debian/changelog | 22 +++
debian/patches/CVE-2013-1940.patch | 35 ++++++
debian/patches/include-GPU-screens-in-DPMS-code.patch | 105 ++++++++++++++++++
debian/patches/series | 6 -
debian/patches/xf86-detach-scanout.patch | 75 ++++++++++++
debian/patches/xf86-dont-enable-gpuscreens.patch | 64 ++++++++++
debian/patches/xf86-fixup-detection.patch | 79 +++++++++++++
7 files changed, 385 insertions(+), 1 deletion(-)
New commits:
commit 3e40f1977e6f9030ba851bfbf97b4d3d87d0cbfb
Author: Maarten Lankhorst <maarten.lankho...@canonical.com>
Date: Wed May 1 09:41:48 2013 +0200
prepare ubuntu6.1 sru
diff --git a/debian/changelog b/debian/changelog
index 97c7ad9..f86d33c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+xorg-server (2:1.13.3-0ubuntu6.1) UNRELEASED; urgency=low
+
+ * Add patch to fixup optimus again. (LP: #1185014)
+ - xf86-dont-enable-gpuscreens.patch
+ * Add patch to fix DPMS. (LP: #1184999)
+ - include-GPU-screens-in-DPMS-code.patch
+ * Add patch to fix crash on hybrid systems during shutdown. (LP: #1185035)
+ - xf86-detach-scanout.patch
+ * Add patch to fix device enumeration with nvidia drivers. (LP: #1190546)
+ - xf86-fixup-detection.patch
+
+ -- Maarten Lankhorst <maarten.lankho...@ubuntu.com> Wed, 01 May 2013
10:35:55 +0200
+
xorg-server (2:1.13.3-0ubuntu6) raring; urgency=low
* SECURITY UPDATE: input event leak via inactive VT
diff --git a/debian/patches/include-GPU-screens-in-DPMS-code.patch
b/debian/patches/include-GPU-screens-in-DPMS-code.patch
new file mode 100644
index 0000000..d3439ea
--- /dev/null
+++ b/debian/patches/include-GPU-screens-in-DPMS-code.patch
@@ -0,0 +1,105 @@
+From 6238bd68bd71323f8b4f1808f34dabe2ae447fe3 Mon Sep 17 00:00:00 2001
+From: Aaron Plattner <aplatt...@nvidia.com>
+Date: Tue, 5 Mar 2013 13:04:46 -0800
+Subject: [PATCH] DPMS: include GPU screens in DPMS code
+
+Otherwise, displays driven by GPU screens remain on all the time.
+
+Signed-off-by: Aaron Plattner <aplatt...@nvidia.com>
+Reviewed-by: Alex Deucher <alexander.deuc...@amd.com>
+Signed-off-by: Keith Packard <kei...@keithp.com>
+---
+ hw/xfree86/common/xf86DPMS.c | 45 ++++++++++++++++++++++++++++++--------------
+ 1 file changed, 31 insertions(+), 14 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86DPMS.c b/hw/xfree86/common/xf86DPMS.c
+index ef4a2c1..3f1e142 100644
+--- a/hw/xfree86/common/xf86DPMS.c
++++ b/hw/xfree86/common/xf86DPMS.c
+@@ -130,6 +130,19 @@ DPMSClose(ScreenPtr pScreen)
+ return pScreen->CloseScreen(pScreen);
+ }
+
++static void
++DPMSSetScreen(ScrnInfoPtr pScrn, int level)
++{
++ ScreenPtr pScreen = xf86ScrnToScreen(pScrn);
++ DPMSPtr pDPMS = dixLookupPrivate(&pScreen->devPrivates, DPMSKey);
++
++ if (pDPMS && pScrn->DPMSSet && pDPMS->Enabled && pScrn->vtSema) {
++ xf86VGAarbiterLock(pScrn);
++ pScrn->DPMSSet(pScrn, level, 0);
++ xf86VGAarbiterUnlock(pScrn);
++ }
++}
++
+ /*
+ * DPMSSet --
+ * Device dependent DPMS mode setting hook. This is called whenever
+@@ -139,8 +152,6 @@ int
+ DPMSSet(ClientPtr client, int level)
+ {
+ int rc, i;
+- DPMSPtr pDPMS;
+- ScrnInfoPtr pScrn;
+
+ DPMSPowerLevel = level;
+
+@@ -155,17 +166,23 @@ DPMSSet(ClientPtr client, int level)
+
+ /* For each screen, set the DPMS level */
+ for (i = 0; i < xf86NumScreens; i++) {
+- pScrn = xf86Screens[i];
+- pDPMS = dixLookupPrivate(&screenInfo.screens[i]->devPrivates,
DPMSKey);
+- if (pDPMS && pScrn->DPMSSet && pDPMS->Enabled && pScrn->vtSema) {
+- xf86VGAarbiterLock(pScrn);
+- pScrn->DPMSSet(pScrn, level, 0);
+- xf86VGAarbiterUnlock(pScrn);
+- }
++ DPMSSetScreen(xf86Screens[i], level);
++ }
++ for (i = 0; i < xf86NumGPUScreens; i++) {
++ DPMSSetScreen(xf86GPUScreens[i], level);
+ }
+ return Success;
+ }
+
++static Bool
++DPMSSupportedOnScreen(ScrnInfoPtr pScrn)
++{
++ ScreenPtr pScreen = xf86ScrnToScreen(pScrn);
++ DPMSPtr pDPMS = dixLookupPrivate(&pScreen->devPrivates, DPMSKey);
++
++ return pDPMS && pScrn->DPMSSet;
++}
++
+ /*
+ * DPMSSupported --
+ * Return TRUE if any screen supports DPMS.
+@@ -174,8 +191,6 @@ Bool
+ DPMSSupported(void)
+ {
+ int i;
+- DPMSPtr pDPMS;
+- ScrnInfoPtr pScrn;
+
+ if (DPMSKey == NULL) {
+ return FALSE;
+@@ -183,9 +198,11 @@ DPMSSupported(void)
+
+ /* For each screen, check if DPMS is supported */
+ for (i = 0; i < xf86NumScreens; i++) {
+- pScrn = xf86Screens[i];
+- pDPMS = dixLookupPrivate(&screenInfo.screens[i]->devPrivates,
DPMSKey);
+- if (pDPMS && pScrn->DPMSSet)
++ if (DPMSSupportedOnScreen(xf86Screens[i]))
++ return TRUE;
++ }
++ for (i = 0; i < xf86NumGPUScreens; i++) {
++ if (DPMSSupportedOnScreen(xf86GPUScreens[i]))
+ return TRUE;
+ }
+ return FALSE;
+--
+1.8.3
+
diff --git a/debian/patches/series b/debian/patches/series
index b207b1c..38a1533 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -34,14 +34,16 @@ xephyr-glx-register.patch
no-nv.patch
## waiting for review by upstream
+xf86-dont-enable-gpuscreens.patch
111_armel-drv-fallbacks.patch
500_pointer_barrier_thresholds.diff
-
## upstream patches
os-use-libunwind-to-generate-backtraces.patch
+include-GPU-screens-in-DPMS-code.patch
# hybrid graphics fixes for xserver 1.13
228_autobind_gpu.patch
+xf86-fixup-detection.patch
# hotplug fixes
xfree86-hotplug-cleanup-properly-if-the-screen-fails.patch
@@ -54,3 +56,4 @@ xf86-actually-set-the-compat-output-in-the-failure-c.patch
autoconfig-fixup-tell-changed-so-randr-clients-can-t.patch
config-add-no-removal.patch
CVE-2013-1940.patch
+xf86-detach-scanout.patch
diff --git a/debian/patches/xf86-detach-scanout.patch
b/debian/patches/xf86-detach-scanout.patch
new file mode 100644
index 0000000..e25bd48
--- /dev/null
+++ b/debian/patches/xf86-detach-scanout.patch
@@ -0,0 +1,75 @@
+From: Aaron Plattner <aplatt...@nvidia.com>
+To: <xorg-de...@lists.x.org>
+Subject: [PATCH] xfree86: detach scanout pixmaps when detaching output GPUs
+Date: Tue, 30 Apr 2013 14:14:23 -0700
+
+Commit 8f4640bdb9d3988148e09a08d2c7e3bab1d538d6 fixed a bit of a
+chicken-and-egg problem by detaching GPU screens when their providers
+are destroyed, which happens before CloseScreen is called. However,
+this created a new problem: the GPU screen tears down its RandR crtc
+objects during CloseScreen and if one of them is active, it tries to
+detach the scanout pixmap then. This crashes because
+RRCrtcDetachScanoutPixmap tries to get the master screen's screen
+pixmap, but crtc->pScreen->current_master is already NULL at that
+point.
+
+It doesn't make sense for an unbound GPU screen to still be scanning
+out its former master screen's pixmap, so detach them first when the
+provider is destroyed.
+
+Signed-off-by: Aaron Plattner <aplatt...@nvidia.com>
+---
+Dave, does this seem like a reasonable way to work around this particular
crash?
+
+ hw/xfree86/modes/xf86RandR12.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+--- a/hw/xfree86/modes/xf86RandR12.c
++++ b/hw/xfree86/modes/xf86RandR12.c
+@@ -1770,6 +1770,19 @@
+ return RRGetInfo(pScreen, TRUE); /* force a re-probe of outputs and
notify clients about changes */
+ }
+
++static void
++xf86DetachOutputGPU(ScreenPtr pScreen)
++{
++ rrScrPrivPtr rp = rrGetScrPriv(pScreen);
++ int i;
++
++ /* make sure there are no attached shared scanout pixmaps first */
++ for (i = 0; i < rp->numCrtcs; i++)
++ RRCrtcDetachScanoutPixmap(rp->crtcs[i]);
++
++ DetachOutputGPU(pScreen);
++}
++
+ static Bool
+ xf86RandR14ProviderSetOutputSource(ScreenPtr pScreen,
+ RRProviderPtr provider,
+@@ -1779,7 +1792,7 @@
+ if (provider->output_source) {
+ ScreenPtr cmScreen = pScreen->current_master;
+
+- DetachOutputGPU(pScreen);
++ xf86DetachOutputGPU(pScreen);
+ AttachUnboundGPU(cmScreen, pScreen);
+ }
+ provider->output_source = NULL;
+@@ -1807,7 +1820,7 @@
+ if (!sink_provider) {
+ if (provider->offload_sink) {
+ ScreenPtr cmScreen = pScreen->current_master;
+- DetachOutputGPU(pScreen);
++ xf86DetachOutputGPU(pScreen);
+ AttachUnboundGPU(cmScreen, pScreen);
+ }
+
+@@ -1900,7 +1913,7 @@
+ detached = TRUE;
+ }
+ if (config->randr_provider->output_source) {
+- DetachOutputGPU(screen);
++ xf86DetachOutputGPU(screen);
+ config->randr_provider->output_source = NULL;
+ RRSetChanged(screen);
+ detached = TRUE;
diff --git a/debian/patches/xf86-dont-enable-gpuscreens.patch
b/debian/patches/xf86-dont-enable-gpuscreens.patch
new file mode 100644
index 0000000..64531ab
--- /dev/null
+++ b/debian/patches/xf86-dont-enable-gpuscreens.patch
@@ -0,0 +1,64 @@
+From: Aaron Plattner <aplatt...@nvidia.com>
+To: <xorg-de...@lists.x.org>
+Subject: [PATCH] xfree86: don't enable anything in xf86InitialConfiguration
+ for GPU screens
+Date: Tue, 30 Apr 2013 14:30:18 -0700
+
+There's no point in turning on outputs connected to GPU screens during initial
+configuration. Not only does this cause them to just display black, it also
+confuses clients when these screens are attached to a master screen and RandR
+reports that the outputs are already on.
+
+Also, don't print the warning about no outputs being found on GPU screens,
+since that's expected.
+
+Signed-off-by: Aaron Plattner <aplatt...@nvidia.com>
+---
+Dave, this fixes the black screen problem with "gpu: call CreateScreenResources
+for GPU screens"
+
+ hw/xfree86/modes/xf86Crtc.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
+index 4a490c6..35845e8 100644
+--- a/hw/xfree86/modes/xf86Crtc.c
++++ b/hw/xfree86/modes/xf86Crtc.c
+@@ -1997,6 +1997,14 @@ xf86CollectEnabledOutputs(ScrnInfoPtr scrn,
xf86CrtcConfigPtr config,
+ Bool any_enabled = FALSE;
+ int o;
+
++ /*
++ * Don't bother enabling outputs on GPU screens: a client needs to attach
++ * it to a source provider before setting a mode that scans out a shared
++ * pixmap.
++ */
++ if (scrn->is_gpu)
++ return FALSE;
++
+ for (o = 0; o < config->num_output; o++)
+ any_enabled |= enabled[o] = xf86OutputEnabled(config->output[o],
TRUE);
+
+@@ -2466,9 +2474,11 @@ xf86InitialConfiguration(ScrnInfoPtr scrn, Bool canGrow)
+
+ ret = xf86CollectEnabledOutputs(scrn, config, enabled);
+ if (ret == FALSE && canGrow) {
+- xf86DrvMsg(i, X_WARNING,
+- "Unable to find connected outputs - setting %dx%d initial
framebuffer\n",
+- NO_OUTPUT_DEFAULT_WIDTH, NO_OUTPUT_DEFAULT_HEIGHT);
++ if (!scrn->is_gpu)
++ xf86DrvMsg(i, X_WARNING,
++ "Unable to find connected outputs - setting %dx%d "
++ "initial framebuffer\n",
++ NO_OUTPUT_DEFAULT_WIDTH, NO_OUTPUT_DEFAULT_HEIGHT);
+ have_outputs = FALSE;
+ }
+ else {
+--
+1.8.2.2
+
+_______________________________________________
+xorg-de...@lists.x.org: X.Org development
+Archives: http://lists.x.org/archives/xorg-devel
+Info: http://lists.x.org/mailman/listinfo/xorg-devel
+
diff --git a/debian/patches/xf86-fixup-detection.patch
b/debian/patches/xf86-fixup-detection.patch
new file mode 100644
index 0000000..e454c75
--- /dev/null
+++ b/debian/patches/xf86-fixup-detection.patch
@@ -0,0 +1,79 @@
+--- a/hw/xfree86/common/xf86pciBus.c
++++ b/hw/xfree86/common/xf86pciBus.c
+@@ -546,6 +546,15 @@
+ for (k = 0; k < xf86NumEntities; k++) {
+ EntityPtr pEnt = xf86Entities[k];
+
++#ifdef XSERVER_PLATFORM_BUS
++ if (pEnt->bus.type == BUS_PLATFORM &&
++ pEnt->bus.id.plat->pdev &&
++ MATCH_PCI_DEVICES(pEnt->bus.id.plat->pdev, pPci))
{
++ foundScreen = TRUE;
++ break;
++ }
++#endif
++
+ if (pEnt->bus.type != BUS_PCI)
+ continue;
+ if (pEnt->bus.id.pci == pPci) {
+--- a/hw/xfree86/common/xf86platformBus.c
++++ b/hw/xfree86/common/xf86platformBus.c
+@@ -167,11 +167,12 @@
+ for (i = 0; i < xf86NumEntities; i++) {
+ const EntityPtr u = xf86Entities[i];
+
+- if (pd->pdev && u->bus.type == BUS_PCI)
+- return !MATCH_PCI_DEVICES(pd->pdev, u->bus.id.pci);
+- if ((u->bus.type == BUS_PLATFORM) && (pd == u->bus.id.plat)) {
++ if (pd->pdev && u->bus.type == BUS_PCI &&
++ MATCH_PCI_DEVICES(pd->pdev, u->bus.id.pci))
++ return FALSE;
++
++ if ((u->bus.type == BUS_PLATFORM) && (pd == u->bus.id.plat))
+ return FALSE;
+- }
+ }
+ return TRUE;
+ }
+@@ -302,6 +303,11 @@
+ for (nent = 0; nent < xf86NumEntities; nent++) {
+ EntityPtr pEnt = xf86Entities[nent];
+
++ if (dev->pdev && pEnt->bus.type == BUS_PCI &&
++ MATCH_PCI_DEVICES(dev->pdev, pEnt->bus.id.pci)) {
++ return FALSE;
++ }
++
+ if (pEnt->bus.type != BUS_PLATFORM)
+ continue;
+ if (pEnt->bus.id.plat == dev) {
+@@ -368,18 +374,15 @@
+ /* for non-seat0 servers assume first device is the master */
+ if (ServerIsNotSeat0())
+ break;
+- if (xf86_platform_devices[j].pdev) {
+- if (xf86IsPrimaryPlatform(&xf86_platform_devices[j]))
+- break;
+- }
+- else {
++ if (xf86IsPrimaryPlatform(&xf86_platform_devices[j]))
++ break;
++ else
+ /* there's no way to handle real platform devices at this
point,
+ * as there's no valid busID to be used, so try to move
forward
+ * in case there's only one platform device, and see if
the
+ * driver's probe succeeds or not at least once */
+ if ((xf86_num_platform_devices == 1) && (!foundScreen))
+ break;
+- }
+ }
+ }
+
+@@ -398,6 +401,7 @@
+ }
+ }
+
++ free(devList);
+ return foundScreen;
+ }
+
commit 5ba8a07af2142f4fda226f1173574e3aae6a109c
Author: Jamie Strandboge <ja...@ubuntu.com>
Date: Mon Apr 22 14:27:21 2013 +1000
Release package with patch for CVE-2013-1940
diff --git a/debian/changelog b/debian/changelog
index d4d7dd9..97c7ad9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+xorg-server (2:1.13.3-0ubuntu6) raring; urgency=low
+
+ * SECURITY UPDATE: input event leak via inactive VT
+ - debian/patches/CVE-2013-1940.patch: fix flush input to work with
+ Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
+ - CVE-2013-1940
+
+ -- Jamie Strandboge <ja...@ubuntu.com> Wed, 17 Apr 2013 09:41:17 -0500
+
xorg-server (2:1.13.3-0ubuntu5) raring; urgency=low
[ Bryce Harrington ]
diff --git a/debian/patches/CVE-2013-1940.patch
b/debian/patches/CVE-2013-1940.patch
new file mode 100644
index 0000000..af3ff58
--- /dev/null
+++ b/debian/patches/CVE-2013-1940.patch
@@ -0,0 +1,35 @@
+From 88394b5cf39f298ebaa9a8ce4ace9bef14c2c6ee Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airl...@gmail.com>
+Date: Wed, 10 Apr 2013 16:09:01 +1000
+Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.
+
+So when we VT switch back and attempt to flush the input devices,
+we don't succeed because evdev won't return part of an event,
+since we were only asking for 4 bytes, we'd only get -EINVAL back.
+
+This could later cause events to be flushed that we shouldn't have
+gotten.
+
+This is a fix for CVE-2013-1940.
+
+Signed-off-by: Dave Airlie <airl...@redhat.com>
+---
+ hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xfree86/os-support/shared/posix_tty.c
b/hw/xfree86/os-support/shared/posix_tty.c
+index ab3757a..4d08c1e 100644
+--- a/hw/xfree86/os-support/shared/posix_tty.c
++++ b/hw/xfree86/os-support/shared/posix_tty.c
+@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
+ {
+ fd_set fds;
+ struct timeval timeout;
+- char c[4];
++ /* this needs to be big enough to flush an evdev event. */
++ char c[256];
+
+ DebugF("FlushingSerial\n");
+ if (tcflush(fd, TCIFLUSH) == 0)
+--
+1.8.2
diff --git a/debian/patches/series b/debian/patches/series
index d856ee5..b207b1c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -53,3 +53,4 @@ xserver-call-CSR-for-gpus.patch
xf86-actually-set-the-compat-output-in-the-failure-c.patch
autoconfig-fixup-tell-changed-so-randr-clients-can-t.patch
config-add-no-removal.patch
+CVE-2013-1940.patch
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1uoyso-0001we...@vasks.debian.org
