[arch-commits] Commit in xorg-server/repos (4 files)
Laurent Carlier
lcarlier at nymeria.archlinux.org
Mon Jan 6 22:20:54 UTC 2014
Date: Monday, January 6, 2014 @ 23:20:54
Author: lcarlier
Revision: 203261
fix CVE-2013-6424 (FS#38401)
Added:
xorg-server/repos/extra-i686/CVE-2013-6424.diff
xorg-server/repos/extra-x86_64/CVE-2013-6424.diff
Modified:
xorg-server/repos/extra-i686/PKGBUILD
xorg-server/repos/extra-x86_64/PKGBUILD
---------------------------------+
extra-i686/CVE-2013-6424.diff | 49 ++++++++++++++++++++++++++++++++++++++
extra-i686/PKGBUILD | 11 ++++++--
extra-x86_64/CVE-2013-6424.diff | 49 ++++++++++++++++++++++++++++++++++++++
extra-x86_64/PKGBUILD | 11 ++++++--
4 files changed, 114 insertions(+), 6 deletions(-)
Added: extra-i686/CVE-2013-6424.diff
===================================================================
--- extra-i686/CVE-2013-6424.diff (rev 0)
+++ extra-i686/CVE-2013-6424.diff 2014-01-06 22:20:54 UTC (rev 203261)
@@ -0,0 +1,49 @@
+From patchwork Wed Oct 2 13:47:54 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: exa: only draw valid trapezoids
+From: Maarten Lankhorst <maarten.lankhorst at canonical.com>
+X-Patchwork-Id: 14769
+Message-Id: <524C240A.9010607 at canonical.com>
+To: "X.Org Devel List" <xorg-devel at lists.freedesktop.org>
+Date: Wed, 02 Oct 2013 15:47:54 +0200
+
+Fixes freedesktop.org bug https://bugs.freedesktop.org/show_bug.cgi?id=67484
+
+If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly.
+A similar fix should also be applied to pixman.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
+
+---
+
+
+diff --git a/exa/exa_render.c b/exa/exa_render.c
+index 172e2b5..807eeba 100644
+--- a/exa/exa_render.c
++++ b/exa/exa_render.c
+@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
+
+ exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ for (; ntrap; ntrap--, traps++)
+- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
++ if (xTrapezoidValid(traps))
++ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
+ exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+
+ xRel = bounds.x1 + xSrc - xDst;
+diff --git a/render/picture.h b/render/picture.h
+index c85353a..fcd6401 100644
+--- a/render/picture.h
++++ b/render/picture.h
+@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
+ /* whether 't' is a well defined not obviously empty trapezoid */
+ #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
+ (t)->right.p1.y != (t)->right.p2.y && \
+- (int) ((t)->bottom - (t)->top) > 0)
++ ((t)->bottom > (t)->top))
+
+ /*
+ * Standard NTSC luminance conversions:
+
Modified: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2014-01-06 22:12:15 UTC (rev 203260)
+++ extra-i686/PKGBUILD 2014-01-06 22:20:54 UTC (rev 203261)
@@ -5,7 +5,7 @@
pkgbase=xorg-server
pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-common' 'xorg-server-devel')
pkgver=1.14.5
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
license=('custom')
url="http://xorg.freedesktop.org"
@@ -22,7 +22,8 @@
xvfb-run
xvfb-run.1
10-quirks.conf
- fb-rename-wfbDestroyGlyphCache.patch)
+ fb-rename-wfbDestroyGlyphCache.patch
+ CVE-2013-6424.diff)
sha256sums=('8d0f06bf1416487a5170318477088826a8d737d4a201e996b2dc1ecff47461d1'
'66e25f76a7496c429e0aff4b0670f168719bb0ceaeb88c6f2272f2bf3ed21162'
'd027776fac1f7675b0a9ee817502290b1c45f9c09b0f0a6bb058c35f92361e84'
@@ -32,7 +33,8 @@
'ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9'
'2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776'
'94612f5c0d34a3b7152915c2e285c7b462e9d8e38d3539bd551a339498eac166'
- 'd0832cc16b5e6c1dee2959055a4b327f5c87e2a67b5f427d654663057207b2c1')
+ 'd0832cc16b5e6c1dee2959055a4b327f5c87e2a67b5f427d654663057207b2c1'
+ '89948993afd4d9aec6a0bdbaf62f494e9956bb77a0386307d497f340a818ff61')
prepare() {
cd "${pkgbase}-${pkgver}"
@@ -53,6 +55,9 @@
# http://cgit.freedesktop.org/xorg/xserver/commit/fb/wfbrename.h?id=5047810a4c20fab444b8c6eb146c55dcdb0d4219
patch -Np1 -i ../fb-rename-wfbDestroyGlyphCache.patch
+
+ # Fix CVE-2013-6424 (FS#38401)
+ patch -Np1 -i ../CVE-2013-6424.diff
}
build() {
Added: extra-x86_64/CVE-2013-6424.diff
===================================================================
--- extra-x86_64/CVE-2013-6424.diff (rev 0)
+++ extra-x86_64/CVE-2013-6424.diff 2014-01-06 22:20:54 UTC (rev 203261)
@@ -0,0 +1,49 @@
+From patchwork Wed Oct 2 13:47:54 2013
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: exa: only draw valid trapezoids
+From: Maarten Lankhorst <maarten.lankhorst at canonical.com>
+X-Patchwork-Id: 14769
+Message-Id: <524C240A.9010607 at canonical.com>
+To: "X.Org Devel List" <xorg-devel at lists.freedesktop.org>
+Date: Wed, 02 Oct 2013 15:47:54 +0200
+
+Fixes freedesktop.org bug https://bugs.freedesktop.org/show_bug.cgi?id=67484
+
+If t->bottom is close to MIN_INT, removing top can wraparound, so do the check properly.
+A similar fix should also be applied to pixman.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
+
+---
+
+
+diff --git a/exa/exa_render.c b/exa/exa_render.c
+index 172e2b5..807eeba 100644
+--- a/exa/exa_render.c
++++ b/exa/exa_render.c
+@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
+
+ exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+ for (; ntrap; ntrap--, traps++)
+- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
++ if (xTrapezoidValid(traps))
++ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
+ exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
+
+ xRel = bounds.x1 + xSrc - xDst;
+diff --git a/render/picture.h b/render/picture.h
+index c85353a..fcd6401 100644
+--- a/render/picture.h
++++ b/render/picture.h
+@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
+ /* whether 't' is a well defined not obviously empty trapezoid */
+ #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
+ (t)->right.p1.y != (t)->right.p2.y && \
+- (int) ((t)->bottom - (t)->top) > 0)
++ ((t)->bottom > (t)->top))
+
+ /*
+ * Standard NTSC luminance conversions:
+
Modified: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2014-01-06 22:12:15 UTC (rev 203260)
+++ extra-x86_64/PKGBUILD 2014-01-06 22:20:54 UTC (rev 203261)
@@ -5,7 +5,7 @@
pkgbase=xorg-server
pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-common' 'xorg-server-devel')
pkgver=1.14.5
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
license=('custom')
url="http://xorg.freedesktop.org"
@@ -22,7 +22,8 @@
xvfb-run
xvfb-run.1
10-quirks.conf
- fb-rename-wfbDestroyGlyphCache.patch)
+ fb-rename-wfbDestroyGlyphCache.patch
+ CVE-2013-6424.diff)
sha256sums=('8d0f06bf1416487a5170318477088826a8d737d4a201e996b2dc1ecff47461d1'
'66e25f76a7496c429e0aff4b0670f168719bb0ceaeb88c6f2272f2bf3ed21162'
'd027776fac1f7675b0a9ee817502290b1c45f9c09b0f0a6bb058c35f92361e84'
@@ -32,7 +33,8 @@
'ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9'
'2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776'
'94612f5c0d34a3b7152915c2e285c7b462e9d8e38d3539bd551a339498eac166'
- 'd0832cc16b5e6c1dee2959055a4b327f5c87e2a67b5f427d654663057207b2c1')
+ 'd0832cc16b5e6c1dee2959055a4b327f5c87e2a67b5f427d654663057207b2c1'
+ '89948993afd4d9aec6a0bdbaf62f494e9956bb77a0386307d497f340a818ff61')
prepare() {
cd "${pkgbase}-${pkgver}"
@@ -53,6 +55,9 @@
# http://cgit.freedesktop.org/xorg/xserver/commit/fb/wfbrename.h?id=5047810a4c20fab444b8c6eb146c55dcdb0d4219
patch -Np1 -i ../fb-rename-wfbDestroyGlyphCache.patch
+
+ # Fix CVE-2013-6424 (FS#38401)
+ patch -Np1 -i ../CVE-2013-6424.diff
}
build() {
More information about the arch-commits
mailing list