xorg-server: Changes to 'ubuntu'

Christopher Halse Rogers Sun, 21 Apr 2013 21:45:12 -0700

 debian/changelog                   |    9 +++++++++
 debian/patches/CVE-2013-1940.patch |   35 +++++++++++++++++++++++++++++++++++
 debian/patches/series              |    1 +
 3 files changed, 45 insertions(+)


New commits:
commit defa6b30be20acd877b986f4a1d9e0f3705ab7cd
Author: Jamie Strandboge <ja...@ubuntu.com>
Date:   Mon Apr 22 14:27:21 2013 +1000

    Release package with patch for CVE-2013-1940

diff --git a/debian/changelog b/debian/changelog
index d4d7dd9..97c7ad9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+xorg-server (2:1.13.3-0ubuntu6) raring; urgency=low
+
+  * SECURITY UPDATE: input event leak via inactive VT
+    - debian/patches/CVE-2013-1940.patch: fix flush input to work with
+      Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
+    - CVE-2013-1940
+
+ -- Jamie Strandboge <ja...@ubuntu.com>  Wed, 17 Apr 2013 09:41:17 -0500
+
 xorg-server (2:1.13.3-0ubuntu5) raring; urgency=low
 
   [ Bryce Harrington ]
diff --git a/debian/patches/CVE-2013-1940.patch 
b/debian/patches/CVE-2013-1940.patch
new file mode 100644
index 0000000..af3ff58
--- /dev/null
+++ b/debian/patches/CVE-2013-1940.patch
@@ -0,0 +1,35 @@
+From 88394b5cf39f298ebaa9a8ce4ace9bef14c2c6ee Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airl...@gmail.com>
+Date: Wed, 10 Apr 2013 16:09:01 +1000
+Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.
+
+So when we VT switch back and attempt to flush the input devices,
+we don't succeed because evdev won't return part of an event,
+since we were only asking for 4 bytes, we'd only get -EINVAL back.
+
+This could later cause events to be flushed that we shouldn't have
+gotten.
+
+This is a fix for CVE-2013-1940.
+
+Signed-off-by: Dave Airlie <airl...@redhat.com>
+---
+ hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xfree86/os-support/shared/posix_tty.c 
b/hw/xfree86/os-support/shared/posix_tty.c
+index ab3757a..4d08c1e 100644
+--- a/hw/xfree86/os-support/shared/posix_tty.c
++++ b/hw/xfree86/os-support/shared/posix_tty.c
+@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
+ {
+     fd_set fds;
+     struct timeval timeout;
+-    char c[4];
++    /* this needs to be big enough to flush an evdev event. */
++    char c[256];
+ 
+     DebugF("FlushingSerial\n");
+     if (tcflush(fd, TCIFLUSH) == 0)
+-- 
+1.8.2
diff --git a/debian/patches/series b/debian/patches/series
index d856ee5..b207b1c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -53,3 +53,4 @@ xserver-call-CSR-for-gpus.patch
 xf86-actually-set-the-compat-output-in-the-failure-c.patch
 autoconfig-fixup-tell-changed-so-randr-clients-can-t.patch
 config-add-no-removal.patch
+CVE-2013-1940.patch


-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1uu8m6-0008sr...@vasks.debian.org

xorg-server: Changes to 'ubuntu'

Reply via email to