From ddba9670c1518d9b420db6a6dca01a4a4a4136c7 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 8 Nov 2011 23:14:49 +0000 Subject: Tue Nov 8 23:14:49 UTC 2011 --- extra/xorg-server/PKGBUILD | 24 +++--- extra/xorg-server/git-fixes.patch | 159 ++++++++++++++++++++++++++------------ 2 files changed, 122 insertions(+), 61 deletions(-) (limited to 'extra/xorg-server') diff --git a/extra/xorg-server/PKGBUILD b/extra/xorg-server/PKGBUILD index 48f500bb4..7145bb168 100644 --- a/extra/xorg-server/PKGBUILD +++ b/extra/xorg-server/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 141677 2011-11-02 06:41:51Z andyrtr $ +# $Id: PKGBUILD 142252 2011-11-07 09:31:56Z andyrtr $ # Maintainer: Jan de Groot pkgbase=xorg-server pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-common' 'xorg-server-devel') -pkgver=1.11.1.902 +pkgver=1.11.2 pkgrel=1 arch=('i686' 'x86_64') license=('custom') @@ -14,18 +14,18 @@ source=(${url}/releases/individual/xserver/${pkgbase}-${pkgver}.tar.bz2 autoconfig-nvidia.patch autoconfig-sis.patch revert-trapezoids.patch - #git-fixes.patch + git-fixes.patch xvfb-run xvfb-run.1 10-quirks.conf) -sha1sums=('235a5d77420df21c8a8eed34e196168bafdbb02b' - '0249b892f27243d8fe6fe6d226bf4c2391cedf49' - '962fecc159c128728f14e8ba231c5b00391ff4ac' - 'd9f7d9553e772c2682c15079019d30c658a4f83b' - #'cd9291fe1fa1b497aa74675afeeb025fe6b23b95' - 'c94f742d3f9cabf958ae58e4015d9dd185aabedc' - '6838fc00ef4618c924a77e0fb03c05346080908a' - '993798f3d22ad672d769dae5f48d1fa068d5578f') +md5sums=('8796fff441e5435ee36a72579008af24' + '6c7e87d63ac4b535e19a80c89d0cf091' + 'f8194638ca4872c2b0a67862a70bcebf' + 'f6c84f4936f8e00abdfbd9fb4eda83fb' + 'b9cdb3855cc2b2e974a98b9a20d1ec2b' + '52fd3effd80d7bc6c1660d4ecf23d31c' + '376c70308715cd2643f7bff936d9934b' + 'd4f7dfc6be4ef4e2c6dd7632a9d88abe') build() { cd "${srcdir}/${pkgbase}-${pkgver}" @@ -40,7 +40,7 @@ build() { patch -Np1 -i "${srcdir}/revert-trapezoids.patch" # Add post-release patches from 1.11 branch - #patch -Np1 -i "${srcdir}/git-fixes.patch" + patch -Np1 -i "${srcdir}/git-fixes.patch" autoreconf -fi ./configure --prefix=/usr \ diff --git a/extra/xorg-server/git-fixes.patch b/extra/xorg-server/git-fixes.patch index a62524bdb..9629b3040 100644 --- a/extra/xorg-server/git-fixes.patch +++ b/extra/xorg-server/git-fixes.patch @@ -1,56 +1,117 @@ -From f80d23357874db19bc124dee70239fb182977883 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Mon, 17 Oct 2011 20:26:12 +0000 -Subject: Fix CVE-2011-4028: File disclosure vulnerability. - -use O_NOFOLLOW to open the existing lock file, so symbolic links -aren't followed, thus avoid revealing if it point to an existing -file. - -Signed-off-by: Matthieu Herrb -Reviewed-by: Alan Coopersmith -(cherry picked from commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34) +From 89626304ea1ad316c5b7145a40f09377148cff21 Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Thu, 20 Oct 2011 13:43:01 +0000 +Subject: xf86Crtc: handle no outputs with no modes harder. + +If you started an X server with no connected outputs, we pick a default +1024x768 mode, however if you then ran an xvidmode using app against that +server it would segfault the server due to not finding any valid modes. + +This was due to the no output mode set code, only adding the modes to the +scrn->modes once, when something called randr 1.2 xf86SetScrnInfoModes would +get called and remove all the modes and we'd end up with 0. + +This change fixes xf86SetScrnInfoModes to always report a scrn mode of at +least 1024x768, and pushes the initial configuration to just call it instead +of setting up the mode itself. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=746926 + +I've seen other bugs like this on other distros so it might also actually fix them. + +Signed-off-by: Dave Airlie +Reviewed-by: Keith Packard +Signed-off-by: Keith Packard +(cherry picked from commit 17416e88dcfcc584fe5f87580d5d2b719b3521c3) --- -diff --git a/os/utils.c b/os/utils.c -index 36cb46f..9e0acb6 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -316,7 +316,7 @@ LockServer(void) - /* - * Read the pid from the existing file - */ -- lfd = open(LockFile, O_RDONLY); -+ lfd = open(LockFile, O_RDONLY|O_NOFOLLOW); - if (lfd < 0) { - unlink(tmp); - FatalError("Can't read lock file %s\n", LockFile); +diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c +index d75cd77..8906806 100644 +--- a/hw/xfree86/modes/xf86Crtc.c ++++ b/hw/xfree86/modes/xf86Crtc.c +@@ -1915,19 +1915,25 @@ xf86SetScrnInfoModes (ScrnInfoPtr scrn) + break; + } + +- if (scrn->modes != NULL) { +- /* For some reason, scrn->modes is circular, unlike the other mode +- * lists. How great is that? +- */ +- for (last = scrn->modes; last && last->next; last = last->next) +- ; +- last->next = scrn->modes; +- scrn->modes->prev = last; +- if (mode) { +- while (scrn->modes != mode) +- scrn->modes = scrn->modes->next; +- } ++ if (!scrn->modes) { ++ scrn->modes = xf86ModesAdd(scrn->modes, ++ xf86CVTMode(scrn->display->virtualX, ++ scrn->display->virtualY, ++ 60, 0, 0)); ++ } ++ ++ /* For some reason, scrn->modes is circular, unlike the other mode ++ * lists. How great is that? ++ */ ++ for (last = scrn->modes; last && last->next; last = last->next) ++ ; ++ last->next = scrn->modes; ++ scrn->modes->prev = last; ++ if (mode) { ++ while (scrn->modes != mode) ++ scrn->modes = scrn->modes->next; + } ++ + scrn->currentMode = scrn->modes; + #ifdef XFreeXDGA + if (scrn->pScreen) +@@ -2529,16 +2535,7 @@ xf86InitialConfiguration (ScrnInfoPtr scrn, Bool canGrow) + width, height); + } + +- if (have_outputs) { +- /* Mirror output modes to scrn mode list */ +- xf86SetScrnInfoModes (scrn); +- } else { +- /* Clear any existing modes from scrn->modes */ +- while (scrn->modes != NULL) +- xf86DeleteMode(&scrn->modes, scrn->modes); +- scrn->modes = xf86ModesAdd(scrn->modes, +- xf86CVTMode(width, height, 60, 0, 0)); +- } ++ xf86SetScrnInfoModes (scrn); + + success = TRUE; + bailout: -- cgit v0.9.0.2-2-gbebe -From 12f65819ffb04103f170ecd7e281348de618fc4c Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Mon, 17 Oct 2011 20:27:35 +0000 -Subject: Fix CVE-2011-4029: File permission change vulnerability. - -Use fchmod() to change permissions of the lock file instead -of chmod(), thus avoid the race that can be exploited to set -a symbolic link to any file or directory in the system. - -Signed-off-by: Matthieu Herrb -Reviewed-by: Alan Coopersmith -(cherry picked from commit b67581cf825940fdf52bf2e0af4330e695d724a4) +From 97f2ae60fc0cc755abd8b88df826fcb1a20464fe Mon Sep 17 00:00:00 2001 +From: Christopher Yeleighton +Date: Tue, 25 Oct 2011 01:47:06 +0000 +Subject: Bug 38420: Xvfb crashes in miInitVisuals() when started with depth=2 + +https://bugs.freedesktop.org/show_bug.cgi?id=38420 + +Exit with fatal error message, not segfault. + +Signed-off-by: Alan Coopersmith +Reviewed-by: Jeremy Huddleston +Signed-off-by: Keith Packard +(cherry picked from commit 7d50211ab57a35910d79fc3f67ae89aff91fa995) --- -diff --git a/os/utils.c b/os/utils.c -index 9e0acb6..d9aa65e 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -295,7 +295,7 @@ LockServer(void) - FatalError("Could not create lock file in %s\n", tmp); - (void) sprintf(pid_str, "%10ld\n", (long)getpid()); - (void) write(lfd, pid_str, 11); -- (void) chmod(tmp, 0444); -+ (void) fchmod(lfd, 0444); - (void) close(lfd); +diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c +index 31ed505..dce3f84 100644 +--- a/hw/vfb/InitOutput.c ++++ b/hw/vfb/InitOutput.c +@@ -864,6 +864,8 @@ vfbScreenInit(int index, ScreenPtr pScreen, int argc, char **argv) + (1 << DirectColor)), + 10, TrueColor, 0x3ff00000, 0x000ffc00, 0x000003ff); + break; ++ default: ++ return FALSE; + } - /* + miSetPixmapDepths (); -- cgit v0.9.0.2-2-gbebe -- cgit v1.2.3-54-g00ecf