diff options
author | root <root@rshg054.dnsready.net> | 2011-11-08 23:14:49 +0000 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2011-11-08 23:14:49 +0000 |
commit | ddba9670c1518d9b420db6a6dca01a4a4a4136c7 (patch) | |
tree | 8b5ba5ea49ecb6848eba27d2eb609100de5e760a /extra/xorg-server/git-fixes.patch | |
parent | effb26c3b1f00bf8bea4e2562f07f9a06eb67606 (diff) |
Tue Nov 8 23:14:49 UTC 2011
Diffstat (limited to 'extra/xorg-server/git-fixes.patch')
-rw-r--r-- | extra/xorg-server/git-fixes.patch | 159 |
1 files changed, 110 insertions, 49 deletions
diff --git a/extra/xorg-server/git-fixes.patch b/extra/xorg-server/git-fixes.patch index a62524bdb..9629b3040 100644 --- a/extra/xorg-server/git-fixes.patch +++ b/extra/xorg-server/git-fixes.patch @@ -1,56 +1,117 @@ -From f80d23357874db19bc124dee70239fb182977883 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu.herrb@laas.fr> -Date: Mon, 17 Oct 2011 20:26:12 +0000 -Subject: Fix CVE-2011-4028: File disclosure vulnerability. - -use O_NOFOLLOW to open the existing lock file, so symbolic links -aren't followed, thus avoid revealing if it point to an existing -file. - -Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -(cherry picked from commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34) +From 89626304ea1ad316c5b7145a40f09377148cff21 Mon Sep 17 00:00:00 2001 +From: Dave Airlie <airlied@redhat.com> +Date: Thu, 20 Oct 2011 13:43:01 +0000 +Subject: xf86Crtc: handle no outputs with no modes harder. + +If you started an X server with no connected outputs, we pick a default +1024x768 mode, however if you then ran an xvidmode using app against that +server it would segfault the server due to not finding any valid modes. + +This was due to the no output mode set code, only adding the modes to the +scrn->modes once, when something called randr 1.2 xf86SetScrnInfoModes would +get called and remove all the modes and we'd end up with 0. + +This change fixes xf86SetScrnInfoModes to always report a scrn mode of at +least 1024x768, and pushes the initial configuration to just call it instead +of setting up the mode itself. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=746926 + +I've seen other bugs like this on other distros so it might also actually fix them. + +Signed-off-by: Dave Airlie <airlied@redhat.com> +Reviewed-by: Keith Packard <keithp@keithp.com> +Signed-off-by: Keith Packard <keithp@keithp.com> +(cherry picked from commit 17416e88dcfcc584fe5f87580d5d2b719b3521c3) --- -diff --git a/os/utils.c b/os/utils.c -index 36cb46f..9e0acb6 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -316,7 +316,7 @@ LockServer(void) - /* - * Read the pid from the existing file - */ -- lfd = open(LockFile, O_RDONLY); -+ lfd = open(LockFile, O_RDONLY|O_NOFOLLOW); - if (lfd < 0) { - unlink(tmp); - FatalError("Can't read lock file %s\n", LockFile); +diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c +index d75cd77..8906806 100644 +--- a/hw/xfree86/modes/xf86Crtc.c ++++ b/hw/xfree86/modes/xf86Crtc.c +@@ -1915,19 +1915,25 @@ xf86SetScrnInfoModes (ScrnInfoPtr scrn) + break; + } + +- if (scrn->modes != NULL) { +- /* For some reason, scrn->modes is circular, unlike the other mode +- * lists. How great is that? +- */ +- for (last = scrn->modes; last && last->next; last = last->next) +- ; +- last->next = scrn->modes; +- scrn->modes->prev = last; +- if (mode) { +- while (scrn->modes != mode) +- scrn->modes = scrn->modes->next; +- } ++ if (!scrn->modes) { ++ scrn->modes = xf86ModesAdd(scrn->modes, ++ xf86CVTMode(scrn->display->virtualX, ++ scrn->display->virtualY, ++ 60, 0, 0)); ++ } ++ ++ /* For some reason, scrn->modes is circular, unlike the other mode ++ * lists. How great is that? ++ */ ++ for (last = scrn->modes; last && last->next; last = last->next) ++ ; ++ last->next = scrn->modes; ++ scrn->modes->prev = last; ++ if (mode) { ++ while (scrn->modes != mode) ++ scrn->modes = scrn->modes->next; + } ++ + scrn->currentMode = scrn->modes; + #ifdef XFreeXDGA + if (scrn->pScreen) +@@ -2529,16 +2535,7 @@ xf86InitialConfiguration (ScrnInfoPtr scrn, Bool canGrow) + width, height); + } + +- if (have_outputs) { +- /* Mirror output modes to scrn mode list */ +- xf86SetScrnInfoModes (scrn); +- } else { +- /* Clear any existing modes from scrn->modes */ +- while (scrn->modes != NULL) +- xf86DeleteMode(&scrn->modes, scrn->modes); +- scrn->modes = xf86ModesAdd(scrn->modes, +- xf86CVTMode(width, height, 60, 0, 0)); +- } ++ xf86SetScrnInfoModes (scrn); + + success = TRUE; + bailout: -- cgit v0.9.0.2-2-gbebe -From 12f65819ffb04103f170ecd7e281348de618fc4c Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu.herrb@laas.fr> -Date: Mon, 17 Oct 2011 20:27:35 +0000 -Subject: Fix CVE-2011-4029: File permission change vulnerability. - -Use fchmod() to change permissions of the lock file instead -of chmod(), thus avoid the race that can be exploited to set -a symbolic link to any file or directory in the system. - -Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -(cherry picked from commit b67581cf825940fdf52bf2e0af4330e695d724a4) +From 97f2ae60fc0cc755abd8b88df826fcb1a20464fe Mon Sep 17 00:00:00 2001 +From: Christopher Yeleighton <giecrilj@stegny.2a.pl> +Date: Tue, 25 Oct 2011 01:47:06 +0000 +Subject: Bug 38420: Xvfb crashes in miInitVisuals() when started with depth=2 + +https://bugs.freedesktop.org/show_bug.cgi?id=38420 + +Exit with fatal error message, not segfault. + +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> +Signed-off-by: Keith Packard <keithp@keithp.com> +(cherry picked from commit 7d50211ab57a35910d79fc3f67ae89aff91fa995) --- -diff --git a/os/utils.c b/os/utils.c -index 9e0acb6..d9aa65e 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -295,7 +295,7 @@ LockServer(void) - FatalError("Could not create lock file in %s\n", tmp); - (void) sprintf(pid_str, "%10ld\n", (long)getpid()); - (void) write(lfd, pid_str, 11); -- (void) chmod(tmp, 0444); -+ (void) fchmod(lfd, 0444); - (void) close(lfd); +diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c +index 31ed505..dce3f84 100644 +--- a/hw/vfb/InitOutput.c ++++ b/hw/vfb/InitOutput.c +@@ -864,6 +864,8 @@ vfbScreenInit(int index, ScreenPtr pScreen, int argc, char **argv) + (1 << DirectColor)), + 10, TrueColor, 0x3ff00000, 0x000ffc00, 0x000003ff); + break; ++ default: ++ return FALSE; + } - /* + miSetPixmapDepths (); -- cgit v0.9.0.2-2-gbebe |