xorg-server: Changes to 'debian-squeeze'
debian/changelog | 7 ++++
debian/patches/25-CVE-2013-6424.diff | 50 +++++++++++++++++++++++++++++++++++
debian/patches/series | 3 +-
3 files changed, 59 insertions(+), 1 deletion(-)
New commits:
commit c8328c3185dc44e8167cdf46a0b11e555fadc130
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Dec 17 20:23:01 2013 +0100
exa: only draw valid trapezoids
Addresses CVE-2013-6424
diff --git a/debian/changelog b/debian/changelog
index 6efa612..6e176e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.7.7-18) squeeze-security; urgency=high
+
+ * exa: only draw valid trapezoids
+ Addresses CVE-2013-6424
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 17 Dec 2013 20:21:57 +0100
+
xorg-server (2:1.7.7-17) squeeze-security; urgency=low
* CVE-2013-4396
diff --git a/debian/patches/25-CVE-2013-6424.diff b/debian/patches/25-CVE-2013-6424.diff
new file mode 100644
index 0000000..aacc6f2
--- /dev/null
+++ b/debian/patches/25-CVE-2013-6424.diff
@@ -0,0 +1,50 @@
+From patchwork Wed Oct 2 13:47:54 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: exa: only draw valid trapezoids
+From: Maarten Lankhorst <maarten.lankhorst@canonical.com>
+X-Patchwork-Id: 14769
+Message-Id: <524C240A.9010607@canonical.com>
+To: "X.Org Devel List" <xorg-devel@lists.freedesktop.org>
+Date: Wed, 02 Oct 2013 15:47:54 +0200
+
+Fixes freedesktop.org bug https://bugs.freedesktop.org/show_bug.cgi?id=67484
+
+If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly.
+A similar fix should also be applied to pixman.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
+
+---
+
+
+Index: xorg-server/exa/exa_render.c
+===================================================================
+--- xorg-server.orig/exa/exa_render.c
++++ xorg-server/exa/exa_render.c
+@@ -1174,8 +1174,9 @@ exaTrapezoids (CARD8 op, PicturePtr pSrc
+
+ exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ for (; ntrap; ntrap--, traps++)
+- (*ps->RasterizeTrapezoid) (pPicture, traps,
+- -bounds.x1, -bounds.y1);
++ if (xTrapezoidValid(traps))
++ (*ps->RasterizeTrapezoid) (pPicture, traps,
++ -bounds.x1, -bounds.y1);
+ exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+
+ xRel = bounds.x1 + xSrc - xDst;
+Index: xorg-server/render/picture.h
+===================================================================
+--- xorg-server.orig/render/picture.h
++++ xorg-server/render/picture.h
+@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
+ /* whether 't' is a well defined not obviously empty trapezoid */
+ #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
+ (t)->right.p1.y != (t)->right.p2.y && \
+- (int) ((t)->bottom - (t)->top) > 0)
++ ((t)->bottom > (t)->top))
+
+ /*
+ * Standard NTSC luminance conversions:
diff --git a/debian/patches/series b/debian/patches/series
index 833b3ce..cf4a27b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,4 +22,5 @@
21-device-mode-list.diff
22-stop-searching-for-xf86config-files
23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff
-24-CVE-2013-4396.diff
\ No newline at end of file
+24-CVE-2013-4396.diff
+25-CVE-2013-6424.diff
Reply to: