debian/changelog | 8 ++ debian/patches/23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff | 33 ++++++++++ debian/patches/series | 1 3 files changed, 42 insertions(+)
New commits: commit 4e399febdb96665aa109291be0847a7652800c4d Author: Julien Cristau <[email protected]> Date: Sun Apr 14 13:32:50 2013 +0200 Upload to squeeze-security diff --git a/debian/changelog b/debian/changelog index 26cf85e..0483e45 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,10 @@ -xorg-server (2:1.7.7-16) UNRELEASED; urgency=high +xorg-server (2:1.7.7-16) squeeze-security; urgency=high * xfree86: fix flush input to work with Linux evdev devices. Avoids processing events sent when the server was inactive, potentially allowing a user to capture passwords. Addresses CVE-2013-1940. - -- Julien Cristau <[email protected]> Fri, 12 Apr 2013 15:13:24 +0200 + -- Julien Cristau <[email protected]> Fri, 12 Apr 2013 15:47:37 +0200 xorg-server (2:1.7.7-15) squeeze; urgency=low commit ffb8ce120b2a14740990e953b9402fde5ce721d0 Author: Julien Cristau <[email protected]> Date: Fri Apr 12 15:18:34 2013 +0200 xfree86: fix flush input to work with Linux evdev devices. Avoids processing events sent when the server was inactive, potentially allowing a user to capture passwords. Addresses CVE-2013-1940. diff --git a/debian/changelog b/debian/changelog index 4d8d03c..75019e1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +xorg-server (2:1.7.7-14+squeeze1) UNRELEASED; urgency=high + + * xfree86: fix flush input to work with Linux evdev devices. Avoids + processing events sent when the server was inactive, potentially allowing + a user to capture passwords. Addresses CVE-2013-1940. + + -- Julien Cristau <[email protected]> Fri, 12 Apr 2013 15:13:24 +0200 + xorg-server (2:1.7.7-14) squeeze; urgency=low * GLX: add missing input sanitization (CVE-2010-4818). Also fix a couple diff --git a/debian/patches/23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff b/debian/patches/23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff new file mode 100644 index 0000000..343bac6 --- /dev/null +++ b/debian/patches/23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff @@ -0,0 +1,33 @@ +From 88394b5cf39f298ebaa9a8ce4ace9bef14c2c6ee Mon Sep 17 00:00:00 2001 +From: Dave Airlie <[email protected]> +Date: Wed, 10 Apr 2013 16:09:01 +1000 +Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices. + +So when we VT switch back and attempt to flush the input devices, +we don't succeed because evdev won't return part of an event, +since we were only asking for 4 bytes, we'd only get -EINVAL back. + +This could later cause events to be flushed that we shouldn't have +gotten. + +This is a fix for CVE-2013-1940. + +Signed-off-by: Dave Airlie <[email protected]> +--- + hw/xfree86/os-support/shared/posix_tty.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: xorg-server/hw/xfree86/os-support/shared/posix_tty.c +=================================================================== +--- xorg-server.orig/hw/xfree86/os-support/shared/posix_tty.c ++++ xorg-server/hw/xfree86/os-support/shared/posix_tty.c +@@ -475,7 +475,8 @@ xf86FlushInput(int fd) + { + fd_set fds; + struct timeval timeout; +- char c[4]; ++ /* this needs to be big enough to flush an evdev event. */ ++ char c[126]; + + DebugF("FlushingSerial\n"); + if (tcflush(fd, TCIFLUSH) == 0) diff --git a/debian/patches/series b/debian/patches/series index 231ba02..4e3310f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -21,3 +21,4 @@ 20-randr-shadow-crashes.diff 21-device-mode-list.diff 22-stop-searching-for-xf86config-files +23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
