3 @@
* DEALINGS IN THE SOFTWARE.
*/
@@ -425,13 +425,43 @@ diff -urN xorg-server-1.17.0.org/os/xsha1.c xorg-server-1.17.0/os/xsha1.c
-
-#else /* Use OpenSSL's libcrypto */
-
+-#include <openssl/opensslv.h>
+-#if OPENSSL_VERSION_MAJOR >= 3
+-#define USE_EVP
+-#endif
+-
+-#ifdef USE_EVP
+-#include <openssl/evp.h>
+-#else
-#include <stddef.h> /* buggy openssl/sha.h wants size_t */
-#include <openssl/sha.h>
+-#endif
+-
+-#ifdef USE_EVP
+-static EVP_MD *sha1 = NULL;
+-#endif
-
-void *
-x_sha1_init(void)
-{
- int ret;
+-#ifdef USE_EVP
+- EVP_MD_CTX *ctx;
+-
+- if (sha1 == NULL) {
+- sha1 = EVP_MD_fetch(NULL, "SHA1", NULL);
+- if (sha1 == NULL)
+- return NULL;
+- }
+- ctx = EVP_MD_CTX_new();
+- if (ctx == NULL)
+- return NULL;
+- ret = EVP_DigestInit_ex2(ctx, sha1, NULL);
+- if (!ret) {
+- EVP_MD_CTX_free(ctx);
+- return NULL;
+- }
+-#else
- SHA_CTX *ctx = malloc(sizeof(*ctx));
-
- if (!ctx)
@@ -441,6 +471,7 @@ diff -urN xorg-server-1.17.0.org/os/xsha1.c xorg-server-1.17.0/os/xsha1.c
- free(ctx);
- return NULL;
- }
+-#endif
- return ctx;
-}
-
@@ -448,11 +479,19 @@ diff -urN xorg-server-1.17.0.org/os/xsha1.c xorg-server-1.17.0/os/xsha1.c
-x_sha1_update(void *ctx, void *data, int size)
-{
- int ret;
+-#ifdef USE_EVP
+- EVP_MD_CTX *sha_ctx = ctx;
+-
+- ret = EVP_DigestUpdate(sha_ctx, data, size);
+- if (!ret)
+- EVP_MD_CTX_free(sha_ctx);
+-#else
- SHA_CTX *sha_ctx = ctx;
-
- ret = SHA1_Update(sha_ctx, data, size);
- if (!ret)
- free(sha_ctx);
+-#endif
- return ret;
-}
-
@@ -460,10 +499,18 @@ diff -urN xorg-server-1.17.0.org/os/xsha1.c xorg-server-1.17.0/os/xsha1.c
-x_sha1_final(void *ctx, unsigned char result[20])
-{
- int ret;
+-#ifdef USE_EVP
+- EVP_MD_CTX *sha_ctx = ctx;
+- unsigned int result_len = 20; /* size of result buffer */
+-
+- ret = EVP_DigestFinal_ex(sha_ctx, result, &result_len);
+- EVP_MD_CTX_free(sha_ctx);
+-#else
- SHA_CTX *sha_ctx = ctx;
-
- ret = SHA1_Final(result, sha_ctx);
- free(sha_ctx);
+-#endif
- return ret;
-}
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/xorg-xserver-server.git/commitdiff/682242e98b0c810bc959437434077e5f7e812a59
More information about the pld-cvs-commit
mailing list