xorg-server: Changes to 'debian-wheezy'
debian/changelog | 7 +++++
debian/patches/15_CVE-2013-6424.diff | 48 +++++++++++++++++++++++++++++++++++
debian/patches/series | 3 +-
3 files changed, 57 insertions(+), 1 deletion(-)
New commits:
commit 7ba78cb7a28288ec0323f826ff22e4e38eea5918
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Dec 17 20:34:21 2013 +0100
exa: only draw valid trapezoids
Addresses CVE-2013-6424
diff --git a/debian/changelog b/debian/changelog
index cc62327..2f52585 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.12.4-6+deb7u2) wheezy-security; urgency=high
+
+ * exa: only draw valid trapezoids
+ Addresses CVE-2013-6424
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 17 Dec 2013 20:34:10 +0100
+
xorg-server (2:1.12.4-6+deb7u1) stable-security; urgency=low
* CVE-2013-4396
diff --git a/debian/patches/15_CVE-2013-6424.diff b/debian/patches/15_CVE-2013-6424.diff
new file mode 100644
index 0000000..59cc5d6
--- /dev/null
+++ b/debian/patches/15_CVE-2013-6424.diff
@@ -0,0 +1,48 @@
+From patchwork Wed Oct 2 13:47:54 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: exa: only draw valid trapezoids
+From: Maarten Lankhorst <maarten.lankhorst@canonical.com>
+X-Patchwork-Id: 14769
+Message-Id: <524C240A.9010607@canonical.com>
+To: "X.Org Devel List" <xorg-devel@lists.freedesktop.org>
+Date: Wed, 02 Oct 2013 15:47:54 +0200
+
+Fixes freedesktop.org bug https://bugs.freedesktop.org/show_bug.cgi?id=67484
+
+If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly.
+A similar fix should also be applied to pixman.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
+
+---
+
+
+diff --git a/exa/exa_render.c b/exa/exa_render.c
+index 172e2b5..807eeba 100644
+--- a/exa/exa_render.c
++++ b/exa/exa_render.c
+@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
+
+ exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ for (; ntrap; ntrap--, traps++)
+- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
++ if (xTrapezoidValid(traps))
++ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
+ exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+
+ xRel = bounds.x1 + xSrc - xDst;
+diff --git a/render/picture.h b/render/picture.h
+index c85353a..fcd6401 100644
+--- a/render/picture.h
++++ b/render/picture.h
+@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
+ /* whether 't' is a well defined not obviously empty trapezoid */
+ #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
+ (t)->right.p1.y != (t)->right.p2.y && \
+- (int) ((t)->bottom - (t)->top) > 0)
++ ((t)->bottom > (t)->top))
+
+ /*
+ * Standard NTSC luminance conversions:
diff --git a/debian/patches/series b/debian/patches/series
index 923ad3a..739861a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,4 +10,5 @@
07_Revert-kinput-allocate-enough-space-for-null-charact.diff
08_xfree86_fix_ia64_inx_outx.diff
09_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.diff
-14_CVE-2013-4396.diff
\ No newline at end of file
+14_CVE-2013-4396.diff
+15_CVE-2013-6424.diff
Reply to: