xorg-server: Changes to 'debian-wheezy'
Rebased ref, commits from common ancestor:
commit a641028d50dcd283f7b8957b51885e409471efad
Author: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon Oct 21 16:43:03 2013 +0000
CVE-2013-4396
diff --git a/debian/changelog b/debian/changelog
index a2ef947..cc62327 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg-server (2:1.12.4-6+deb7u1) stable-security; urgency=low
+
+ * CVE-2013-4396
+
+ -- Moritz Muehlenhoff <jmm@debian.org> Mon, 21 Oct 2013 16:43:03 +0000
+
xorg-server (2:1.12.4-6) unstable; urgency=low
* Touch: Fix duplicate TouchBegin selection with virtual devices
diff --git a/debian/patches/14_CVE-2013-4396.diff b/debian/patches/14_CVE-2013-4396.diff
new file mode 100644
index 0000000..f66f763
--- /dev/null
+++ b/debian/patches/14_CVE-2013-4396.diff
@@ -0,0 +1,73 @@
+From 73b2660d7273d175d279d22f8ca0c3932a14ff1c Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Tue, 17 Sep 2013 04:47:16 +0000
+Subject: Avoid use-after-free in dix/dixfonts.c: doImageText() [CVE-2013-4396]
+
+Save a pointer to the passed in closure structure before copying it
+and overwriting the *c pointer to point to our copy instead of the
+original. If we hit an error, once we free(c), reset c to point to
+the original structure before jumping to the cleanup code that
+references *c.
+
+Since one of the errors being checked for is whether the server was
+able to malloc(c->nChars * itemSize), the client can potentially pass
+a number of characters chosen to cause the malloc to fail and the
+error path to be taken, resulting in the read from freed memory.
+
+Since the memory is accessed almost immediately afterwards, and the
+X server is mostly single threaded, the odds of the free memory having
+invalid contents are low with most malloc implementations when not using
+memory debugging features, but some allocators will definitely overwrite
+the memory there, leading to a likely crash.
+
+Reported-by: Pedro Ribeiro <pedrib@gmail.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Julien Cristau <jcristau@debian.org>
+---
+(limited to 'dix/dixfonts.c')
+
+diff --git a/dix/dixfonts.c b/dix/dixfonts.c
+index feb765d..2e34d37 100644
+--- a/dix/dixfonts.c
++++ b/dix/dixfonts.c
+@@ -1425,6 +1425,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+ GC *pGC;
+ unsigned char *data;
+ ITclosurePtr new_closure;
++ ITclosurePtr old_closure;
+
+ /* We're putting the client to sleep. We need to
+ save some state. Similar problem to that handled
+@@ -1436,12 +1437,14 @@ doImageText(ClientPtr client, ITclosurePtr c)
+ err = BadAlloc;
+ goto bail;
+ }
++ old_closure = c;
+ *new_closure = *c;
+ c = new_closure;
+
+ data = malloc(c->nChars * itemSize);
+ if (!data) {
+ free(c);
++ c = old_closure;
+ err = BadAlloc;
+ goto bail;
+ }
+@@ -1452,6 +1455,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+ if (!pGC) {
+ free(c->data);
+ free(c);
++ c = old_closure;
+ err = BadAlloc;
+ goto bail;
+ }
+@@ -1464,6 +1468,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+ FreeScratchGC(pGC);
+ free(c->data);
+ free(c);
++ c = old_closure;
+ err = BadAlloc;
+ goto bail;
+ }
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/debian/patches/series b/debian/patches/series
index c89edaf..923ad3a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@
07_Revert-kinput-allocate-enough-space-for-null-charact.diff
08_xfree86_fix_ia64_inx_outx.diff
09_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.diff
+14_CVE-2013-4396.diff
\ No newline at end of file
commit 51b262267038302adfb8232c4f654d240df18f40
Author: Julien Cristau <jcristau@debian.org>
Date: Wed Apr 17 12:12:38 2013 +0200
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index 5e0d1a3..a2ef947 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,14 @@
-xorg-server (2:1.12.4-6) UNRELEASED; urgency=low
+xorg-server (2:1.12.4-6) unstable; urgency=low
* Touch: Fix duplicate TouchBegin selection with virtual devices
(closes: #696272)
* Xi: Don't check for TOUCH_END, it's never set
* Xi: Update the device after delivering the emulated pointer event
(closes: #702662)
+ * xf86: fix flush input to work with Linux evdev devices. Addresses
+ CVE-2013-1940.
- -- Julien Cristau <jcristau@debian.org> Sun, 03 Mar 2013 19:13:57 +0100
+ -- Julien Cristau <jcristau@debian.org> Wed, 17 Apr 2013 12:12:30 +0200
xorg-server (2:1.12.4-5) unstable; urgency=low
commit e46ce54fa3027b85bba08b0e1fa742043246ae9f
Author: Dave Airlie <airlied@gmail.com>
Date: Wed Apr 10 16:09:01 2013 +1000
xf86: fix flush input to work with Linux evdev devices.
So when we VT switch back and attempt to flush the input devices,
we don't succeed because evdev won't return part of an event,
since we were only asking for 4 bytes, we'd only get -EINVAL back.
This could later cause events to be flushed that we shouldn't have
gotten.
This is a fix for CVE-2013-1940.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f)
diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
{
fd_set fds;
struct timeval timeout;
- char c[4];
+ /* this needs to be big enough to flush an evdev event. */
+ char c[256];
DebugF("FlushingSerial\n");
if (tcflush(fd, TCIFLUSH) == 0)
commit 20ed84995623a01594b55f553058c32c2842bf61
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Mar 12 20:29:35 2013 +0100
Changelog entry
diff --git a/debian/changelog b/debian/changelog
index f844f77..5e0d1a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ xorg-server (2:1.12.4-6) UNRELEASED; urgency=low
* Touch: Fix duplicate TouchBegin selection with virtual devices
(closes: #696272)
+ * Xi: Don't check for TOUCH_END, it's never set
+ * Xi: Update the device after delivering the emulated pointer event
+ (closes: #702662)
-- Julien Cristau <jcristau@debian.org> Sun, 03 Mar 2013 19:13:57 +0100
commit 7e0e6f8154b58c4250f3ef0df15835c2b06639f0
Author: Carlos Garnacho <carlosg@gnome.org>
Date: Wed Oct 31 19:32:57 2012 +0100
Xi: Update the device after delivering the emulated pointer event(#56558)
Ensure emulated pointer events contain the state that applies before the
event was processed, so the device state must be updated after delivering
such emulated events.
Co-authored-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 863f32c930d71073ee5f78452b78bd459d024867)
diff --git a/Xi/exevents.c b/Xi/exevents.c
index c1fcc55..9136249 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -1595,9 +1595,6 @@ ProcessTouchEvent(InternalEvent *ev, DeviceIntPtr dev)
else
touchid = ev->device_event.touchid;
- if (emulate_pointer)
- UpdateDeviceState(dev, &ev->device_event);
-
if (type == ET_TouchBegin) {
ti = TouchBeginTouch(dev, ev->device_event.sourceid, touchid,
emulate_pointer);
@@ -1644,6 +1641,7 @@ ProcessTouchEvent(InternalEvent *ev, DeviceIntPtr dev)
* events which _only_ emulate motion just work normally */
if (emulate_pointer && ev->any.type != ET_TouchUpdate)
DeliverEmulatedMotionEvent(dev, ti, ev);
+
if (emulate_pointer && IsMaster(dev))
CheckMotion(&ev->device_event, dev);
@@ -1668,6 +1666,9 @@ ProcessTouchEvent(InternalEvent *ev, DeviceIntPtr dev)
if (ev->any.type == ET_TouchEnd)
TouchEndTouch(dev, ti);
}
+
+ if (emulate_pointer)
+ UpdateDeviceState(dev, &ev->device_event);
}
/**
commit 52ee070ef6fade5f951222408ad4eadec86f452a
Author: Daniel Drake <dsd@laptop.org>
Date: Fri Sep 7 21:48:35 2012 -0400
Xi: Don't check for TOUCH_END, it's never set
This flag is never set, so checking for it here means that we'll
never release the simulated mouse button press after the user touches
(and releases) the touchscreen for the first time.
Fixes a problem where the XO laptop touchpad became totally
unusable after touching the screen for the first time (since X then
behaved as if the mouse button was held down all the time).
Signed-off-by: Daniel Drake <dsd@laptop.org>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 3e6358ee6c33979329b78fe2097a1fdf76fb69cd)
diff --git a/Xi/exevents.c b/Xi/exevents.c
index 37ed5c7..c1fcc55 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -971,8 +971,6 @@ UpdateDeviceState(DeviceIntPtr device, DeviceEvent *event)
if (!(event->flags & TOUCH_POINTER_EMULATED))
return DONT_PROCESS;
- if (!(event->flags & TOUCH_END))
- return DONT_PROCESS;
DecreaseButtonCount(device, key, &t->buttonsDown, &t->motionMask,
&t->state);
commit 2b1356632de667a7f2d05c7e5e5c659902779746
Author: Julien Cristau <jcristau@debian.org>
Date: Sun Mar 3 19:14:25 2013 +0100
Changelog entry
diff --git a/debian/changelog b/debian/changelog
index 228dc7c..f844f77 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.12.4-6) UNRELEASED; urgency=low
+
+ * Touch: Fix duplicate TouchBegin selection with virtual devices
+ (closes: #696272)
+
+ -- Julien Cristau <jcristau@debian.org> Sun, 03 Mar 2013 19:13:57 +0100
+
xorg-server (2:1.12.4-5) unstable; urgency=low
* dmx: don't include dmx-config.h from xdmxconfig (closes: #495816)
commit e603961447cd2ca69aa070db7bdf0d6af8aac759
Author: Daniel Stone <daniel@fooishbar.org>
Date: Fri Sep 7 18:17:46 2012 +0100
Touch: Fix duplicate TouchBegin selection with virtual devices
Given the following scenario:
1) client A selects for TouchBegin on window W for device D
2) client B selects for TouchBegin on window W for XIAllDevices
3) client C selects for TouchBegin on window W with device E
Step 3 will fail with BadImplementation, because attempting to look up
XIAllDevices or XIAllMasterDevices with dixLookupDevices doesn't work.
This should succeed (or, if it was selecting for device D, fail with
BadAccess as it would be a duplicate selection).
Fix this by performing the appropriate lookup for virtual devices.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Chase Douglas <chase.douglas@ubuntu.com>
(cherry picked from commit 3d2b768efae9936c6929c2bc13c7a1acc074ecd3)
[jcristau: backport to 1.12.x, tmp vs dummy variable names]
Conflicts:
Xi/xiselectev.c
diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c
index 43a67c8..07d3218 100644
--- a/Xi/xiselectev.c
+++ b/Xi/xiselectev.c
@@ -180,8 +180,13 @@ ProcXISelectEvents(ClientPtr client)
if (CLIENT_ID(iclient->resource) == client->index)
continue;
- dixLookupDevice(&dummy, evmask->deviceid, serverClient,
- DixReadAccess);
+ if (evmask->deviceid == XIAllDevices)
+ dummy = inputInfo.all_devices;
+ else if (evmask->deviceid == XIAllMasterDevices)
+ dummy = inputInfo.all_master_devices;
+ else
+ dixLookupDevice(&dummy, evmask->deviceid, serverClient,
+ DixReadAccess);
if (!dummy)
return BadImplementation; /* this shouldn't happen */
commit bea6ce867d4cbd370e133d9c63ad0208ba674baf
Author: Julien Cristau <jcristau@debian.org>
Date: Sat Feb 23 16:02:52 2013 +0100
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index 546dc00..228dc7c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-xorg-server (2:1.12.4-5) UNRELEASED; urgency=low
+xorg-server (2:1.12.4-5) unstable; urgency=low
* dmx: don't include dmx-config.h from xdmxconfig (closes: #495816)
* xfree86: bail on misformed acpi strings (closes: #696110)
@@ -7,7 +7,7 @@ xorg-server (2:1.12.4-5) UNRELEASED; urgency=low
* Link against -lbsd on kfreebsd. This gives us access to getpeereid(), and
makes MIT-SHM work with non-world-accessible segments (closes: #701469).
- -- Julien Cristau <jcristau@debian.org> Sat, 23 Feb 2013 14:46:13 +0100
+ -- Julien Cristau <jcristau@debian.org> Sat, 23 Feb 2013 15:37:44 +0100
xorg-server (2:1.12.4-4) unstable; urgency=low
commit 89fe7540dd25f48e33117ca07f911606f9e98cce
Author: Julien Cristau <jcristau@debian.org>
Date: Sat Feb 23 15:08:19 2013 +0100
Link against -lbsd on kfreebsd.
This gives us access to getpeereid(), and makes MIT-SHM work with
non-world-accessible segments (closes: #701469).
diff --git a/debian/changelog b/debian/changelog
index f16f73f..546dc00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ xorg-server (2:1.12.4-5) UNRELEASED; urgency=low
* xfree86: bail on misformed acpi strings (closes: #696110)
* dix: don't allow overriding a grab with a different type of grab
* dix: Set focus field on XI2 crossing events (closes: #699907)
+ * Link against -lbsd on kfreebsd. This gives us access to getpeereid(), and
+ makes MIT-SHM work with non-world-accessible segments (closes: #701469).
-- Julien Cristau <jcristau@debian.org> Sat, 23 Feb 2013 14:46:13 +0100
diff --git a/debian/control b/debian/control
index d8f3735..6077dec 100644
--- a/debian/control
+++ b/debian/control
@@ -77,6 +77,8 @@ Build-Depends:
# unit tests
xkb-data,
x11-xkb-utils,
+# getpeereid()
+ libbsd-dev [kfreebsd-any],
Standards-Version: 3.9.2
Vcs-Git: git://git.debian.org/git/pkg-xorg/xserver/xorg-server
Vcs-Browser: http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git
diff --git a/debian/rules b/debian/rules
index 3011a78..7308463 100755
--- a/debian/rules
+++ b/debian/rules
@@ -79,6 +79,7 @@ else ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
config_backend += --disable-config-udev
config_backend_main += --enable-config-hal
config_backend_udeb += --disable-config-hal
+ libs = LIBS=-lbsd
else # hurd
config_backend += --disable-config-udev --disable-config-hal
endif
@@ -126,7 +127,8 @@ confflags += \
--disable-xquartz \
--disable-xwin \
--disable-xfake \
- --disable-install-setuid
+ --disable-install-setuid \
+ $(libs)
confflags_main = \
--with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType,built-ins" \
commit 9fcda0b8c69da19f842cd1cf9e3f69487711aaa9
Author: Julien Cristau <jcristau@debian.org>
Date: Sat Feb 23 14:59:34 2013 +0100
Update changelog for cherry-picks
diff --git a/debian/changelog b/debian/changelog
index b9468f1..f16f73f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+xorg-server (2:1.12.4-5) UNRELEASED; urgency=low
+
+ * dmx: don't include dmx-config.h from xdmxconfig (closes: #495816)
+ * xfree86: bail on misformed acpi strings (closes: #696110)
+ * dix: don't allow overriding a grab with a different type of grab
+ * dix: Set focus field on XI2 crossing events (closes: #699907)
+
+ -- Julien Cristau <jcristau@debian.org> Sat, 23 Feb 2013 14:46:13 +0100
+
xorg-server (2:1.12.4-4) unstable; urgency=low
* Fix memory leak in libnettle sha1 patch. Thanks, Yaakov Selkowitz!
commit a338f013f0e60a61a1e00101f3034dda313a1fc7
Author: Carlos Garnacho <carlosg@gnome.org>
Date: Wed Feb 6 14:07:22 2013 +0100
dix: Set focus field on XI2 crossing events
Set on DeviceEnterLeaveEvent() the xXIEnterEvent->focus field
similarly to how the CoreEnterLeaveEvent() function above does
for core events.
This fixes bug https://bugzilla.gnome.org/show_bug.cgi?id=677329
reported to GTK+, where focus handling on window managers with
sloppy focus or no window manager present was broken due to this
field being always set to FALSE.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 509b3c3dc82e7abce1900d5e1cddd90f23be5a87)
(cherry picked from commit e7b4b83679604919035d5aab544092aef5ea6034)
diff --git a/dix/events.c b/dix/events.c
index aa1b6e1..3c65dcf 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -4524,6 +4524,7 @@ DeviceEnterLeaveEvent(DeviceIntPtr mouse,
{
GrabPtr grab = mouse->deviceGrab.grab;
xXIEnterEvent *event;
+ WindowPtr focus;
int filter;
int btlen, len, i;
DeviceIntPtr kbd;
@@ -4565,6 +4566,11 @@ DeviceEnterLeaveEvent(DeviceIntPtr mouse,
event->group.locked_group = kbd->key->xkbInfo->state.locked_group;
}
+ focus = (kbd) ? kbd->focus->win : None;
+ if ((focus != NoneWin) &&
+ ((pWin == focus) || (focus == PointerRootWin) || IsParent(focus, pWin)))
+ event->focus = TRUE;
+
FixUpEventFromWindow(mouse->spriteInfo->sprite, (xEvent *) event, pWin,
None, FALSE);
commit 8ec7b13ca447b186fc63624e89ae9ec433240fe6
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Fri Dec 14 11:34:15 2012 +1000
dix: don't allow overriding a grab with a different type of grab (#58255)
If a client has a core grab, don't allow re-grabbing with type XI2, etc.
This was the intent of the original commit
xorg-server-1.5.99.1-782-g09f9a86, but ineffective.
X.Org Bug 58255 <http://bugs.freedesktop.org/show_bug.cgi?id=58255>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit dd3242c87a0a58cba055eb99c0c3fcf03153e4b8)
diff --git a/dix/events.c b/dix/events.c
index 822b6e9..aa1b6e1 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -4995,7 +4995,7 @@ GrabDevice(ClientPtr client, DeviceIntPtr dev,
grab = grabInfo->grab;
if (grab && grab->grabtype != grabtype)
*status = AlreadyGrabbed;
- if (grab && !SameClient(grab, client))
+ else if (grab && !SameClient(grab, client))
*status = AlreadyGrabbed;
else if ((!pWin->realized) ||
(confineTo &&
commit acec09de1da80fd39302353e2b896fbe48ad1e05
Author: Ted Felix <ted@tedfelix.com>
Date: Tue Jan 29 16:36:48 2013 +1000
xfree86: bail on misformed acpi strings (#73227)
If acpid sends a string in a format that we can't parse, bail out instead of
potentially dereferencing a NULL-pointer.
X.Org Bug 73227 <http://bugs.freedesktop.org/show_bug.cgi?id=73227>
Signed-off-by: Ted Felix <ted@tedfelix.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 3d35dfcf5bad1b0a028fbecd65cb6cf6ebf12503)
diff --git a/hw/xfree86/os-support/linux/lnx_acpi.c b/hw/xfree86/os-support/linux/lnx_acpi.c
index d98efa2..dcaa19e 100644
--- a/hw/xfree86/os-support/linux/lnx_acpi.c
+++ b/hw/xfree86/os-support/linux/lnx_acpi.c
@@ -82,18 +82,21 @@ lnxACPIGetEventFromOs(int fd, pmEvent * events, int num)
video = strtok(ev, " ");
- GFX = strtok(NULL, " ");
+ if (!(GFX = strtok(NULL, " ")))
+ return 0;
#if 0
ErrorF("GFX: %s\n", GFX);
#endif
- notify = strtok(NULL, " ");
+ if (!(notify = strtok(NULL, " ")))
+ return 0;
notify_l = strtoul(notify, NULL, 16);
#if 0
ErrorF("notify: 0x%lx\n", notify_l);
#endif
- data = strtok(NULL, " ");
+ if (!(data = strtok(NULL, " ")))
+ return 0;
data_l = strtoul(data, NULL, 16);
#if 0
ErrorF("data: 0x%lx\n", data_l);
commit 250ce11bbf531b16f70b45760feadb54c11fba31
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Sat Jan 26 14:13:33 2013 +1000
dmx: don't include dmx-config.h from xdmxconfig (#37502)
dmx-config.h is a server header which includes dix-config.h. That again
defines a bunch of server-specifics, including setting the size of XID to
32 bit.
libX11 uses unsigned long (8 bits on x86_64). XGCValues thus ends up being
16 bytes smaller in xdmxconfig than in the library, causing garbage to be
sent to the server.
X.Org Bug 37502 <http://bugs.freedesktop.org/show_bug.cgi?id=37502>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 1058fcf57fdcb94d92e7b5f4483b347853d5f8e6)
diff --git a/hw/dmx/config/xdmxconfig.c b/hw/dmx/config/xdmxconfig.c
index f308412..2121dd7 100644
--- a/hw/dmx/config/xdmxconfig.c
+++ b/hw/dmx/config/xdmxconfig.c
@@ -31,9 +31,6 @@
*
*/
-#ifdef HAVE_DMX_CONFIG_H
-#include <dmx-config.h>
-#endif
#include <stdio.h>
#include <stdlib.h>
commit 25d00ac0ef6c405ecfa747757bea58ea68a4159b
Author: Julien Cristau <jcristau@debian.org>
Date: Thu Nov 29 19:27:51 2012 +0100
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index c739f3b..b9468f1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-xorg-server (2:1.12.4-4) UNRELEASED; urgency=low
+xorg-server (2:1.12.4-4) unstable; urgency=low
* Fix memory leak in libnettle sha1 patch. Thanks, Yaakov Selkowitz!
* Cherry-pick from upstream:
- dix: set the device transformation matrix. Avoids cursor jumps in
virtualbox (closes: #694598)
- -- Julien Cristau <jcristau@debian.org> Mon, 05 Nov 2012 20:39:01 +0100
+ -- Julien Cristau <jcristau@debian.org> Thu, 29 Nov 2012 19:27:31 +0100
xorg-server (2:1.12.4-3) unstable; urgency=low
commit 72b776cc9dea2bef6e407401d11a68d5fa48d13e
Author: Julien Cristau <jcristau@debian.org>
Date: Wed Nov 28 11:32:00 2012 +0100
Update changelog
diff --git a/debian/changelog b/debian/changelog
index 5bf8070..c739f3b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
xorg-server (2:1.12.4-4) UNRELEASED; urgency=low
* Fix memory leak in libnettle sha1 patch. Thanks, Yaakov Selkowitz!
+ * Cherry-pick from upstream:
+ - dix: set the device transformation matrix. Avoids cursor jumps in
+ virtualbox (closes: #694598)
-- Julien Cristau <jcristau@debian.org> Mon, 05 Nov 2012 20:39:01 +0100
commit 460324393cf200b195d456f44720f85ed3e9f019
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu Sep 20 05:56:39 2012 +1000
dix: set the device transformation matrix
The property handler is registered after setting the property, so
dev->transform remains as all-zeros. That causes pixman_f_transform_invert()
to fail (in transformAbsolute()) and invert remains as garbage. This
may then cause a cursor jump to 0,0.
Since the axes are not yet initialized here and we need to allow for drivers
changing the matrix, we cannot use the property handler for matrix
initialization, essentially duplicating the code.
Triggered by the fix to (#49347) in 749a593e49adccdf1225be28a521412ec85333f4
https://bugzilla.redhat.com/show_bug.cgi?id=852841
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@ubuntu.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 3d1051aecbb1955084804133cacd12c7f696833a)
diff --git a/dix/devices.c b/dix/devices.c
index fbc9fec..ef34a00 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -303,6 +303,9 @@ AddInputDevice(ClientPtr client, DeviceProc deviceProc, Bool autoStart)
/* unity matrix */
memset(transform, 0, sizeof(transform));
transform[0] = transform[4] = transform[8] = 1.0f;
+ dev->transform.m[0][0] = 1.0;
+ dev->transform.m[1][1] = 1.0;
+ dev->transform.m[2][2] = 1.0;
XIChangeDeviceProperty(dev, XIGetKnownProperty(XI_PROP_TRANSFORM),
XIGetKnownProperty(XATOM_FLOAT), 32,
commit f6bcfe7db7d5daa8fe651c18883db19ac4b299cf
Author: Julien Cristau <jcristau@debian.org>
Date: Mon Nov 5 20:43:08 2012 +0100
Fix memory leak in libnettle sha1 patch.
Thanks, Yaakov Selkowitz!
diff --git a/debian/changelog b/debian/changelog
index 393c4de..5bf8070 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg-server (2:1.12.4-4) UNRELEASED; urgency=low
+
+ * Fix memory leak in libnettle sha1 patch. Thanks, Yaakov Selkowitz!
+
+ -- Julien Cristau <jcristau@debian.org> Mon, 05 Nov 2012 20:39:01 +0100
+
xorg-server (2:1.12.4-3) unstable; urgency=low
* Replace EXA patch from previous upload with the one actually applied
diff --git a/debian/patches/02_Add-libnettle-as-option-for-sha1.diff b/debian/patches/02_Add-libnettle-as-option-for-sha1.diff
index daf4fc2..eb7d318 100644
--- a/debian/patches/02_Add-libnettle-as-option-for-sha1.diff
+++ b/debian/patches/02_Add-libnettle-as-option-for-sha1.diff
@@ -8,8 +8,10 @@ Signed-off-by: Cyril Brulebois <kibi@debian.org>
[jcristau: forward-ported from 1.7 to 1.8]
Signed-off-by: Julien Cristau <jcristau@debian.org>
---
---- a/configure.ac
-+++ b/configure.ac
+Index: xorg-server/configure.ac
+===================================================================
+--- xorg-server.orig/configure.ac
++++ xorg-server/configure.ac
@@ -1339,7 +1339,7 @@ CORE_INCS='-I$(top_srcdir)/include -I$(t
# SHA1 hashing
@@ -36,8 +38,10 @@ Signed-off-by: Julien Cristau <jcristau@debian.org>
AC_MSG_CHECKING([for SHA1 implementation])
if test "x$with_sha1" = x; then
AC_MSG_ERROR([No suitable SHA1 implementation found])
---- a/include/dix-config.h.in
-+++ b/include/dix-config.h.in
+Index: xorg-server/include/dix-config.h.in
+===================================================================
+--- xorg-server.orig/include/dix-config.h.in
++++ xorg-server/include/dix-config.h.in
@@ -157,6 +157,9 @@
/* Define to use libsha1 for SHA1 */
#undef HAVE_SHA1_IN_LIBSHA1
@@ -48,9 +52,11 @@ Signed-off-by: Julien Cristau <jcristau@debian.org>
/* Define to 1 if you have the `shmctl64' function. */
#undef HAVE_SHMCTL64
---- a/os/xsha1.c
-+++ b/os/xsha1.c
-@@ -148,6 +148,31 @@ x_sha1_final(void *ctx, unsigned char re
+Index: xorg-server/os/xsha1.c
+===================================================================
+--- xorg-server.orig/os/xsha1.c
++++ xorg-server/os/xsha1.c
+@@ -148,6 +148,32 @@ x_sha1_final(void *ctx, unsigned char re
return 1;
}
@@ -60,7 +66,7 @@ Signed-off-by: Julien Cristau <jcristau@debian.org>
+
+void *x_sha1_init(void)
+{
-+ struct sha1_ctx *ctx = xalloc(sizeof(*ctx));
++ struct sha1_ctx *ctx = malloc(sizeof(*ctx));
+ if (!ctx)
+ return NULL;
+ sha1_init(ctx);
@@ -76,6 +82,7 @@ Signed-off-by: Julien Cristau <jcristau@debian.org>
+int x_sha1_final(void *ctx, unsigned char result[20])
+{
+ sha1_digest(ctx, 20, result);
++ free(ctx);
+ return 1;
+}
+
commit 5865e42d2a3471a18e74d0a9e8262c9cc9a550e2
Author: Julien Cristau <jcristau@debian.org>
Date: Mon Nov 5 10:40:41 2012 +0100
Replace EXA patch from previous upload with the one actually applied upstream
Closes: #666468.
diff --git a/debian/changelog b/debian/changelog
index d62a530..393c4de 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.12.4-3) unstable; urgency=low
+
+ * Replace EXA patch from previous upload with the one actually applied
+ upstream (closes: #666468).
+
+ -- Julien Cristau <jcristau@debian.org> Mon, 05 Nov 2012 10:44:58 +0100
+
xorg-server (2:1.12.4-2) unstable; urgency=low
* Fix Xephyr command line option parsing (closes: #689246). Thanks, Andrzej
diff --git a/debian/patches/07_Revert-kinput-allocate-enough-space-for-null-charact.diff b/debian/patches/07_Revert-kinput-allocate-enough-space-for-null-charact.diff
index fbb6ac7..be1b598 100644
--- a/debian/patches/07_Revert-kinput-allocate-enough-space-for-null-charact.diff
+++ b/debian/patches/07_Revert-kinput-allocate-enough-space-for-null-charact.diff
@@ -36,11 +36,11 @@ Cc: Dave Airlie <airlied@redhat.com>
hw/kdrive/src/kinput.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/hw/kdrive/src/kinput.c b/hw/kdrive/src/kinput.c
-index d35dcf8..b1068bb 100644
---- a/hw/kdrive/src/kinput.c
-+++ b/hw/kdrive/src/kinput.c
-@@ -1034,7 +1034,7 @@ KdGetOptions(InputOption **options, char *string)
+Index: xorg-server/hw/kdrive/src/kinput.c
+===================================================================
+--- xorg-server.orig/hw/kdrive/src/kinput.c
++++ xorg-server/hw/kdrive/src/kinput.c
+@@ -1055,7 +1055,7 @@ KdGetOptions(InputOption **options, char
if (strchr(string, '=')) {
tam_key = (strchr(string, '=') - string);
@@ -49,6 +49,3 @@ index d35dcf8..b1068bb 100644
if (!key)
goto out;
---
-1.7.10.4
-
diff --git a/debian/patches/09_EXA-Fall-back-earlier-and-more-thoroughly-from-exaGlyphs.diff b/debian/patches/09_EXA-Fall-back-earlier-and-more-thoroughly-from-exaGlyphs.diff
deleted file mode 100644
index 76fc2b6..0000000
--- a/debian/patches/09_EXA-Fall-back-earlier-and-more-thoroughly-from-exaGlyphs.diff
+++ /dev/null
@@ -1,127 +0,0 @@
-From: Michel Dänzer <michel@daenzer.net>
-Subject: EXA: Fall back earlier and more thoroughly from exaGlyphs. (v2)
-
-Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=47266
-
-[https://bugs.freedesktop.org/attachment.cgi?id=59437, rebased by jcristau]
-
-Index: xorg-server/exa/exa_glyphs.c
-===================================================================
---- xorg-server.orig/exa/exa_glyphs.c
-+++ xorg-server/exa/exa_glyphs.c
-@@ -686,6 +686,7 @@ exaGlyphs(CARD8 op,
- PixmapPtr pMaskPixmap = 0;
- PicturePtr pMask = NULL;
- ScreenPtr pScreen = pDst->pDrawable->pScreen;
-+ ExaScreenPriv(pScreen);
- int width = 0, height = 0;
- int x, y;
- int first_xOff = list->xOff, first_yOff = list->yOff;
-@@ -697,7 +698,6 @@ exaGlyphs(CARD8 op,
- ExaGlyphBuffer buffer;
-
- if (maskFormat) {
-- ExaScreenPriv(pScreen);
- GCPtr pGC;
- xRectangle rect;
-
-@@ -719,22 +719,20 @@ exaGlyphs(CARD8 op,
- maskFormat->depth,
- CREATE_PIXMAP_USAGE_SCRATCH);
- if (!pMaskPixmap)
-- return;
-+ goto fallback;
- component_alpha = NeedsComponent(maskFormat->format);
- pMask = CreatePicture(0, &pMaskPixmap->drawable,
- maskFormat, CPComponentAlpha, &component_alpha,
- serverClient, &error);
-- if (!pMask ||
-- (!component_alpha && pExaScr->info->CheckComposite &&
-- !(*pExaScr->info->CheckComposite) (PictOpAdd, pSrc, NULL, pMask)))
-+ (*pScreen->DestroyPixmap) (pMaskPixmap);
-+ if (!pMask)
-+ goto fallback;
-+
-+ if (!component_alpha && pExaScr->info->CheckComposite &&
-+ !(*pExaScr->info->CheckComposite) (PictOpAdd, pSrc, NULL, pMask))
- {
- PictFormatPtr argbFormat;
-
-- (*pScreen->DestroyPixmap) (pMaskPixmap);
--
-- if (!pMask)
-- return;
--
- /* The driver can't seem to composite to a8, let's try argb (but
- * without component-alpha) */
- FreePicture((pointer) pMask, (XID) 0);
-@@ -748,15 +746,25 @@ exaGlyphs(CARD8 op,
- maskFormat->depth,
- CREATE_PIXMAP_USAGE_SCRATCH);
- if (!pMaskPixmap)
-- return;
-+ goto fallback;
-
- pMask = CreatePicture(0, &pMaskPixmap->drawable, maskFormat, 0, 0,
- serverClient, &error);
-- if (!pMask) {
-- (*pScreen->DestroyPixmap) (pMaskPixmap);
-- return;
-- }
-+ (*pScreen->DestroyPixmap) (pMaskPixmap);
-+ if (!pMask)
-+ goto fallback;
-+ }
-+
-+ if (pExaScr->info->CheckComposite &&
-+ (!(*pExaScr->info->CheckComposite) (PictOpAdd, pSrc, NULL, pMask) ||
-+ (!(*pExaScr->info->CheckComposite) (op, pSrc, pMask, pDst) &&
-+ (op != PictOpOver ||
-+ !(*pExaScr->info->CheckComposite) (PictOpOutReverse, pSrc, pMask, pDst) ||
-+ !(*pExaScr->info->CheckComposite) (PictOpOver, pSrc, pMask, pDst))))) {
-+ FreePicture ((pointer) pMask, (XID) 0);
-+ goto fallback;
- }
-+
- pGC = GetScratchGC(pMaskPixmap->drawable.depth, pScreen);
- ValidateGC(&pMaskPixmap->drawable, pGC);
- rect.x = 0;
-@@ -769,6 +777,13 @@ exaGlyphs(CARD8 op,
- y = -extents.y1;
- }
- else {
-+ if (pExaScr->info->CheckComposite &&
-+ !(*pExaScr->info->CheckComposite) (op, pSrc, NULL, pDst) &&
-+ (op != PictOpOver ||
-+ !(*pExaScr->info->CheckComposite) (PictOpOutReverse, pSrc, NULL, pDst) ||
-+ !(*pExaScr->info->CheckComposite) (PictOpOver, pSrc, NULL, pDst)))
-+ goto fallback;
-+
- x = 0;
- y = 0;
- }
-@@ -834,6 +849,10 @@ exaGlyphs(CARD8 op,
- xSrc + x - first_xOff,
- ySrc + y - first_yOff, 0, 0, x, y, width, height);
- FreePicture((pointer) pMask, (XID) 0);
-- (*pScreen->DestroyPixmap) (pMaskPixmap);
- }
-+
-+ return;
-+
-+fallback:
-+ ExaCheckGlyphs(op, pSrc, pDst, maskFormat, xSrc, ySrc, nlist, list, glyphs);
- }
-Index: xorg-server/exa/exa_render.c
-===================================================================
---- xorg-server.orig/exa/exa_render.c
-+++ xorg-server/exa/exa_render.c
-@@ -878,7 +878,7 @@ exaComposite(CARD8 op,
- Bool saveMaskRepeat = pMask ? pMask->repeat : 0;
- RegionRec region;
-
-- if (pExaScr->swappedOut)
-+ if (pExaScr->fallback_counter || pExaScr->swappedOut)
- goto fallback;
-
- /* Remove repeat in source if useless */
diff --git a/debian/patches/09_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.diff b/debian/patches/09_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.diff
new file mode 100644
index 0000000..6fb782a
--- /dev/null
+++ b/debian/patches/09_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.diff
@@ -0,0 +1,86 @@
+From 1ca096d5e07221025c4c4110528772b7d94f15ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <michel.daenzer@amd.com>
+Date: Mon, 29 Oct 2012 12:57:54 +0100
+Subject: [PATCH] EXA: Track source/mask pixmaps more explicitly for Composite
+ fallback regions.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In particular, make sure pExaScr->src/maskPix are cleared when the
+corresponding pictures aren't associated with drawables, i.e. solid or gradient
+pictures. Without this, we would in some cases associate the source/mask region
+with unrelated pixmaps from previous Composite fallbacks, resulting in random
+corruption.
+
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=47266
+
+Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
+Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+---
+ exa/exa_priv.h | 1 +
+ exa/exa_unaccel.c | 16 ++++++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+Index: xorg-server/exa/exa_priv.h
+===================================================================
+--- xorg-server.orig/exa/exa_priv.h
++++ xorg-server/exa/exa_priv.h
Reply to: