xorg-server: Changes to 'ubuntu'
debian/changelog | 10 ++
debian/patches/122_xext_fix_card32_overflow_in_xauth.patch | 51 +++++++++++++
debian/patches/series | 1
3 files changed, 62 insertions(+)
New commits:
commit c500501be8906e4b2c5459bb0cc2db2180cb2709
Author: Bryce Harrington <bryce@bryceharrington.org>
Date: Thu Apr 15 14:11:03 2010 -0700
Release
diff --git a/debian/changelog b/debian/changelog
index 442915f..251c6be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,7 +6,7 @@ xorg-server (2:1.7.6-2ubuntu6) lucid; urgency=low
dropped in favor of whatever upstream decides to include.
(LP: #519049)
- -- Bryce Harrington <bryce@ubuntu.com> Thu, 15 Apr 2010 14:02:00 -0700
+ -- Bryce Harrington <bryce@ubuntu.com> Thu, 15 Apr 2010 14:10:53 -0700
xorg-server (2:1.7.6-2ubuntu5) lucid; urgency=low
commit 80466a6e56e3f7a564a2e858ccb50e07c6d05f1a
Author: Bryce Harrington <bryce@bryceharrington.org>
Date: Thu Apr 15 14:09:15 2010 -0700
Add check for bounds on millis variable to prevent xauth overflow
from triggering an assertion.
diff --git a/debian/changelog b/debian/changelog
index 22b2e1c..442915f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+xorg-server (2:1.7.6-2ubuntu6) lucid; urgency=low
+
+ * Add 122_xext_fix_card32_overflow_in_xauth.patch: Prevent overflow
+ of a CARD32 variable millis by doing bounds checking. This is a
+ patch currently in discussion at fdo #27134, so this patch can be
+ dropped in favor of whatever upstream decides to include.
+ (LP: #519049)
+
+ -- Bryce Harrington <bryce@ubuntu.com> Thu, 15 Apr 2010 14:02:00 -0700
+
xorg-server (2:1.7.6-2ubuntu5) lucid; urgency=low
* Update patches in previous upload to fix FTBS issue.
diff --git a/debian/patches/122_xext_fix_card32_overflow_in_xauth.patch b/debian/patches/122_xext_fix_card32_overflow_in_xauth.patch
new file mode 100644
index 0000000..840627b
--- /dev/null
+++ b/debian/patches/122_xext_fix_card32_overflow_in_xauth.patch
@@ -0,0 +1,51 @@
+From 90f69d758dee4e3b6c1f8955642682a28da3b153 Mon Sep 17 00:00:00 2001
+From: Arvind Umrao <arvind.umrao@sun.com>
+Date: Wed, 7 Apr 2010 22:12:07 +0530
+
+Subject: [PATCH] [PATCH] Xext: "xauth generate" with large timeout crashes Xorg #27134
+ Signed-off-by: Arvind Umrao <arvind.umrao@sun.com>
+
+Description of the change:
+
+bug https://bugs.freedesktop.org/show_bug.cgi?id=27134
+
+This coredump is happening because of assertion at ( Xext/security.c line:325 assert(pAuth->timer == timer)
+
+Overflow of CARD32 happens at ( os/WaitFor.c line:458 millis += now )
+
+This bug could be fixed in couple of ways.
+a) Using CARD64 for variable millis. But even after storing millisec time in 64 bits variable, we can get coredump when timeout is very large.
+b) Removing assert statement, but it is not a good fix.
+c) By checking maximum possible value of timeout, so that overflow of variable millis does not happen.
+
+I have fixed this problem by checking maximum possible value of timeout, so that overflow of variable millis(size CARD32) doees not happen. Maximum timeout is possible only between range 0 to ( MAX_Value(CARD32) - CurrentTime)
+
+---
+ Xext/security.c | 10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/Xext/security.c b/Xext/security.c
+index af8d205..6d2e36e 100644
+--- a/Xext/security.c
++++ b/Xext/security.c
+@@ -280,11 +280,13 @@ SecurityComputeAuthorizationTimeout(
+ * 32 bits worth of milliseconds
+ */
+ CARD32 maxSecs = (CARD32)(~0) / (CARD32)MILLI_PER_SECOND;
++ CARD32 nowSec = GetTimeInMillis()/ (CARD32)MILLI_PER_SECOND;
+
+- if (seconds > maxSecs)
+- { /* only come here if we want to wait more than 49 days */
+- pAuth->secondsRemaining = seconds - maxSecs;
+- return maxSecs * MILLI_PER_SECOND;
++ CARD32 maxPossibleSec = maxSecs - nowSec;
++ if (seconds > maxPossibleSec -1 )
++ {
++ pAuth->secondsRemaining = seconds - maxPossibleSec;
++ return maxPossibleSec * MILLI_PER_SECOND;
+ }
+ else
+ { /* by far the common case */
+--
+1.5.6.5
+
diff --git a/debian/patches/series b/debian/patches/series
index 3118710..eb9e37c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -32,6 +32,7 @@
117_fix_crash_with_createglyphset.patch
118_xkb_fix_garbage_init.patch
121_only_switch_vt_when_active.diff
+122_xext_fix_card32_overflow_in_xauth.patch
#143_default_to_vesa.patch
157_check_null_modes.patch
162_null_crtc_in_rotation.patch
Reply to: