From f4653f87d001b8d8be1d40c612f1d03bd8ecbd27 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Thu, 12 Jun 2008 06:18:47 +0000 Subject: [PATCH] * Thu Jun 12 2008 Dave Airlie 1.4.99.902-2.20080612 - cve-2008-1377: Record and Security Extension Input validation - cve-2008-1379: MIT-SHM extension Input Validation flaw - cve-2008-2360: Render AllocateGlyph extension Integer overflows - cve-2008-2361: Render CreateCursor extension Integer overflows - cve-2008-2362: Render Gradient extension Integer overflows - Rebase to 1.5 head for security patches for above --- .cvsignore | 2 +- commitid | 2 +- sources | 2 +- xorg-x11-server.spec | 16 +++-- xserver-1.5.0-fix-single-aspect.patch | 28 ++++++++ xserver-1.5.0-no-evdev-keyboards-kthnx.patch | 69 ++++++++++++++------ xserver-1.5.0-selinux-off-by-default.patch | 25 ------- 7 files changed, 93 insertions(+), 51 deletions(-) create mode 100644 xserver-1.5.0-fix-single-aspect.patch delete mode 100644 xserver-1.5.0-selinux-off-by-default.patch diff --git a/.cvsignore b/.cvsignore index 4356de0..845087f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -xorg-server-20080415.tar.bz2 +xorg-server-20080612.tar.bz2 diff --git a/commitid b/commitid index 2ca8d23..3388349 100644 --- a/commitid +++ b/commitid @@ -1 +1 @@ -5a2b538c1bc020af5bc33027ba0d9698338dca46 +53a84d75c65f75c629c6610a2ec4093507cea3f7 diff --git a/sources b/sources index 9993edb..212093e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2552f3c3b3c2c61ca85fd3d1515efcff xorg-server-20080415.tar.bz2 +067f2f0fdbcac0f8a7cd4f4ee046a2c8 xorg-server-20080612.tar.bz2 diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 55556ed..027aed9 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -15,12 +15,12 @@ # RHEL5 bugfix sync %define pkgname xorg-server -%define gitdate 20080415 +%define gitdate 20080612 Summary: X.Org X11 X server Name: xorg-x11-server -Version: 1.4.99.901 -Release: 22.%{gitdate}%{?dist} +Version: 1.4.99.902 +Release: 1.%{gitdate}%{?dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -62,7 +62,7 @@ Patch5002: xserver-1.4.99-ssh-isnt-local.patch Patch5007: xserver-1.5.0-bad-fbdev-thats-mine.patch Patch5008: xserver-1.5.0-xaa-sucks.patch Patch5009: xserver-1.5.0-no-evdev-keyboards-kthnx.patch -Patch5010: xserver-1.5.0-selinux-off-by-default.patch +Patch5010: xserver-1.5.0-fix-single-aspect.patch %define moduledir %{_libdir}/xorg/modules %define drimoduledir %{_libdir}/dri @@ -513,6 +513,14 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Jun 12 2008 Dave Airlie 1.4.99.902-2.20080612 +- cve-2008-1377: Record and Security Extension Input validation +- cve-2008-1379: MIT-SHM extension Input Validation flaw +- cve-2008-2360: Render AllocateGlyph extension Integer overflows +- cve-2008-2361: Render CreateCursor extension Integer overflows +- cve-2008-2362: Render Gradient extension Integer overflows +- Rebase to 1.5 head for security patches for above + * Mon Apr 28 2008 Soren Sandmann - Preserve user's CFLAGS diff --git a/xserver-1.5.0-fix-single-aspect.patch b/xserver-1.5.0-fix-single-aspect.patch new file mode 100644 index 0000000..afd1c21 --- /dev/null +++ b/xserver-1.5.0-fix-single-aspect.patch @@ -0,0 +1,28 @@ +From 21248705bbd9876ea6d2d78a85bedc4904c63899 Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Thu, 12 Jun 2008 14:54:56 +1000 +Subject: [PATCH] modes: make aspect choosing work on single output case. + +In the single output enabled case we never enter the loop and test +never gets set and so we fail to match a good mode. + +This was causing my 2560x1600 to end up at 2048x1536. +--- + hw/xfree86/modes/xf86Crtc.c | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c +index 855d646..02c447d 100644 +--- a/hw/xfree86/modes/xf86Crtc.c ++++ b/hw/xfree86/modes/xf86Crtc.c +@@ -1854,6 +1854,7 @@ bestModeForAspect(xf86CrtcConfigPtr config, Bool *enabled, float aspect) + + nextEnabledOutput(config, enabled, &o); + while ((mode = nextAspectMode(config->output[o], mode, aspect))) { ++ test = mode; + for (p = o; nextEnabledOutput(config, enabled, &p); ) { + test = xf86OutputFindClosestMode(config->output[p], mode); + if (!test) +-- +1.5.5.1 + diff --git a/xserver-1.5.0-no-evdev-keyboards-kthnx.patch b/xserver-1.5.0-no-evdev-keyboards-kthnx.patch index 27204b6..fa368bd 100644 --- a/xserver-1.5.0-no-evdev-keyboards-kthnx.patch +++ b/xserver-1.5.0-no-evdev-keyboards-kthnx.patch @@ -1,27 +1,58 @@ -From 3d914c2c1d24886ea81bf70de224370ebdf73b6d Mon Sep 17 00:00:00 2001 -From: Adam Jackson -Date: Tue, 18 Mar 2008 15:11:13 -0400 -Subject: [PATCH] Disable evdev for keyboards. +From e654ed62d44b8d61484f97eab1b1adbfb08d375f Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Thu, 12 Jun 2008 11:52:29 +1000 +Subject: [PATCH] config: disable evdev for keyboards -Hrngh argh hatred. --- - config/hal.c | 3 --- - 1 files changed, 0 insertions(+), 3 deletions(-) + config/hal.c | 28 ++++++++++++++++++++++++++++ + 1 files changed, 28 insertions(+), 0 deletions(-) diff --git a/config/hal.c b/config/hal.c -index 1575422..dcbf715 100644 +index f4eb438..ee0f18f 100644 --- a/config/hal.c +++ b/config/hal.c -@@ -177,9 +177,6 @@ device_added(LibHalContext *hal_ctx, const char *udi) - /* input.keys is the new, of which input.keyboard is a subset, but - * input.keyboard is the old 'we have keys', so we have to keep it - * around. */ -- if (strcmp(props[i], "input.keys") == 0 || -- strcmp(props[i], "input.keyboard") == 0) -- type |= TYPE_KEYS; - if (strcmp(props[i], "input.mouse") == 0 || - strcmp(props[i], "input.touchpad") == 0) - type |= TYPE_POINTER; +@@ -168,6 +168,31 @@ get_prop_string_array(LibHalContext *hal_ctx, const char *udi, const char *prop) + } + #endif + ++static Bool ++get_device_is_keyboard(LibHalContext *hal_ctx, const char *udi, DBusError *error_p) ++{ ++ char **props; ++ int i; ++ Bool ret = FALSE; ++ ++ props = libhal_device_get_property_strlist(hal_ctx, udi, ++ "info.capabilities", error_p); ++ if (!props) { ++ return FALSE; ++ } ++ for (i = 0; props[i]; i++) { ++ if (strcmp(props[i], "input.keys") == 0 || ++ strcmp(props[i], "input.keyboard") == 0) { ++ ret = TRUE; ++ goto out_error; ++ } ++ } ++ ++out_error: ++ libhal_free_string_array(props); ++ return ret; ++} ++ + static void + device_added(LibHalContext *hal_ctx, const char *udi) + { +@@ -184,6 +209,9 @@ device_added(LibHalContext *hal_ctx, const char *udi) + + dbus_error_init(&error); + ++ if (get_device_is_keyboard(hal_ctx, udi, &error)) ++ goto unwind; ++ + driver = get_prop_string(hal_ctx, udi, "input.x11_driver"); + if (!driver){ + /* verbose, don't tell the user unless they _want_ to see it */ -- -1.5.4.3 +1.5.3.7 diff --git a/xserver-1.5.0-selinux-off-by-default.patch b/xserver-1.5.0-selinux-off-by-default.patch deleted file mode 100644 index df4f0c4..0000000 --- a/xserver-1.5.0-selinux-off-by-default.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7007f29215604b2d16c4bda25ec2b752ca05d75f Mon Sep 17 00:00:00 2001 -From: Adam Jackson -Date: Wed, 9 Apr 2008 13:55:25 -0400 -Subject: [PATCH] Default X-SELinux to off. - ---- - os/utils.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/os/utils.c b/os/utils.c -index d785d46..f58c763 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -233,7 +233,7 @@ _X_EXPORT Bool noXInputExtension = FALSE; - _X_EXPORT Bool noXIdleExtension = FALSE; - #endif - #ifdef XSELINUX --_X_EXPORT Bool noSELinuxExtension = FALSE; -+_X_EXPORT Bool noSELinuxExtension = TRUE; - _X_EXPORT int selinuxEnforcingState = SELINUX_MODE_DEFAULT; - #endif - #ifdef XV --- -1.5.4.5 -