[gentoo-commits] gentoo-x86 commit in x11-base/xorg-server/files: xorg-server-1.9-cve-2013-1940.patch xorg-server-1.12-cve-2013-1940.patch

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] gentoo-x86 commit in x11-base/xorg-server/files: xorg-server-1.9-cve-2013-1940.patch xorg-server-1.12-cve-2013-1940.patch
@ 2013-04-17 22:47 Chi-Thanh Christopher Nguyen (chithanh)
  0 siblings, 0 replies; only message in thread
From: Chi-Thanh Christopher Nguyen (chithanh) @ 2013-04-17 22:47 UTC (permalink / raw
  To: gentoo-commits

chithanh    13/04/17 22:47:56

  Added:                xorg-server-1.9-cve-2013-1940.patch
                        xorg-server-1.12-cve-2013-1940.patch
  Log:
  Bump/patch for security bug #466222.
  
  (Portage version: 2.1.11.55/cvs/Linux x86_64, unsigned Manifest commit)

Revision  Changes    Path
1.1                  x11-base/xorg-server/files/xorg-server-1.9-cve-2013-1940.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-base/xorg-server/files/xorg-server-1.9-cve-2013-1940.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-base/xorg-server/files/xorg-server-1.9-cve-2013-1940.patch?rev=1.1&content-type=text/plain

Index: xorg-server-1.9-cve-2013-1940.patch
===================================================================
From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@gmail.com>
Date: Wed, 10 Apr 2013 06:09:01 +0000
Subject: xf86: fix flush input to work with Linux evdev devices.

So when we VT switch back and attempt to flush the input devices,
we don't succeed because evdev won't return part of an event,
since we were only asking for 4 bytes, we'd only get -EINVAL back.

This could later cause events to be flushed that we shouldn't have
gotten.

This is a fix for CVE-2013-1940.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

diff -ur a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
--- a/hw/xfree86/os-support/shared/posix_tty.c	2010-06-11 08:10:22.000000000 +0200
+++ b/hw/xfree86/os-support/shared/posix_tty.c	2013-04-17 22:49:20.389795964 +0200
@@ -460,7 +460,8 @@
 {
 	fd_set fds;
 	struct timeval timeout;
-	char c[4];
+	/* this needs to be big enough to flush an evdev event. */
+	char c[256];
 
 	DebugF("FlushingSerial\n");
 	if (tcflush(fd, TCIFLUSH) == 0)



1.1                  x11-base/xorg-server/files/xorg-server-1.12-cve-2013-1940.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-1940.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-1940.patch?rev=1.1&content-type=text/plain

Index: xorg-server-1.12-cve-2013-1940.patch
===================================================================
From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@gmail.com>
Date: Wed, 10 Apr 2013 06:09:01 +0000
Subject: xf86: fix flush input to work with Linux evdev devices.

So when we VT switch back and attempt to flush the input devices,
we don't succeed because evdev won't return part of an event,
since we were only asking for 4 bytes, we'd only get -EINVAL back.

This could later cause events to be flushed that we shouldn't have
gotten.

This is a fix for CVE-2013-1940.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
 {
     fd_set fds;
     struct timeval timeout;
-    char c[4];
+    /* this needs to be big enough to flush an evdev event. */
+    char c[256];
 
     DebugF("FlushingSerial\n");
     if (tcflush(fd, TCIFLUSH) == 0)
--
cgit v0.9.0.2-2-gbebe





^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2013-04-17 22:48 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-17 22:47 [gentoo-commits] gentoo-x86 commit in x11-base/xorg-server/files: xorg-server-1.9-cve-2013-1940.patch xorg-server-1.12-cve-2013-1940.patch Chi-Thanh Christopher Nguyen (chithanh)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox