From 6753065f959b88ccaccd36ecdc5baffbfe320c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Mon, 13 Sep 2010 11:28:30 +0200 Subject: [PATCH 1/3] Use mktemp and use it properly. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixes bug 632879 and bug 499234 (which is CVE-2009-1573) Signed-off-by: Matěj Cepl --- xvfb-run.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/xvfb-run.sh b/xvfb-run.sh index 8d1e293..84ad0fc 100644 --- a/xvfb-run.sh +++ b/xvfb-run.sh @@ -146,19 +146,17 @@ fi # If the user did not specify an X authorization file to use, set up a temporary # directory to house one. if [ -z "$AUTHFILE" ]; then - XVFB_RUN_TMPDIR="${TMPDIR:-/tmp}/$PROGNAME.$$" - if ! mkdir -p -m 700 "$XVFB_RUN_TMPDIR"; then - error "temporary directory $XVFB_RUN_TMPDIR already exists" - exit 4 - fi - AUTHFILE=$(mktemp -p "$XVFB_RUN_TMPDIR" Xauthority) + XVFB_RUN_TMPDIR="$(mktemp --directory --tmpdir $PROGNAME.XXXXXX)" + AUTHFILE=$(mktemp -p "$XVFB_RUN_TMPDIR" Xauthority.XXXXXX) fi # Start Xvfb. MCOOKIE=$(mcookie) -XAUTHORITY=$AUTHFILE xauth add ":$SERVERNUM" "$XAUTHPROTO" "$MCOOKIE" \ - >"$ERRORFILE" 2>&1 -XAUTHORITY=$AUTHFILE Xvfb ":$SERVERNUM" $XVFBARGS $LISTENTCP >"$ERRORFILE" \ + +XAUTHORITY=$AUTHFILE xauth source - << EOF >>"$ERRORFILE" 2>&1 +add :$SERVERNUM $XAUTHPROTO $MCOOKIE +EOF +XAUTHORITY=$AUTHFILE Xvfb ":$SERVERNUM" $XVFBARGS $LISTENTCP >>"$ERRORFILE" \ 2>&1 & XVFBPID=$! sleep "$STARTWAIT" From 7fd512b8ba0a99e4dd35662da4232803503cfd46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Mon, 13 Sep 2010 17:33:11 +0200 Subject: [PATCH 2/3] Bump release --- xorg-x11-server.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 26fe63c..6aeb51b 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -30,7 +30,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server Version: 1.9.0 -Release: 7%{?gitdate:.%{gitdate}}%{dist} +Release: 8%{?gitdate:.%{gitdate}}%{dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -554,6 +554,9 @@ rm -rf $RPM_BUILD_ROOT %{xserver_source_dir} %changelog +* Mon Sep 13 2010 Matěj Cepl - 1.9.0-8 +- Call mktemp correctly (fixes RHBZ bug 632879) + * Thu Sep 02 2010 Adam Jackson 1.9.0-7 - ... but only in F15 and later. From 7a171536bbb739d6e9725c0cc7fe8f3de531f883 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Mon, 13 Sep 2010 11:37:25 -0400 Subject: [PATCH 3/3] vbe panelid fix --- xorg-x11-server.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 6aeb51b..a100153 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -30,7 +30,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server Version: 1.9.0 -Release: 8%{?gitdate:.%{gitdate}}%{dist} +Release: 9%{?gitdate:.%{gitdate}}%{dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -99,6 +99,8 @@ Patch6053: xserver-1.8-disable-vboxvideo.patch Patch7000: xserver-1.8.0-no-xorg.patch Patch7001: xserver-1.9.0-tcflush-fix.patch +# 632805 +Patch7002: xserver-1.9.0-vbe-panelid-sanity.patch %define moduledir %{_libdir}/xorg/modules %define drimoduledir %{_libdir}/dri @@ -554,6 +556,10 @@ rm -rf $RPM_BUILD_ROOT %{xserver_source_dir} %changelog +* Mon Sep 13 2010 Adam Jackson 1.9.0-9 +- xserver-1.9.0-vbe-panelid-sanity.patch: Refuse to believe tiny (or negative) + sizes from PanelID. (#632805) + * Mon Sep 13 2010 Matěj Cepl - 1.9.0-8 - Call mktemp correctly (fixes RHBZ bug 632879)