xorg-server: Changes to 'ubuntu'

To: debian-x@lists.debian.org
Subject: xorg-server: Changes to 'ubuntu'
From: Christopher Halse Rogers <raof-guest@alioth.debian.org>
Date: Mon, 22 Apr 2013 04:27:54 +0000
Message-id: <[🔎] E1UU8M6-0008Sr-7L@vasks.debian.org>

 debian/changelog                   |    9 +++++++++
 debian/patches/CVE-2013-1940.patch |   35 +++++++++++++++++++++++++++++++++++
 debian/patches/series              |    1 +
 3 files changed, 45 insertions(+)

New commits:
commit defa6b30be20acd877b986f4a1d9e0f3705ab7cd
Author: Jamie Strandboge <jamie@ubuntu.com>
Date:   Mon Apr 22 14:27:21 2013 +1000

    Release package with patch for CVE-2013-1940

diff --git a/debian/changelog b/debian/changelog
index d4d7dd9..97c7ad9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+xorg-server (2:1.13.3-0ubuntu6) raring; urgency=low
+
+  * SECURITY UPDATE: input event leak via inactive VT
+    - debian/patches/CVE-2013-1940.patch: fix flush input to work with
+      Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
+    - CVE-2013-1940
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 17 Apr 2013 09:41:17 -0500
+
 xorg-server (2:1.13.3-0ubuntu5) raring; urgency=low
 
   [ Bryce Harrington ]
diff --git a/debian/patches/CVE-2013-1940.patch b/debian/patches/CVE-2013-1940.patch
new file mode 100644
index 0000000..af3ff58
--- /dev/null
+++ b/debian/patches/CVE-2013-1940.patch
@@ -0,0 +1,35 @@
+From 88394b5cf39f298ebaa9a8ce4ace9bef14c2c6ee Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@gmail.com>
+Date: Wed, 10 Apr 2013 16:09:01 +1000
+Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.
+
+So when we VT switch back and attempt to flush the input devices,
+we don't succeed because evdev won't return part of an event,
+since we were only asking for 4 bytes, we'd only get -EINVAL back.
+
+This could later cause events to be flushed that we shouldn't have
+gotten.
+
+This is a fix for CVE-2013-1940.
+
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+---
+ hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
+index ab3757a..4d08c1e 100644
+--- a/hw/xfree86/os-support/shared/posix_tty.c
++++ b/hw/xfree86/os-support/shared/posix_tty.c
+@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
+ {
+     fd_set fds;
+     struct timeval timeout;
+-    char c[4];
++    /* this needs to be big enough to flush an evdev event. */
++    char c[256];
+ 
+     DebugF("FlushingSerial\n");
+     if (tcflush(fd, TCIFLUSH) == 0)
+-- 
+1.8.2
diff --git a/debian/patches/series b/debian/patches/series
index d856ee5..b207b1c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -53,3 +53,4 @@ xserver-call-CSR-for-gpus.patch
 xf86-actually-set-the-compat-output-in-the-failure-c.patch
 autoconfig-fixup-tell-changed-so-randr-clients-can-t.patch
 config-add-no-removal.patch
+CVE-2013-1940.patch

Reply to:

Prev by Date: Bug#705818: xserver-xorg-video-intel: No output on external monitor using intel video driver
Next by Date: x11proto-input: Changes to 'upstream-unstable'
Previous by thread: xorg-server: Changes to 'ubuntu'
Next by thread: Re: Bug#704801: libva-intel-vaapi-driver: Intel video i915_drv_video.so fails to load
Index(es):
- Date
- Thread