debian/changelog | 12 ++++++- debian/patches/CVE-2013-1940.patch | 36 +++++++++++++++++++++ debian/patches/dix-fix-zaphod-screen-crossing.diff | 36 +++++++++++++++++++++ debian/patches/series | 2 + 4 files changed, 85 insertions(+), 1 deletion(-)
New commits: commit e2b34b1ba3b2ac2c2b640b62b8a6523b6fbcb180 Author: Timo Aaltonen <tjaal...@ubuntu.com> Date: Thu Oct 10 17:03:01 2013 +0300 release to quantal-proposed diff --git a/debian/changelog b/debian/changelog index ea66b01..34114b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -xorg-server (2:1.13.0-0ubuntu6.3) UNRELEASED; urgency=low +xorg-server (2:1.13.0-0ubuntu6.3) quantal-proposed; urgency=low [ Maarten Lankhorst ] * add patch to fix starting xorg-server with no outputs connected (LP: #1122072) commit e647875e48767186ef99594e444af3cd0b09b274 Author: Timo Aaltonen <tjaal...@ubuntu.com> Date: Thu Oct 10 16:41:28 2013 +0300 include changes from -0u6.2 diff --git a/debian/changelog b/debian/changelog index 5ab2f01..ea66b01 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -xorg-server (2:1.13.0-0ubuntu6.2) UNRELEASED; urgency=low +xorg-server (2:1.13.0-0ubuntu6.3) UNRELEASED; urgency=low [ Maarten Lankhorst ] * add patch to fix starting xorg-server with no outputs connected (LP: #1122072) @@ -15,6 +15,15 @@ xorg-server (2:1.13.0-0ubuntu6.2) UNRELEASED; urgency=low -- Maarten Lankhorst <maarten.lankho...@ubuntu.com> Tue, 12 Feb 2013 15:18:32 +0100 +xorg-server (2:1.13.0-0ubuntu6.2) quantal-security; urgency=low + + * SECURITY UPDATE: input event leak via inactive VT + - debian/patches/CVE-2013-1940.patch: fix flush input to work with + Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c. + - CVE-2013-1940 + + -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 11 Apr 2013 08:08:53 -0400 + xorg-server (2:1.13.0-0ubuntu6.1) quantal-proposed; urgency=low [ Maarten Lankhorst ] diff --git a/debian/patches/CVE-2013-1940.patch b/debian/patches/CVE-2013-1940.patch new file mode 100644 index 0000000..0c45279 --- /dev/null +++ b/debian/patches/CVE-2013-1940.patch @@ -0,0 +1,36 @@ +From 88394b5cf39f298ebaa9a8ce4ace9bef14c2c6ee Mon Sep 17 00:00:00 2001 +From: Dave Airlie <airl...@gmail.com> +Date: Wed, 10 Apr 2013 16:09:01 +1000 +Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices. + +So when we VT switch back and attempt to flush the input devices, +we don't succeed because evdev won't return part of an event, +since we were only asking for 4 bytes, we'd only get -EINVAL back. + +This could later cause events to be flushed that we shouldn't have +gotten. + +This is a fix for CVE-2013-1940. + +Signed-off-by: Dave Airlie <airl...@redhat.com> +--- + hw/xfree86/os-support/shared/posix_tty.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c +index ab3757a..4d08c1e 100644 +--- a/hw/xfree86/os-support/shared/posix_tty.c ++++ b/hw/xfree86/os-support/shared/posix_tty.c +@@ -421,7 +421,8 @@ xf86FlushInput(int fd) + { + fd_set fds; + struct timeval timeout; +- char c[4]; ++ /* this needs to be big enough to flush an evdev event. */ ++ char c[256]; + + DebugF("FlushingSerial\n"); + if (tcflush(fd, TCIFLUSH) == 0) +-- +1.8.2 + diff --git a/debian/patches/series b/debian/patches/series index 31cd601..fa24ae9 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -37,6 +37,7 @@ fixup-headless.patch ## from upstream, drop when rebasing to a new version 229_udev-fix.diff +CVE-2013-1940.patch 230-fix-compat-output-selection.patch 231-scan-pci-after-probing-devices.patch 237-dix-set-the-device-transformation-matrix.patch commit d049624a843a7dda9d057d137bf21f1f90633c03 Author: Timo Aaltonen <tjaal...@ubuntu.com> Date: Thu Oct 10 16:35:48 2013 +0300 dix-fix-zaphod-screen-crossing.diff: Fix pointer screen crossing. (LP: #1068920) diff --git a/debian/changelog b/debian/changelog index 3bd3317..5ab2f01 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,7 @@ xorg-server (2:1.13.0-0ubuntu6.2) UNRELEASED; urgency=low [ Timo Aaltonen ] * Fix patch 500 to apply. + * dix-fix-zaphod-screen-crossing.diff: Fix pointer screen crossing. (LP: #1068920) -- Maarten Lankhorst <maarten.lankho...@ubuntu.com> Tue, 12 Feb 2013 15:18:32 +0100 diff --git a/debian/patches/dix-fix-zaphod-screen-crossing.diff b/debian/patches/dix-fix-zaphod-screen-crossing.diff new file mode 100644 index 0000000..b097334 --- /dev/null +++ b/debian/patches/dix-fix-zaphod-screen-crossing.diff @@ -0,0 +1,36 @@ +commit e7cd5cce740e653000fb1192b600268dcf77dde2 +Author: Peter Hutterer <peter.hutte...@who-t.net> +Date: Thu Oct 18 15:11:31 2012 +1000 + + dix: fix zaphod screen scrossing (#54654) + + POINTER_SCREEN coordinates are screen-relative. For a Zaphod setup, the + coordinates after a screen crossing are already relative to the new screen's + origin. Add that offset to the coordinates before re-setting. + + regression introduced by + commit bafbd99080be49a17be97d2cc758fbe623369945 + Author: Peter Hutterer <peter.hutte...@who-t.net> + Date: Wed Aug 8 11:34:32 2012 +1000 + + dix: work around scaling issues during WarpPointer (#53037) + + X.Org Bug 54654 <http://bugs.freedesktop.org/show_bug.cgi?id=54654> + + Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net> + Reviewed-by: Keith Packard <kei...@keithp.com> + +--- a/dix/getevents.c ++++ b/dix/getevents.c +@@ -1414,8 +1414,9 @@ fill_pointer_events(InternalEvent *event + coordinates were. + */ + if (flags & POINTER_SCREEN) { +- screenx = sx; +- screeny = sy; ++ scr = miPointerGetScreen(pDev); ++ screenx = sx + scr->x; ++ screeny = sy + scr->y; + } + + scr = positionSprite(pDev, (flags & POINTER_ABSOLUTE) ? Absolute : Relative, diff --git a/debian/patches/series b/debian/patches/series index 47f907b..31cd601 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -41,3 +41,4 @@ fixup-headless.patch 231-scan-pci-after-probing-devices.patch 237-dix-set-the-device-transformation-matrix.patch 238-fix-erratic-cursor-movement.patch +dix-fix-zaphod-screen-crossing.diff -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1vuhdh-0005oy...@vasks.debian.org