date:20120229

Bug#661627: init script x11-common creates directories in insecure manners

2012-02-29 Thread vladz

CVE-2012-1093 has been assigned for this issue.

On Tue, Feb 28, 2012 at 08:21:39PM +0100, Julien Cristau wrote:
> Right, makes sense.  I can drop the -p, I guess.  Not sure what impact
> that would have on things assuming they can use /tmp/.X11-unix (I
> wouldn't really like to fix this just to have the same issue elsewhere).

Removing "-p" sounds good to me.

Thank you,
Regards,
--
http://vladz.devzero.fr
PGP key 8F7E2D3C from pgp.mit.edu



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120229110330.ga18...@devzero.fr

mesa: Changes to 'ubuntu'

2012-02-29 Thread Timo Aaltonen

 debian/changelog |6 ++
 debian/libegl1-mesa-dev.install.in   |2 +-
 debian/libegl1-mesa-dev.install.linux.in |4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

New commits:
commit d8ef6d2069eb300401a6b9c5a38c715a5e90d70d
Author: Timo Aaltonen 
Date:   Wed Feb 29 14:46:59 2012 +0200

Fix the install path of libEGL.so and libwayland-egl.so. (LP: #939730)

diff --git a/debian/changelog b/debian/changelog
index 8c4ae49..80aeb27 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+mesa (8.0.1-0ubuntu2) UNRELEASED; urgency=low
+
+  * Fix the install path of libEGL.so and libwayland-egl.so. (LP: #939730)
+
+ -- Timo Aaltonen   Wed, 29 Feb 2012 14:45:38 +0200
+
 mesa (8.0.1-0ubuntu1) precise; urgency=low
 
   * Merge from Debian experimental.
diff --git a/debian/libegl1-mesa-dev.install.in 
b/debian/libegl1-mesa-dev.install.in
index 51abf94..a519271 100644
--- a/debian/libegl1-mesa-dev.install.in
+++ b/debian/libegl1-mesa-dev.install.in
@@ -1,5 +1,5 @@
 # This file gets tweaked in an os-specific fashion (see 
libegl1-mesa-dev.install.linux.in)
-dri/usr/lib/${DEB_HOST_MULTIARCH}/libEGL.so usr/lib/${DEB_HOST_MULTIARCH}
+dri/usr/lib/${DEB_HOST_MULTIARCH}/libEGL.so 
usr/lib/${DEB_HOST_MULTIARCH}/mesa-egl
 dri/usr/include/EGL usr/include
 dri/usr/include/KHR usr/include
 dri/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/egl.pc 
usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig
diff --git a/debian/libegl1-mesa-dev.install.linux.in 
b/debian/libegl1-mesa-dev.install.linux.in
index 13565b7..f2fdc87 100644
--- a/debian/libegl1-mesa-dev.install.linux.in
+++ b/debian/libegl1-mesa-dev.install.linux.in
@@ -1,10 +1,10 @@
 # OS-independent part (from libegl1-mesa-dev.install.in):
-dri/usr/lib/${DEB_HOST_MULTIARCH}/libEGL.so usr/lib/${DEB_HOST_MULTIARCH}
+dri/usr/lib/${DEB_HOST_MULTIARCH}/libEGL.so 
usr/lib/${DEB_HOST_MULTIARCH}/mesa-egl
 dri/usr/include/EGL usr/include
 dri/usr/include/KHR usr/include
 dri/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/egl.pc 
usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig
 dri/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/wayland-egl.pc 
usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig
 
 # Wayland support, only on Linux:
-dri/usr/lib/${DEB_HOST_MULTIARCH}/libwayland-egl.so 
usr/lib/${DEB_HOST_MULTIARCH}
+dri/usr/lib/${DEB_HOST_MULTIARCH}/libwayland-egl.so 
usr/lib/${DEB_HOST_MULTIARCH}/mesa-egl
 dri/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/wayland-egl.pc 
usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig


-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1s2izw-0007ht...@vasks.debian.org

mesa: Changes to 'debian-experimental'

2012-02-29 Thread Timo Aaltonen

 debian/libegl1-mesa-dev.install.linux.in |1 -
 1 file changed, 1 deletion(-)

New commits:
commit a017c9334cb9203de20faccb2c9aa18f40e22545
Author: Timo Aaltonen 
Date:   Wed Feb 29 14:50:40 2012 +0200

libegl1-mesa-dev.install.linux.in: drop duplicate pkgconfig line

diff --git a/debian/libegl1-mesa-dev.install.linux.in 
b/debian/libegl1-mesa-dev.install.linux.in
index 13565b7..5ccc738 100644
--- a/debian/libegl1-mesa-dev.install.linux.in
+++ b/debian/libegl1-mesa-dev.install.linux.in
@@ -3,7 +3,6 @@ dri/usr/lib/${DEB_HOST_MULTIARCH}/libEGL.so 
usr/lib/${DEB_HOST_MULTIARCH}
 dri/usr/include/EGL usr/include
 dri/usr/include/KHR usr/include
 dri/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/egl.pc 
usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig
-dri/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/wayland-egl.pc 
usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig
 
 # Wayland support, only on Linux:
 dri/usr/lib/${DEB_HOST_MULTIARCH}/libwayland-egl.so 
usr/lib/${DEB_HOST_MULTIARCH}


-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1s2izw-0007he...@vasks.debian.org

Bug#661627: init script x11-common creates directories in insecure manners

2012-02-29 Thread Julien Cristau

On Tue, Feb 28, 2012 at 20:21:39 +0100, Julien Cristau wrote:

> On Tue, Feb 28, 2012 at 19:05:23 +0100, vladz wrote:
> 
> > On Tue, Feb 28, 2012 at 06:42:59PM +0100, Julien Cristau wrote:
> > > > As a solution, I would suggest to take care of the "mkdir" return codes 
> > > > (line 36 and 50).  To do not change permissions on failures. 
> > > > 
> > > This script is set -e AFAICT, which means it already does care about the
> > > mkdir return code.
> > 
> > Yes but with the "-p" option, mkdir always return 0 (success):
> > 
> >   $ mkdir /tmp/dir
> >   $ mkdir /tmp/dir
> >   mkdir: cannot create directory `/tmp/dir': File exists
> >   $ echo $?
> >   1
> >   $ mkdir -p /tmp/dir
> >   $ echo $?
> >   0
> > 
> Right, makes sense.  I can drop the -p, I guess.  Not sure what impact
> that would have on things assuming they can use /tmp/.X11-unix (I
> wouldn't really like to fix this just to have the same issue elsewhere).
> Looking at trans_mkdir
> (http://cgit.freedesktop.org/xorg/lib/libxtrans/tree/Xtransutil.c#n480)
> it *looks* like it should be safe, though.
> 
Actually it's not going to work.  If /tmp/.X11-unix exists and is a
directory (not a symlink), that's good enough for us, we don't want to
fail in that case.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#661627: Avoid /tmp ?

2012-02-29 Thread Tim


This appears to be a pretty serious problem.  I agree, just dropping
'-p' won't work for functional reasons.

As a better long-term solution, have you considered just moving those
directories out of /tmp?  There's almost always a safer place to put
temporary files/directories.  For instance, under /var/lib or
/var/run, or whatever is most appropriate as an application-specific
directory, whose parent isn't world-writable.

tim



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120229215118.gh1...@sentinelchicken.org

Bug#661627: init script x11-common creates directories in insecure manners

2012-02-29 Thread Julien Cristau

On Wed, Feb 29, 2012 at 21:29:37 +0100, Julien Cristau wrote:

> On Tue, Feb 28, 2012 at 20:21:39 +0100, Julien Cristau wrote:
> 
> > On Tue, Feb 28, 2012 at 19:05:23 +0100, vladz wrote:
> > 
> > > On Tue, Feb 28, 2012 at 06:42:59PM +0100, Julien Cristau wrote:
> > > > > As a solution, I would suggest to take care of the "mkdir" return 
> > > > > codes 
> > > > > (line 36 and 50).  To do not change permissions on failures. 
> > > > > 
> > > > This script is set -e AFAICT, which means it already does care about the
> > > > mkdir return code.
> > > 
> > > Yes but with the "-p" option, mkdir always return 0 (success):
> > > 
> > >   $ mkdir /tmp/dir
> > >   $ mkdir /tmp/dir
> > >   mkdir: cannot create directory `/tmp/dir': File exists
> > >   $ echo $?
> > >   1
> > >   $ mkdir -p /tmp/dir
> > >   $ echo $?
> > >   0
> > > 
> > Right, makes sense.  I can drop the -p, I guess.  Not sure what impact
> > that would have on things assuming they can use /tmp/.X11-unix (I
> > wouldn't really like to fix this just to have the same issue elsewhere).
> > Looking at trans_mkdir
> > (http://cgit.freedesktop.org/xorg/lib/libxtrans/tree/Xtransutil.c#n480)
> > it *looks* like it should be safe, though.
> > 
> Actually it's not going to work.  If /tmp/.X11-unix exists and is a
> directory (not a symlink), that's good enough for us, we don't want to
> fail in that case.
> 
And while I'm at it I'd also like to fix the $SOCKET_DIR.$$ thing
to use a random name instead (probably with mktemp).

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#661627: Avoid /tmp ?

2012-02-29 Thread Bernhard R. Link

* Tim  [120229 23:00]:
> As a better long-term solution, have you considered just moving those
> directories out of /tmp?

Those are for sockets whose name is part of the interface to access
them. So you cannot move them. And the directory itself needs to be
world-writeable, so it is best placed within /tmp.

Bernhard R. Link



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120229223348.ga2...@client.brlink.eu

Bug#661627: Avoid /tmp ?

2012-02-29 Thread Tim


Hi Bernhard,

> > As a better long-term solution, have you considered just moving those
> > directories out of /tmp?
> 
> Those are for sockets whose name is part of the interface to access
> them. So you cannot move them. And the directory itself needs to be
> world-writeable, so it is best placed within /tmp.


Hmm, sounds like a badly-designed interface.  Where is this interface
defined?  

I don't doubt you, I'm merely naive about X design/interface, and
curious as to how flexible this is.  Is this use of /tmp a Debian
thing, an Xorg thing, or an X11R6 thing?

thanks,
tim



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120229223919.gi1...@sentinelchicken.org

Bug#661754: x11-xkb-utils: setxkbmap and xkbcomp settings do not apply to new keyboards

2012-02-29 Thread Stefan Monnier

Package: x11-xkb-utils
Version: 7.6+4
Severity: important

Dear Maintainer,

My desktop can finally suspend and resume properly, which makes me very happy,
but let me discover a new obstacle: upon resume my keybard settings are lost
and I have to re-apply my xkbcomp setting every time.

The same can be seen without suspend&resume:

   % setxkbmap -model 'thinkpad(60)'
   % setxkbmap -query
   rules:  evdev
   model:  thinkpad(60)
   layout: us
   % 
   % setxkbmap -query
   rules:  evdev
   model:  pc105
   layout: us
   %

It seems that setxkbmap only affects the current InputDevice, whereas
I'd like to affect a whole InputClass, but I don't know how/where
to specify which inputs devices should be affected.
Where are the equivalent of xorg.conf's MatchIsKeyboard/MatchProduct/...?
Tho to tell you the truth, I don't need to distinguish input devices,
all I want is for my settings to apply to *all* keyboards (which
is only ever a single keyboard but which might get unplugged/replugged).


Stefan


*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages x11-xkb-utils depends on:
ii  libc62.13-26
ii  libx11-6 2:1.4.4-4
ii  libxaw7  2:1.0.9-3
ii  libxkbfile1  1:1.0.7-1
ii  libxt6   1:1.1.1-2

x11-xkb-utils recommends no packages.

x11-xkb-utils suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120301012514.18253.47200.reportbug@localhost

Bug#661754: x11-xkb-utils: setxkbmap and xkbcomp settings do not apply to new keyboards

2012-02-29 Thread Cyril Brulebois

Stefan Monnier  (29/02/2012):
> It seems that setxkbmap only affects the current InputDevice, whereas
> I'd like to affect a whole InputClass, but I don't know how/where
> to specify which inputs devices should be affected.
> Where are the equivalent of xorg.conf's MatchIsKeyboard/MatchProduct/...?
> Tho to tell you the truth, I don't need to distinguish input devices,
> all I want is for my settings to apply to *all* keyboards (which
> is only ever a single keyboard but which might get unplugged/replugged).

You might find that page useful then:
  http://x.debian.net/howto/configure-input.html

Mraw,
KiBi.


signature.asc
Description: Digital signature

Bug#661627: init script x11-common creates directories in insecure manners

mesa: Changes to 'ubuntu'

mesa: Changes to 'debian-experimental'

Bug#661627: init script x11-common creates directories in insecure manners

Bug#661627: Avoid /tmp ?

Bug#661627: init script x11-common creates directories in insecure manners

Bug#661627: Avoid /tmp ?

Bug#661627: Avoid /tmp ?

Bug#661754: x11-xkb-utils: setxkbmap and xkbcomp settings do not apply to new keyboards

Bug#661754: x11-xkb-utils: setxkbmap and xkbcomp settings do not apply to new keyboards

10 matches

Site Navigation

Mail list logo

Footer information