xorg-server: Changes to 'debian-squeeze'

To: debian-x@lists.debian.org
Subject: xorg-server: Changes to 'debian-squeeze'
From: Julien Cristau <jcristau@moszumanska.debian.org>
Date: Wed, 25 Dec 2013 09:48:35 +0000
Message-id: <[🔎] E1Vvl4t-0005z4-2h@moszumanska.debian.org>

 debian/changelog                     |    7 ++++
 debian/patches/25-CVE-2013-6424.diff |   50 +++++++++++++++++++++++++++++++++++
 debian/patches/series                |    3 +-
 3 files changed, 59 insertions(+), 1 deletion(-)

New commits:
commit c8328c3185dc44e8167cdf46a0b11e555fadc130
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Dec 17 20:23:01 2013 +0100

    exa: only draw valid trapezoids
    
    Addresses CVE-2013-6424

diff --git a/debian/changelog b/debian/changelog
index 6efa612..6e176e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.7.7-18) squeeze-security; urgency=high
+
+  * exa: only draw valid trapezoids
+    Addresses CVE-2013-6424
+
+ -- Julien Cristau <jcristau@debian.org>  Tue, 17 Dec 2013 20:21:57 +0100
+
 xorg-server (2:1.7.7-17) squeeze-security; urgency=low
 
   * CVE-2013-4396
diff --git a/debian/patches/25-CVE-2013-6424.diff b/debian/patches/25-CVE-2013-6424.diff
new file mode 100644
index 0000000..aacc6f2
--- /dev/null
+++ b/debian/patches/25-CVE-2013-6424.diff
@@ -0,0 +1,50 @@
+From patchwork Wed Oct  2 13:47:54 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: exa: only draw valid trapezoids
+From: Maarten Lankhorst <maarten.lankhorst@canonical.com>
+X-Patchwork-Id: 14769
+Message-Id: <524C240A.9010607@canonical.com>
+To: "X.Org Devel List" <xorg-devel@lists.freedesktop.org>
+Date: Wed, 02 Oct 2013 15:47:54 +0200
+
+Fixes freedesktop.org bug https://bugs.freedesktop.org/show_bug.cgi?id=67484
+
+If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly.
+A similar fix should also be applied to pixman.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
+
+---
+
+
+Index: xorg-server/exa/exa_render.c
+===================================================================
+--- xorg-server.orig/exa/exa_render.c
++++ xorg-server/exa/exa_render.c
+@@ -1174,8 +1174,9 @@ exaTrapezoids (CARD8 op, PicturePtr pSrc
+ 
+ 	exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ 	for (; ntrap; ntrap--, traps++)
+-	    (*ps->RasterizeTrapezoid) (pPicture, traps,
+-				       -bounds.x1, -bounds.y1);
++	    if (xTrapezoidValid(traps))
++		(*ps->RasterizeTrapezoid) (pPicture, traps,
++					   -bounds.x1, -bounds.y1);
+ 	exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ 
+ 	xRel = bounds.x1 + xSrc - xDst;
+Index: xorg-server/render/picture.h
+===================================================================
+--- xorg-server.orig/render/picture.h
++++ xorg-server/render/picture.h
+@@ -211,7 +211,7 @@ typedef	pixman_fixed_t	xFixed;
+ /* whether 't' is a well defined not obviously empty trapezoid */
+ #define xTrapezoidValid(t)  ((t)->left.p1.y != (t)->left.p2.y && \
+ 			     (t)->right.p1.y != (t)->right.p2.y && \
+-			     (int) ((t)->bottom - (t)->top) > 0)
++			     ((t)->bottom > (t)->top))
+ 
+ /*
+  * Standard NTSC luminance conversions:
diff --git a/debian/patches/series b/debian/patches/series
index 833b3ce..cf4a27b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,4 +22,5 @@
 21-device-mode-list.diff
 22-stop-searching-for-xf86config-files
 23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff
-24-CVE-2013-4396.diff
\ No newline at end of file
+24-CVE-2013-4396.diff
+25-CVE-2013-6424.diff

Reply to:

Prev by Date: xorg-server: Changes to 'refs/tags/xorg-server-2_1.7.7-18'
Next by Date: pixman: Changes to 'refs/tags/pixman-0.16.4-1+deb6u1'
Previous by thread: xorg-server: Changes to 'debian-squeeze'
Next by thread: Re: Fixing CVE-2013-4396 in squeeze-backports
Index(es):
- Date
- Thread