CVSROOT: /cvs Module name: xenocara Changes by: j...@cvs.openbsd.org 2019/11/23 17:35:40
Modified files: lib/mesa/src/gallium/winsys/sw/dri: Tag: OPENBSD_6_6 dri_sw_winsys.c lib/mesa/src/gallium/winsys/sw/xlib: Tag: OPENBSD_6_6 xlib_sw_winsys.c lib/mesa/src/mesa/drivers/x11: Tag: OPENBSD_6_6 xm_buffer.c Log message: Call shmget() with permission 0600 instead of 0777 >From Brian Paul 02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc in mainline Mesa "A security advisory (TALOS-2019-0857/CVE-2019-5068) found that creating shared memory regions with permission mode 0777 could allow any user to access that memory. Several Mesa drivers use shared- memory XImages to implement back buffers for improved performance. This path changes the shmget() calls to use 0600 (user r/w). Tested with legacy Xlib driver and llvmpipe." OpenBSD 6.6 errata 008