[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

xorg-server: Changes to 'debian-unstable'

 debian/changelog                         |    6 ++++--
 hw/xfree86/os-support/shared/posix_tty.c |    3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

New commits:
commit 51b262267038302adfb8232c4f654d240df18f40
Author: Julien Cristau <jcristau@debian.org>
Date:   Wed Apr 17 12:12:38 2013 +0200

    Upload to unstable

diff --git a/debian/changelog b/debian/changelog
index 5e0d1a3..a2ef947 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,14 @@
-xorg-server (2:1.12.4-6) UNRELEASED; urgency=low
+xorg-server (2:1.12.4-6) unstable; urgency=low
 
   * Touch: Fix duplicate TouchBegin selection with virtual devices
     (closes: #696272)
   * Xi: Don't check for TOUCH_END, it's never set
   * Xi: Update the device after delivering the emulated pointer event
     (closes: #702662)
+  * xf86: fix flush input to work with Linux evdev devices.  Addresses
+    CVE-2013-1940.
 
- -- Julien Cristau <jcristau@debian.org>  Sun, 03 Mar 2013 19:13:57 +0100
+ -- Julien Cristau <jcristau@debian.org>  Wed, 17 Apr 2013 12:12:30 +0200
 
 xorg-server (2:1.12.4-5) unstable; urgency=low
 

commit e46ce54fa3027b85bba08b0e1fa742043246ae9f
Author: Dave Airlie <airlied@gmail.com>
Date:   Wed Apr 10 16:09:01 2013 +1000

    xf86: fix flush input to work with Linux evdev devices.
    
    So when we VT switch back and attempt to flush the input devices,
    we don't succeed because evdev won't return part of an event,
    since we were only asking for 4 bytes, we'd only get -EINVAL back.
    
    This could later cause events to be flushed that we shouldn't have
    gotten.
    
    This is a fix for CVE-2013-1940.
    
    Signed-off-by: Dave Airlie <airlied@redhat.com>
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
    (cherry picked from commit 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f)

diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
 {
     fd_set fds;
     struct timeval timeout;
-    char c[4];
+    /* this needs to be big enough to flush an evdev event. */
+    char c[256];
 
     DebugF("FlushingSerial\n");
     if (tcflush(fd, TCIFLUSH) == 0)
Reply to: