rpms/xorg-x11-server
5
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2013-1940: Fix xf86FlushInput() to drain evdev events too (#950438)

Browse Source
This commit is contained in:
Peter Hutterer 2013-04-11 08:11:37 +10:00
parent 0bc357180c
commit c2b476eb59
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0001-xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch Normal file
View File

@ -0,0 +1,37 @@
From 8647ee8f422e1ea9212d84ae14ef2163793bcdc8 Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@gmail.com>
Date: Wed, 10 Apr 2013 16:09:01 +1000
Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.
So when we VT switch back and attempt to flush the input devices,
we don't succeed because evdev won't return part of an event,
since we were only asking for 4 bytes, we'd only get -EINVAL back.
This could later cause events to be flushed that we shouldn't have
gotten.
This is a fix for CVE-2013-1940.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
{
fd_set fds;
struct timeval timeout;
- char c[4];
+ /* this needs to be big enough to flush an evdev event. */
+ char c[256];
DebugF("FlushingSerial\n");
if (tcflush(fd, TCIFLUSH) == 0)
--
1.8.1.4

12
xorg-x11-server.spec
View File

@ -42,7 +42,7 @@
Summary: X.Org X11 X server Summary: X.Org X11 X server
Name: xorg-x11-server Name: xorg-x11-server
Version: 1.14.0 Version: 1.14.0
Release: 5%{?gitdate:.%{gitdate}}%{dist} Release: 6%{?gitdate:.%{gitdate}}%{dist}
URL: http://www.x.org URL: http://www.x.org
License: MIT License: MIT
Group: User Interface/X Group: User Interface/X
@ -121,11 +121,15 @@ Patch7071: 0001-os-use-libunwind-to-generate-backtraces.patch
# upstream submitted # upstream submitted
Patch7072: xserver-1.14.0-fix-gpu-hotplug-vt-switch.patch Patch7072: xserver-1.14.0-fix-gpu-hotplug-vt-switch.patch
# Bug 950438 - CVE-2013-1940 xorg-x11-server:
# Information disclosure due enabling events from hot-plug devices despite
# input from the device being momentarily disabled
Patch7073: 0001-xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch
# on way upstream: fixes for reverse optimus # on way upstream: fixes for reverse optimus
Patch8000: 0001-dix-allow-pixmap-dirty-helper-to-be-used-for-non-sha.patch Patch8000: 0001-dix-allow-pixmap-dirty-helper-to-be-used-for-non-sha.patch
Patch8001: 0001-xserver-call-CSR-for-gpus.patch Patch8001: 0001-xserver-call-CSR-for-gpus.patch
%global moduledir %{_libdir}/xorg/modules %global moduledir %{_libdir}/xorg/modules
%global drimoduledir %{_libdir}/dri %global drimoduledir %{_libdir}/dri
%global sdkdir %{_includedir}/xorg %global sdkdir %{_includedir}/xorg
@ -598,6 +602,10 @@ rm -rf $RPM_BUILD_ROOT
%{xserver_source_dir} %{xserver_source_dir}
%changelog %changelog
* Wed Apr 17 2013 Peter Hutterer <peter.hutterer@redhat.com> 1.14.0-6
- CVE-2013-1940: Fix xf86FlushInput() to drain evdev events
(#950438, #952949)
* Fri Apr 12 2013 Dave Airlie <airlied@redhat.com> 1.14.0-5 * Fri Apr 12 2013 Dave Airlie <airlied@redhat.com> 1.14.0-5
- reenable reverse optimus and some missing patch from F18 - reenable reverse optimus and some missing patch from F18