xorg-server: Changes to 'ubuntu-quantal'
debian/changelog | 12 ++++++-
debian/patches/CVE-2013-1940.patch | 36 +++++++++++++++++++++
debian/patches/dix-fix-zaphod-screen-crossing.diff | 36 +++++++++++++++++++++
debian/patches/series | 2 +
4 files changed, 85 insertions(+), 1 deletion(-)
New commits:
commit e2b34b1ba3b2ac2c2b640b62b8a6523b6fbcb180
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Thu Oct 10 17:03:01 2013 +0300
release to quantal-proposed
diff --git a/debian/changelog b/debian/changelog
index ea66b01..34114b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-xorg-server (2:1.13.0-0ubuntu6.3) UNRELEASED; urgency=low
+xorg-server (2:1.13.0-0ubuntu6.3) quantal-proposed; urgency=low
[ Maarten Lankhorst ]
* add patch to fix starting xorg-server with no outputs connected (LP: #1122072)
commit e647875e48767186ef99594e444af3cd0b09b274
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Thu Oct 10 16:41:28 2013 +0300
include changes from -0u6.2
diff --git a/debian/changelog b/debian/changelog
index 5ab2f01..ea66b01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-xorg-server (2:1.13.0-0ubuntu6.2) UNRELEASED; urgency=low
+xorg-server (2:1.13.0-0ubuntu6.3) UNRELEASED; urgency=low
[ Maarten Lankhorst ]
* add patch to fix starting xorg-server with no outputs connected (LP: #1122072)
@@ -15,6 +15,15 @@ xorg-server (2:1.13.0-0ubuntu6.2) UNRELEASED; urgency=low
-- Maarten Lankhorst <maarten.lankhorst@ubuntu.com> Tue, 12 Feb 2013 15:18:32 +0100
+xorg-server (2:1.13.0-0ubuntu6.2) quantal-security; urgency=low
+
+ * SECURITY UPDATE: input event leak via inactive VT
+ - debian/patches/CVE-2013-1940.patch: fix flush input to work with
+ Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
+ - CVE-2013-1940
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Apr 2013 08:08:53 -0400
+
xorg-server (2:1.13.0-0ubuntu6.1) quantal-proposed; urgency=low
[ Maarten Lankhorst ]
diff --git a/debian/patches/CVE-2013-1940.patch b/debian/patches/CVE-2013-1940.patch
new file mode 100644
index 0000000..0c45279
--- /dev/null
+++ b/debian/patches/CVE-2013-1940.patch
@@ -0,0 +1,36 @@
+From 88394b5cf39f298ebaa9a8ce4ace9bef14c2c6ee Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@gmail.com>
+Date: Wed, 10 Apr 2013 16:09:01 +1000
+Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.
+
+So when we VT switch back and attempt to flush the input devices,
+we don't succeed because evdev won't return part of an event,
+since we were only asking for 4 bytes, we'd only get -EINVAL back.
+
+This could later cause events to be flushed that we shouldn't have
+gotten.
+
+This is a fix for CVE-2013-1940.
+
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+---
+ hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
+index ab3757a..4d08c1e 100644
+--- a/hw/xfree86/os-support/shared/posix_tty.c
++++ b/hw/xfree86/os-support/shared/posix_tty.c
+@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
+ {
+ fd_set fds;
+ struct timeval timeout;
+- char c[4];
++ /* this needs to be big enough to flush an evdev event. */
++ char c[256];
+
+ DebugF("FlushingSerial\n");
+ if (tcflush(fd, TCIFLUSH) == 0)
+--
+1.8.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 31cd601..fa24ae9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -37,6 +37,7 @@ fixup-headless.patch
## from upstream, drop when rebasing to a new version
229_udev-fix.diff
+CVE-2013-1940.patch
230-fix-compat-output-selection.patch
231-scan-pci-after-probing-devices.patch
237-dix-set-the-device-transformation-matrix.patch
commit d049624a843a7dda9d057d137bf21f1f90633c03
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Thu Oct 10 16:35:48 2013 +0300
dix-fix-zaphod-screen-crossing.diff: Fix pointer screen crossing. (LP: #1068920)
diff --git a/debian/changelog b/debian/changelog
index 3bd3317..5ab2f01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ xorg-server (2:1.13.0-0ubuntu6.2) UNRELEASED; urgency=low
[ Timo Aaltonen ]
* Fix patch 500 to apply.
+ * dix-fix-zaphod-screen-crossing.diff: Fix pointer screen crossing. (LP: #1068920)
-- Maarten Lankhorst <maarten.lankhorst@ubuntu.com> Tue, 12 Feb 2013 15:18:32 +0100
diff --git a/debian/patches/dix-fix-zaphod-screen-crossing.diff b/debian/patches/dix-fix-zaphod-screen-crossing.diff
new file mode 100644
index 0000000..b097334
--- /dev/null
+++ b/debian/patches/dix-fix-zaphod-screen-crossing.diff
@@ -0,0 +1,36 @@
+commit e7cd5cce740e653000fb1192b600268dcf77dde2
+Author: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu Oct 18 15:11:31 2012 +1000
+
+ dix: fix zaphod screen scrossing (#54654)
+
+ POINTER_SCREEN coordinates are screen-relative. For a Zaphod setup, the
+ coordinates after a screen crossing are already relative to the new screen's
+ origin. Add that offset to the coordinates before re-setting.
+
+ regression introduced by
+ commit bafbd99080be49a17be97d2cc758fbe623369945
+ Author: Peter Hutterer <peter.hutterer@who-t.net>
+ Date: Wed Aug 8 11:34:32 2012 +1000
+
+ dix: work around scaling issues during WarpPointer (#53037)
+
+ X.Org Bug 54654 <http://bugs.freedesktop.org/show_bug.cgi?id=54654>
+
+ Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+ Reviewed-by: Keith Packard <keithp@keithp.com>
+
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -1414,8 +1414,9 @@ fill_pointer_events(InternalEvent *event
+ coordinates were.
+ */
+ if (flags & POINTER_SCREEN) {
+- screenx = sx;
+- screeny = sy;
++ scr = miPointerGetScreen(pDev);
++ screenx = sx + scr->x;
++ screeny = sy + scr->y;
+ }
+
+ scr = positionSprite(pDev, (flags & POINTER_ABSOLUTE) ? Absolute : Relative,
diff --git a/debian/patches/series b/debian/patches/series
index 47f907b..31cd601 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -41,3 +41,4 @@ fixup-headless.patch
231-scan-pci-after-probing-devices.patch
237-dix-set-the-device-transformation-matrix.patch
238-fix-erratic-cursor-movement.patch
+dix-fix-zaphod-screen-crossing.diff
Reply to: