* Thu Jun 12 2008 Dave Airlie <airlied@redhat.com> 1.4.99.902-2.20080612

- cve-2008-1377: Record and Security Extension Input validation
- cve-2008-1379: MIT-SHM extension Input Validation flaw
- cve-2008-2360: Render AllocateGlyph extension Integer overflows
- cve-2008-2361: Render CreateCursor extension Integer overflows
- cve-2008-2362: Render Gradient extension Integer overflows
- Rebase to 1.5 head for security patches for above
This commit is contained in:
Dave Airlie 2008-06-12 06:18:47 +00:00
parent 2840dd215d
commit f4653f87d0
7 changed files with 93 additions and 51 deletions

View File

@ -1 +1 @@
xorg-server-20080415.tar.bz2
xorg-server-20080612.tar.bz2

View File

@ -1 +1 @@
5a2b538c1bc020af5bc33027ba0d9698338dca46
53a84d75c65f75c629c6610a2ec4093507cea3f7

View File

@ -1 +1 @@
2552f3c3b3c2c61ca85fd3d1515efcff xorg-server-20080415.tar.bz2
067f2f0fdbcac0f8a7cd4f4ee046a2c8 xorg-server-20080612.tar.bz2

View File

@ -15,12 +15,12 @@
# RHEL5 bugfix sync
%define pkgname xorg-server
%define gitdate 20080415
%define gitdate 20080612
Summary: X.Org X11 X server
Name: xorg-x11-server
Version: 1.4.99.901
Release: 22.%{gitdate}%{?dist}
Version: 1.4.99.902
Release: 1.%{gitdate}%{?dist}
URL: http://www.x.org
License: MIT
Group: User Interface/X
@ -62,7 +62,7 @@ Patch5002: xserver-1.4.99-ssh-isnt-local.patch
Patch5007: xserver-1.5.0-bad-fbdev-thats-mine.patch
Patch5008: xserver-1.5.0-xaa-sucks.patch
Patch5009: xserver-1.5.0-no-evdev-keyboards-kthnx.patch
Patch5010: xserver-1.5.0-selinux-off-by-default.patch
Patch5010: xserver-1.5.0-fix-single-aspect.patch
%define moduledir %{_libdir}/xorg/modules
%define drimoduledir %{_libdir}/dri
@ -513,6 +513,14 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Thu Jun 12 2008 Dave Airlie <airlied@redhat.com> 1.4.99.902-2.20080612
- cve-2008-1377: Record and Security Extension Input validation
- cve-2008-1379: MIT-SHM extension Input Validation flaw
- cve-2008-2360: Render AllocateGlyph extension Integer overflows
- cve-2008-2361: Render CreateCursor extension Integer overflows
- cve-2008-2362: Render Gradient extension Integer overflows
- Rebase to 1.5 head for security patches for above
* Mon Apr 28 2008 Soren Sandmann <sandmann@redhat.com>
- Preserve user's CFLAGS

View File

@ -0,0 +1,28 @@
From 21248705bbd9876ea6d2d78a85bedc4904c63899 Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Thu, 12 Jun 2008 14:54:56 +1000
Subject: [PATCH] modes: make aspect choosing work on single output case.
In the single output enabled case we never enter the loop and test
never gets set and so we fail to match a good mode.
This was causing my 2560x1600 to end up at 2048x1536.
---
hw/xfree86/modes/xf86Crtc.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
index 855d646..02c447d 100644
--- a/hw/xfree86/modes/xf86Crtc.c
+++ b/hw/xfree86/modes/xf86Crtc.c
@@ -1854,6 +1854,7 @@ bestModeForAspect(xf86CrtcConfigPtr config, Bool *enabled, float aspect)
nextEnabledOutput(config, enabled, &o);
while ((mode = nextAspectMode(config->output[o], mode, aspect))) {
+ test = mode;
for (p = o; nextEnabledOutput(config, enabled, &p); ) {
test = xf86OutputFindClosestMode(config->output[p], mode);
if (!test)
--
1.5.5.1

View File

@ -1,27 +1,58 @@
From 3d914c2c1d24886ea81bf70de224370ebdf73b6d Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Tue, 18 Mar 2008 15:11:13 -0400
Subject: [PATCH] Disable evdev for keyboards.
From e654ed62d44b8d61484f97eab1b1adbfb08d375f Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Thu, 12 Jun 2008 11:52:29 +1000
Subject: [PATCH] config: disable evdev for keyboards
Hrngh argh hatred.
---
config/hal.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
config/hal.c | 28 ++++++++++++++++++++++++++++
1 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/config/hal.c b/config/hal.c
index 1575422..dcbf715 100644
index f4eb438..ee0f18f 100644
--- a/config/hal.c
+++ b/config/hal.c
@@ -177,9 +177,6 @@ device_added(LibHalContext *hal_ctx, const char *udi)
/* input.keys is the new, of which input.keyboard is a subset, but
* input.keyboard is the old 'we have keys', so we have to keep it
* around. */
- if (strcmp(props[i], "input.keys") == 0 ||
- strcmp(props[i], "input.keyboard") == 0)
- type |= TYPE_KEYS;
if (strcmp(props[i], "input.mouse") == 0 ||
strcmp(props[i], "input.touchpad") == 0)
type |= TYPE_POINTER;
@@ -168,6 +168,31 @@ get_prop_string_array(LibHalContext *hal_ctx, const char *udi, const char *prop)
}
#endif
+static Bool
+get_device_is_keyboard(LibHalContext *hal_ctx, const char *udi, DBusError *error_p)
+{
+ char **props;
+ int i;
+ Bool ret = FALSE;
+
+ props = libhal_device_get_property_strlist(hal_ctx, udi,
+ "info.capabilities", error_p);
+ if (!props) {
+ return FALSE;
+ }
+ for (i = 0; props[i]; i++) {
+ if (strcmp(props[i], "input.keys") == 0 ||
+ strcmp(props[i], "input.keyboard") == 0) {
+ ret = TRUE;
+ goto out_error;
+ }
+ }
+
+out_error:
+ libhal_free_string_array(props);
+ return ret;
+}
+
static void
device_added(LibHalContext *hal_ctx, const char *udi)
{
@@ -184,6 +209,9 @@ device_added(LibHalContext *hal_ctx, const char *udi)
dbus_error_init(&error);
+ if (get_device_is_keyboard(hal_ctx, udi, &error))
+ goto unwind;
+
driver = get_prop_string(hal_ctx, udi, "input.x11_driver");
if (!driver){
/* verbose, don't tell the user unless they _want_ to see it */
--
1.5.4.3
1.5.3.7

View File

@ -1,25 +0,0 @@
From 7007f29215604b2d16c4bda25ec2b752ca05d75f Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 9 Apr 2008 13:55:25 -0400
Subject: [PATCH] Default X-SELinux to off.
---
os/utils.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/os/utils.c b/os/utils.c
index d785d46..f58c763 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -233,7 +233,7 @@ _X_EXPORT Bool noXInputExtension = FALSE;
_X_EXPORT Bool noXIdleExtension = FALSE;
#endif
#ifdef XSELINUX
-_X_EXPORT Bool noSELinuxExtension = FALSE;
+_X_EXPORT Bool noSELinuxExtension = TRUE;
_X_EXPORT int selinuxEnforcingState = SELINUX_MODE_DEFAULT;
#endif
#ifdef XV
--
1.5.4.5