xorg-server: Changes to 'ubuntu'
debian/changelog | 20 ++++
debian/patches/159_xkb_default_to_null.diff | 114 ++++++++++++++++++++++++++
debian/patches/160_default_to_intel.diff | 13 ++
debian/patches/161_fix_big_endian_cursor.diff | 25 +++++
debian/patches/162_cve-2007-6429.diff | 39 ++++++++
debian/patches/163_fix_untrusted_access.diff | 20 ++++
debian/patches/164_fix_context_sharing.diff | 35 +++++++
debian/patches/series | 6 +
8 files changed, 272 insertions(+)
New commits:
commit 2f0a5493bb6b929c50608da4a04c99464c77b6ad
Author: Timo Aaltonen <tjaalton@cc.hut.fi>
Date: Wed Apr 9 14:11:28 2008 +0300
Actually add the patches this time.
diff --git a/debian/patches/160_default_to_intel.diff b/debian/patches/160_default_to_intel.diff
new file mode 100644
index 0000000..caf02c6
--- /dev/null
+++ b/debian/patches/160_default_to_intel.diff
@@ -0,0 +1,13 @@
+Index: xorg-server/hw/xfree86/common/xf86AutoConfig.c
+===================================================================
+--- xorg-server.orig/hw/xfree86/common/xf86AutoConfig.c 2008-03-31 09:57:50.000000000 +0300
++++ xorg-server/hw/xfree86/common/xf86AutoConfig.c 2008-03-31 09:57:57.000000000 +0300
+@@ -180,7 +180,7 @@
+ case 0x8108:
+ return "psb";
+ default:
+- return "i810";
++ return "intel";
+ }
+ case 0x102b: return "mga";
+ case 0x10c8: return "neomagic";
diff --git a/debian/patches/161_fix_big_endian_cursor.diff b/debian/patches/161_fix_big_endian_cursor.diff
new file mode 100644
index 0000000..3e4f3e9
--- /dev/null
+++ b/debian/patches/161_fix_big_endian_cursor.diff
@@ -0,0 +1,25 @@
+From: Michel Dänzer <michel@tungstengraphics.com>
+Date: Thu, 20 Mar 2008 13:18:29 +0000 (-0400)
+Subject: Fix RandR 1.2 driver interface conversion of two colour cursors to ARGB
+X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=da973e962d09854b571320dee7dd9569060bc39e
+
+Fix RandR 1.2 driver interface conversion of two colour cursors to ARGB
+
+This patch (and not setting HARDWARE_CURSOR_BIT_ORDER_MSBFIRST on big endian
+platforms) fixes it for me with the radeon driver and doesn't break intel.
+
+Correct patch this time :)
+---
+
+--- a/hw/xfree86/modes/xf86Cursors.c
++++ b/hw/xfree86/modes/xf86Cursors.c
+@@ -137,7 +137,8 @@ cursor_bitpos (int flags, int x, Bool ma
+ mask = !mask;
+ if (flags & HARDWARE_CURSOR_NIBBLE_SWAPPED)
+ x = (x & ~3) | (3 - (x & 3));
+- if (flags & HARDWARE_CURSOR_BIT_ORDER_MSBFIRST)
++ if (((flags & HARDWARE_CURSOR_BIT_ORDER_MSBFIRST) == 0) ==
++ (X_BYTE_ORDER == X_BIG_ENDIAN))
+ x = (x & ~7) | (7 - (x & 7));
+ if (flags & HARDWARE_CURSOR_SOURCE_MASK_INTERLEAVE_1)
+ x = (x << 1) + mask;
diff --git a/debian/patches/162_cve-2007-6429.diff b/debian/patches/162_cve-2007-6429.diff
new file mode 100644
index 0000000..7b6ccbb
--- /dev/null
+++ b/debian/patches/162_cve-2007-6429.diff
@@ -0,0 +1,39 @@
+From: Matthias Hopf <mhopf@suse.de>
+Date: Mon, 21 Jan 2008 15:13:21 +0000 (+0100)
+Subject: CVE-2007-6429: Always test for size+offset wrapping.
+X-Git-Tag: xf-3_9_16Z / xf-3_9_16d / xf-3_9_16e / xf-3_9_16f
+X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=44f46bfb981ca69515dafc520f62f33654711194
+
+CVE-2007-6429: Always test for size+offset wrapping.
+---
+
+--- a/Xext/shm.c
++++ b/Xext/shm.c
+@@ -753,10 +753,10 @@ CreatePmap:
+ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
+ if (size < width * height)
+ return BadAlloc;
+- /* thankfully, offset is unsigned */
+- if (stuff->offset + size < size)
+- return BadAlloc;
+ }
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
+
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+
+@@ -1098,10 +1098,10 @@ CreatePmap:
+ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
+ if (size < width * height)
+ return BadAlloc;
+- /* thankfully, offset is unsigned */
+- if (stuff->offset + size < size)
+- return BadAlloc;
+ }
++ /* thankfully, offset is unsigned */
++ if (stuff->offset + size < size)
++ return BadAlloc;
+
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
+ pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
diff --git a/debian/patches/163_fix_untrusted_access.diff b/debian/patches/163_fix_untrusted_access.diff
new file mode 100644
index 0000000..7dc1fb7
--- /dev/null
+++ b/debian/patches/163_fix_untrusted_access.diff
@@ -0,0 +1,20 @@
+From: Eamon Walsh <ewalsh@tycho.nsa.gov>
+Date: Fri, 15 Feb 2008 00:47:44 +0000 (-0500)
+Subject: security: Fix for Bug #14480: untrusted access broken in 7.3.
+X-Git-Tag: xf-3_9_16Z / xf-3_9_16d / xf-3_9_16e / xf-3_9_16f
+X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=74b40bba327a2e97780e8e3f995f784add2d6231
+
+security: Fix for Bug #14480: untrusted access broken in 7.3.
+---
+
+--- a/Xext/security.c
++++ b/Xext/security.c
+@@ -1014,7 +1014,7 @@ CALLBACK(SecurityCheckResourceIDAccess)
+ }
+ else /* server-owned resource - probably a default colormap or root window */
+ {
+- if (RT_WINDOW == rtype || RC_DRAWABLE == rtype)
++ if (RC_DRAWABLE & rtype)
+ {
+ switch (reqtype)
+ { /* the following operations are allowed on root windows */
diff --git a/debian/patches/164_fix_context_sharing.diff b/debian/patches/164_fix_context_sharing.diff
new file mode 100644
index 0000000..72489dc
--- /dev/null
+++ b/debian/patches/164_fix_context_sharing.diff
@@ -0,0 +1,35 @@
+From: Alan Hourihane <alanh@tungstengraphics.com>
+Date: Wed, 27 Feb 2008 16:49:34 +0000 (+0000)
+Subject: Fix context sharing between direct/indirect contexts
+X-Git-Tag: xf-3_9_16Z / xf-3_9_16d / xf-3_9_16e / xf-3_9_16f
+X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=a65d4aed06acd839fb21153f74144498abda3e18
+
+Fix context sharing between direct/indirect contexts
+---
+
+Index: xorg-server/GL/glx/glxdri.c
+===================================================================
+--- xorg-server.orig/GL/glx/glxdri.c 2008-04-09 11:10:49.000000000 +0300
++++ xorg-server/GL/glx/glxdri.c 2008-04-09 11:10:49.000000000 +0300
+@@ -617,6 +617,9 @@
+ else
+ sharePrivate = NULL;
+
++ if (baseShareContext && baseShareContext->isDirect)
++ return NULL;
++
+ context = xalloc(sizeof *context);
+ if (context == NULL)
+ return NULL;
+@@ -636,6 +639,11 @@
+ 0, /* render type */
+ sharePrivate,
+ &context->driContext);
++
++ if (!context->driContext.private) {
++ xfree(context);
++ return NULL;
++ }
+
+ context->driContext.mode = modes;
+
commit 8475d8dfb7b241a096c043b9c05060481a4cac12
Author: Timo Aaltonen <tjaalton@cc.hut.fi>
Date: Wed Apr 9 14:08:14 2008 +0300
Add various patches from the stable branch, and a couple of other fixes.
* 160_default_to_intel.diff:
Default to using intel instead of i810. (LP: #158709)
* 161_fix_big_endian_cursor.diff:
Fix RandR 1.2 driver interface conversion of two colour cursors to
ARGB. (LP: #141118)
* Fixes from the upstream 1.4-branch:
- 162_cve-2007-6429.diff:
CVE-2007-6429: Always test for size+offset wrapping.
- 163_fix_untrusted_access.diff:
Security: Fix for fdo bug #14480: untrusted access broken in 7.3.
- 164_fix_context_sharing.diff:
Fix context sharing between direct/indirect contexts
diff --git a/debian/changelog b/debian/changelog
index 2c91043..c61be9a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,22 @@
-xorg-server (2:1.4.1~git20080131-1ubuntu7) UNRELEASED; urgency=low
+xorg-server (2:1.4.1~git20080131-1ubuntu7) hardy; urgency=low
* 159_xkb_default_to_null.diff:
When copying the keymap, make sure the structs default to 0/NULL.
(LP: #184651)
-
- -- Timo Aaltonen <tepsipakki@ubuntu.com> Mon, 31 Mar 2008 09:49:57 +0300
+ * 160_default_to_intel.diff:
+ Default to using intel instead of i810. (LP: #158709)
+ * 161_fix_big_endian_cursor.diff:
+ Fix RandR 1.2 driver interface conversion of two colour cursors to
+ ARGB. (LP: #141118)
+ * Fixes from the upstream 1.4-branch:
+ - 162_cve-2007-6429.diff:
+ CVE-2007-6429: Always test for size+offset wrapping.
+ - 163_fix_untrusted_access.diff:
+ Security: Fix for fdo bug #14480: untrusted access broken in 7.3.
+ - 164_fix_context_sharing.diff:
+ Fix context sharing between direct/indirect contexts
+
+ -- Timo Aaltonen <tepsipakki@ubuntu.com> Wed, 09 Apr 2008 11:06:04 +0300
xorg-server (2:1.4.1~git20080131-1ubuntu6) hardy; urgency=low
diff --git a/debian/patches/series b/debian/patches/series
index 51ae5c9..c7040ea 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,3 +54,8 @@
157_fix_exa_pixmap_width.diff
158_xkb_wrapping.diff
159_xkb_default_to_null.diff
+160_default_to_intel.diff
+161_fix_big_endian_cursor.diff
+162_cve-2007-6429.diff
+163_fix_untrusted_access.diff
+164_fix_context_sharing.diff
commit b590208367cc0df03dc3114d1e729020a0011602
Author: Timo Aaltonen <tjaalton@cc.hut.fi>
Date: Mon Mar 31 09:55:00 2008 +0300
159_xkb_default_to_null.diff:
When copying the keymap, make sure the structs default to 0/NULL.
(LP: #184651)
diff --git a/debian/changelog b/debian/changelog
index f7d92eb..2c91043 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.4.1~git20080131-1ubuntu7) UNRELEASED; urgency=low
+
+ * 159_xkb_default_to_null.diff:
+ When copying the keymap, make sure the structs default to 0/NULL.
+ (LP: #184651)
+
+ -- Timo Aaltonen <tepsipakki@ubuntu.com> Mon, 31 Mar 2008 09:49:57 +0300
+
xorg-server (2:1.4.1~git20080131-1ubuntu6) hardy; urgency=low
* 157_fix_exa_pixmap_width.diff:
diff --git a/debian/patches/159_xkb_default_to_null.diff b/debian/patches/159_xkb_default_to_null.diff
new file mode 100644
index 0000000..ee51c0c
--- /dev/null
+++ b/debian/patches/159_xkb_default_to_null.diff
@@ -0,0 +1,114 @@
+From: Peter Hutterer <peter@cs.unisa.edu.au>
+Date: Thu, 7 Feb 2008 05:18:04 +0000 (+1030)
+Subject: xkb: when copying the keymap, make sure the structs default to 0/NULL.
+X-Git-Url: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=7018f280406eb0ef899a4046de274cfdd582881b
+
+xkb: when copying the keymap, make sure the structs default to 0/NULL.
+
+It actually does help if a pointer is NULL rather than pointing to nirvana
+when you're trying to free it lateron. Who would have thought?
+---
+
+--- a/xkb/xkbUtils.c
++++ b/xkb/xkbUtils.c
+@@ -1730,9 +1730,8 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ else {
+ if (dst->geom->sz_shapes) {
+ xfree(dst->geom->shapes);
+- dst->geom->shapes = NULL;
+ }
+-
++ dst->geom->shapes = NULL;
+ dst->geom->num_shapes = 0;
+ dst->geom->sz_shapes = 0;
+ }
+@@ -1781,6 +1780,7 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ }
+
+ dst->geom->num_sections = 0;
++ dst->geom->sections = NULL;
+ }
+
+ if (src->geom->num_sections) {
+@@ -1792,6 +1792,7 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ tmp = xalloc(src->geom->num_sections * sizeof(XkbSectionRec));
+ if (!tmp)
+ return FALSE;
++ memset(tmp, 0, src->geom->num_sections * sizeof(XkbSectionRec));
+ dst->geom->sections = tmp;
+ dst->geom->num_sections = src->geom->num_sections;
+
+@@ -1828,6 +1829,10 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ return FALSE;
+ dsection->doodads = tmp;
+ }
++ else {
++ dsection->doodads = NULL;
++ }
++
+ for (k = 0,
+ sdoodad = ssection->doodads,
+ ddoodad = dsection->doodads;
+@@ -1855,9 +1860,9 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ else {
+ if (dst->geom->sz_sections) {
+ xfree(dst->geom->sections);
+- dst->geom->sections = NULL;
+ }
+
++ dst->geom->sections = NULL;
+ dst->geom->num_sections = 0;
+ dst->geom->sz_sections = 0;
+ }
+@@ -1886,6 +1891,8 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ }
+ }
+ }
++ dst->geom->num_doodads = 0;
++ dst->geom->doodads = NULL;
+ }
+
+ if (src->geom->num_doodads) {
+@@ -1898,7 +1905,7 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ sizeof(XkbDoodadRec));
+ if (!tmp)
+ return FALSE;
+- bzero(tmp, src->geom->num_doodads * sizeof(XkbDoodadRec));
++ memset(tmp, 0, src->geom->num_doodads * sizeof(XkbDoodadRec));
+ dst->geom->doodads = tmp;
+
+ dst->geom->sz_doodads = src->geom->num_doodads;
+@@ -1927,9 +1934,9 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ else {
+ if (dst->geom->sz_doodads) {
+ xfree(dst->geom->doodads);
+- dst->geom->doodads = NULL;
+ }
+
++ dst->geom->doodads = NULL;
+ dst->geom->num_doodads = 0;
+ dst->geom->sz_doodads = 0;
+ }
+@@ -1957,10 +1964,10 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ dst->geom->num_key_aliases = dst->geom->sz_key_aliases;
+ }
+ else {
+- if (dst->geom->sz_key_aliases && dst->geom->key_aliases) {
++ if (dst->geom->key_aliases) {
+ xfree(dst->geom->key_aliases);
+- dst->geom->key_aliases = NULL;
+ }
++ dst->geom->key_aliases = NULL;
+ dst->geom->num_key_aliases = 0;
+ dst->geom->sz_key_aliases = 0;
+ }
+@@ -1991,8 +1998,8 @@ XkbCopyKeymap(XkbDescPtr src, XkbDescPtr
+ else {
+ if (dst->geom->label_font) {
+ xfree(dst->geom->label_font);
+- dst->geom->label_font = NULL;
+ }
++ dst->geom->label_font = NULL;
+ dst->geom->label_color = NULL;
+ dst->geom->base_color = NULL;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 83f6f69..51ae5c9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -53,3 +53,4 @@
156_resize_composite_overlay.diff
157_fix_exa_pixmap_width.diff
158_xkb_wrapping.diff
+159_xkb_default_to_null.diff
Reply to: