X Strike Force XFree86 SVN commit: r2242 - in trunk/debian: . patches
Author: branden
Date: 2005-05-05 21:10:52 -0500 (Thu, 05 May 2005)
New Revision: 2242
Modified:
trunk/debian/CHANGESETS
trunk/debian/TODO
trunk/debian/changelog
trunk/debian/patches/000_stolen_from_xorg.diff
Log:
Grab patches by Thomas Winischhofer from freedesktop.org's xorg CVS which
fix the busted MiscPassMessage() extension implementation in xfree86 which
1) copies from an invalid memory location, and 2) has memory leaks --
neither is a good trait in a setuid root program like the X server.
(Closes: #285807)
Modified: trunk/debian/CHANGESETS
===================================================================
--- trunk/debian/CHANGESETS 2005-04-24 20:58:39 UTC (rev 2241)
+++ trunk/debian/CHANGESETS 2005-05-06 02:10:52 UTC (rev 2242)
@@ -95,4 +95,11 @@
at the bottom of this file. (Closes: #296719)
2241
+Grab patches by Thomas Winischhofer from freedesktop.org's xorg CVS which
+fix the busted MiscPassMessage() extension implementation in xfree86 which
+1) copies from an invalid memory location, and 2) has memory leaks --
+neither is a good trait in a setuid root program like the X server.
+(Closes: #285807)
+ 2242
+
vim:set ai et sts=4 sw=4 tw=80:
Modified: trunk/debian/TODO
===================================================================
--- trunk/debian/TODO 2005-04-24 20:58:39 UTC (rev 2241)
+++ trunk/debian/TODO 2005-05-06 02:10:52 UTC (rev 2242)
@@ -16,9 +16,6 @@
4.3.0.dfsg.1-13
---------------
-* #285807: fix busted MiscPassMessage() implementation which 1) copies from
- an invalid memory location, and 2) has memory leaks -- neither is a good trait
- in a setuid root program like the X server
* #284448: add bounds checking and fix SEGV in font server code
* Grab small-scale, non-disruptive fixes to the xserver-xfree86 debconfage from
branches/debconf-overhaul.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2005-04-24 20:58:39 UTC (rev 2241)
+++ trunk/debian/changelog 2005-05-06 02:10:52 UTC (rev 2242)
@@ -77,8 +77,14 @@
signals xdm with SIGUSR2.
(Closes: #303688)
- -- Branden Robinson <branden@debian.org> Sun, 10 Apr 2005 14:11:43 -0500
+ * Grab patches by Thomas Winischhofer from freedesktop.org's xorg CVS which
+ fix the busted MiscPassMessage() extension implementation in xfree86 which
+ 1) copies from an invalid memory location, and 2) has memory leaks --
+ neither is a good trait in a setuid root program like the X server.
+ (Closes: #285807)
+ -- Branden Robinson <branden@debian.org> Thu, 5 May 2005 19:25:36 -0500
+
xfree86 (4.3.0.dfsg.1-12) unstable; urgency=medium
* Urgency set to medium due to fix for release-critical bug #295175
Modified: trunk/debian/patches/000_stolen_from_xorg.diff
===================================================================
--- trunk/debian/patches/000_stolen_from_xorg.diff 2005-04-24 20:58:39 UTC (rev 2241)
+++ trunk/debian/patches/000_stolen_from_xorg.diff 2005-05-06 02:10:52 UTC (rev 2242)
@@ -21,6 +21,16 @@
xc/programs/Xserver/hw/xfree86/i2c/xf86i2c.c @ 1.4
Bug #2004: Make DDC delay slightly longer. (Thomas J. Moore)
+xc/include/extensions/xf86mscstr.h @ 1.3
+xc/programs/Xserver/Xext/xf86misc.c @ 1.2
+ * Make MISC extension's PassMessage() actually work and fix memory
+ leaks (Increase minor version to 9 to indicate that PassMessage()
+ is usable) [Thomas Winischhofer]
+
+xc/programs/Xserver/Xext/xf86misc.c @ 1.3
+ * Another fix for MiscPassMessage(): Initialize returned "status".
+ [Thomas Winischhofer]
+
diff -Naurd xc.orig/programs/Xserver/hw/xfree86/common/xf86str.h xc/programs/Xserver/hw/xfree86/common/xf86str.h
--- xc.orig/programs/Xserver/hw/xfree86/common/xf86str.h 2004-09-15 10:05:46.000000000 +0000
+++ xc/programs/Xserver/hw/xfree86/common/xf86str.h 2004-09-15 10:14:05.000000000 +0000
@@ -307,3 +317,134 @@
}
}
#endif
+Index: xc/include/extensions/xf86mscstr.h
+===================================================================
+RCS file: /cvs/xorg/xc/include/extensions/xf86mscstr.h,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -r1.2 -r1.3
+--- xc/include/extensions/xf86mscstr.h 23 Apr 2004 18:43:06 -0000 1.2
++++ xc/include/extensions/xf86mscstr.h 15 Dec 2004 00:34:34 -0000 1.3
+@@ -14,7 +14,7 @@
+ #define XF86MISCNAME "XFree86-Misc"
+
+ #define XF86MISC_MAJOR_VERSION 0 /* current version numbers */
+-#define XF86MISC_MINOR_VERSION 8
++#define XF86MISC_MINOR_VERSION 9
+
+ typedef struct _XF86MiscQueryVersion {
+ CARD8 reqType; /* always XF86MiscReqCode */
+Index: xc/programs/Xserver/Xext/xf86misc.c
+--- xc/programs/Xserver/Xext/xf86misc.c 2003/11/14 16:48:52
++++ xc/programs/Xserver/Xext/xf86misc.c 2004/12/15 15:05:35
+@@ -1,4 +1,4 @@
+-/* $XFree86: xc/programs/Xserver/Xext/xf86misc.c,v 3.38 2003/04/03 16:15:47 dawes Exp $ */
++/* $XFree86: xc/programs/Xserver/Xext/xf86misc.c,v 3.41 2003/11/17 22:20:27 dawes Exp $ */
+
+ /*
+ * Copyright (c) 1995, 1996 The XFree86 Project, Inc
+@@ -54,9 +54,7 @@
+ #define MPRIV(c) ((c)->devPrivates[MiscClientPrivateIndex].ptr)
+
+ static void XF86MiscResetProc(
+-#if NeedFunctionPrototypes
+ ExtensionEntry* /* extEntry */
+-#endif
+ );
+
+ static void
+@@ -104,7 +102,9 @@
+ static DISPATCH_PROC(SProcXF86MiscSetSaver);
+ #endif
+
++#if 0
+ static unsigned char XF86MiscReqCode = 0;
++#endif
+
+ #ifdef DEBUG
+ # define DEBUG_P(x) ErrorF(x"\n");
+@@ -150,7 +150,9 @@
+ SProcXF86MiscDispatch,
+ XF86MiscResetProc,
+ StandardMinorOpcode))) {
++#if 0
+ XF86MiscReqCode = (unsigned char)extEntry->base;
++#endif
+ miscErrorBase = extEntry->errorBase;
+ }
+ }
+@@ -356,14 +358,13 @@
+
+ if (xf86GetVerbosity() > 1) {
+ ErrorF("SetMouseSettings - type: %d brate: %d srate: %d chdmid: %d\n",
+- stuff->mousetype, stuff->baudrate,
+- stuff->samplerate, stuff->chordmiddle);
+- ErrorF(" em3but: %d em3tim: %d res: %d flags: %d\n",
+- stuff->emulate3buttons, stuff->emulate3timeout,
+- stuff->resolution, stuff->flags);
++ (int)stuff->mousetype, (int)stuff->baudrate,
++ (int)stuff->samplerate, stuff->chordmiddle);
++ ErrorF(" em3but: %d em3tim: %d res: %d flags: %ld\n",
++ stuff->emulate3buttons, (int)stuff->emulate3timeout,
++ (int)stuff->resolution, (unsigned long)stuff->flags);
+ }
+
+-
+ if ((mouse = MiscExtCreateStruct(MISC_POINTER)) == (pointer) 0)
+ return BadAlloc;
+
+@@ -429,8 +430,8 @@
+
+ if (xf86GetVerbosity() > 1)
+ ErrorF("SetKbdSettings - type: %d rate: %d delay: %d snumlk: %d\n",
+- stuff->kbdtype, stuff->rate,
+- stuff->delay, stuff->servnumlock);
++ (int)stuff->kbdtype, (int)stuff->rate,
++ (int)stuff->delay, stuff->servnumlock);
+
+ if ((kbd = MiscExtCreateStruct(MISC_KEYBOARD)) == (pointer) 0)
+ return BadAlloc;
+@@ -581,20 +582,29 @@
+ strncpy(msgtype,(char*)(&stuff[1]),stuff->typelen);
+ } else return BadValue;
+ if (stuff->vallen) {
+- if (!(msgval = xalloc(stuff->vallen)))
++ if (!(msgval = xalloc(stuff->vallen))) {
++ xfree(msgtype);
+ return BadAlloc;
+- strncpy(msgval,(char*)(&stuff[1] + ((stuff->typelen + 3) & ~3)),
++ }
++ strncpy(msgval,(char*)((char*)&stuff[1] + ((stuff->typelen + 3) & ~3)),
+ stuff->vallen);
+- } else return BadValue;
++ } else {
++ xfree(msgtype);
++ return BadValue;
++ }
+
+- if ((retval= MiscExtPassMessage(stuff->screen,msgtype,msgval,&retstr)) != 0)
++ if ((retval = MiscExtPassMessage(stuff->screen,msgtype,msgval,&retstr)) != 0) {
++ xfree(msgtype);
++ xfree(msgval);
+ return retval;
++ }
+
+ rep.type = X_Reply;
+ rep.sequenceNumber = client->sequence;
+ rep.mesglen = (retstr? strlen(retstr): 0);
+ rep.length = (SIZEOF(xXF86MiscPassMessageReply) - SIZEOF(xGenericReply) +
+ ((rep.mesglen + 3) & ~3)) >> 2;
++ rep.status = 0;
+
+ if (client->swapped) {
+ swaps(&rep.sequenceNumber, n);
+@@ -606,6 +616,9 @@
+ if (rep.mesglen)
+ WriteToClient(client, rep.mesglen, (char *)retstr);
+
++ xfree(msgtype);
++ xfree(msgval);
++
+ return (client->noClientException);
+ }
+
Reply to: