xorg-server: Changes to 'ubuntu'

To: debian-x@lists.debian.org
Subject: xorg-server: Changes to 'ubuntu'
From: Bryce Harrington <bryce-guest@alioth.debian.org>
Date: Thu, 15 Apr 2010 21:11:35 +0000
Message-id: <[🔎] E1O2WLX-0006mm-2P@alioth.debian.org>

 debian/changelog                                           |   10 ++
 debian/patches/122_xext_fix_card32_overflow_in_xauth.patch |   51 +++++++++++++
 debian/patches/series                                      |    1 
 3 files changed, 62 insertions(+)

New commits:
commit c500501be8906e4b2c5459bb0cc2db2180cb2709
Author: Bryce Harrington <bryce@bryceharrington.org>
Date:   Thu Apr 15 14:11:03 2010 -0700

    Release

diff --git a/debian/changelog b/debian/changelog
index 442915f..251c6be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,7 +6,7 @@ xorg-server (2:1.7.6-2ubuntu6) lucid; urgency=low
     dropped in favor of whatever upstream decides to include.
     (LP: #519049)
 
- -- Bryce Harrington <bryce@ubuntu.com>  Thu, 15 Apr 2010 14:02:00 -0700
+ -- Bryce Harrington <bryce@ubuntu.com>  Thu, 15 Apr 2010 14:10:53 -0700
 
 xorg-server (2:1.7.6-2ubuntu5) lucid; urgency=low
 

commit 80466a6e56e3f7a564a2e858ccb50e07c6d05f1a
Author: Bryce Harrington <bryce@bryceharrington.org>
Date:   Thu Apr 15 14:09:15 2010 -0700

    Add check for bounds on millis variable to prevent xauth overflow
    from triggering an assertion.

diff --git a/debian/changelog b/debian/changelog
index 22b2e1c..442915f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+xorg-server (2:1.7.6-2ubuntu6) lucid; urgency=low
+
+  * Add 122_xext_fix_card32_overflow_in_xauth.patch:  Prevent overflow 
+    of a CARD32 variable millis by doing bounds checking.  This is a 
+    patch currently in discussion at fdo #27134, so this patch can be
+    dropped in favor of whatever upstream decides to include.
+    (LP: #519049)
+
+ -- Bryce Harrington <bryce@ubuntu.com>  Thu, 15 Apr 2010 14:02:00 -0700
+
 xorg-server (2:1.7.6-2ubuntu5) lucid; urgency=low
 
   * Update patches in previous upload to fix FTBS issue.
diff --git a/debian/patches/122_xext_fix_card32_overflow_in_xauth.patch b/debian/patches/122_xext_fix_card32_overflow_in_xauth.patch
new file mode 100644
index 0000000..840627b
--- /dev/null
+++ b/debian/patches/122_xext_fix_card32_overflow_in_xauth.patch
@@ -0,0 +1,51 @@
+From 90f69d758dee4e3b6c1f8955642682a28da3b153 Mon Sep 17 00:00:00 2001
+From: Arvind Umrao <arvind.umrao@sun.com>
+Date: Wed, 7 Apr 2010 22:12:07 +0530
+
+Subject: [PATCH] [PATCH] Xext: "xauth generate" with large timeout crashes Xorg #27134
+ Signed-off-by: Arvind Umrao <arvind.umrao@sun.com>
+
+Description of the change:
+
+bug https://bugs.freedesktop.org/show_bug.cgi?id=27134 
+
+This coredump is happening because of assertion at  ( Xext/security.c line:325	 assert(pAuth->timer == timer)
+
+Overflow of CARD32 happens at ( os/WaitFor.c line:458  millis += now )
+
+This bug could be fixed in couple of ways.
+a) Using CARD64 for variable millis.  But even after storing millisec time in 64 bits variable, we can get coredump when timeout is very large.
+b) Removing assert statement, but it is not a good fix.
+c) By checking maximum possible value of timeout, so that overflow of variable millis does not happen.
+
+I have fixed this problem by checking maximum possible value of timeout, so that overflow of variable millis(size CARD32) doees not happen. Maximum timeout is possible only between range 0 to ( MAX_Value(CARD32) - CurrentTime)
+
+---
+ Xext/security.c |   10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/Xext/security.c b/Xext/security.c
+index af8d205..6d2e36e 100644
+--- a/Xext/security.c
++++ b/Xext/security.c
+@@ -280,11 +280,13 @@ SecurityComputeAuthorizationTimeout(
+      * 32 bits worth of milliseconds
+      */
+     CARD32 maxSecs = (CARD32)(~0) / (CARD32)MILLI_PER_SECOND;
++    CARD32 nowSec = GetTimeInMillis()/ (CARD32)MILLI_PER_SECOND;
+ 
+-    if (seconds > maxSecs)
+-    { /* only come here if we want to wait more than 49 days */
+-	pAuth->secondsRemaining = seconds - maxSecs;
+-	return maxSecs * MILLI_PER_SECOND;
++    CARD32 maxPossibleSec = maxSecs - nowSec;
++    if (seconds > maxPossibleSec -1 )
++    {
++	pAuth->secondsRemaining = seconds - maxPossibleSec;
++	return maxPossibleSec * MILLI_PER_SECOND;
+     }
+     else
+     { /* by far the common case */
+-- 
+1.5.6.5
+
diff --git a/debian/patches/series b/debian/patches/series
index 3118710..eb9e37c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -32,6 +32,7 @@
 117_fix_crash_with_createglyphset.patch
 118_xkb_fix_garbage_init.patch
 121_only_switch_vt_when_active.diff
+122_xext_fix_card32_overflow_in_xauth.patch
 #143_default_to_vesa.patch
 157_check_null_modes.patch
 162_null_crtc_in_rotation.patch

Reply to:

Prev by Date: Bug#569778: is this still an issue?
Next by Date: compiz: Changes to 'debian-unstable'
Previous by thread: xorg-server: Changes to 'ubuntu'
Next by thread: xorg-server: Changes to 'ubuntu'
Index(es):
- Date
- Thread