debian/changelog | 16 ++++++++ debian/patches/112_xaa-fbcomposite-fix-negative-size.patch | 26 +++++++++++++ debian/patches/series | 1 3 files changed, 43 insertions(+)
New commits: commit 4a8e1ff21683667bdc61872e44c3951b0dc35005 Author: Bryce Harrington <[email protected]> Date: Mon Mar 29 14:09:20 2010 -0700 Extend to also cover another mod() in mi code diff --git a/debian/changelog b/debian/changelog index 612e02a..5379864 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +xorg-server (2:1.7.6-1ubuntu3) karmic; urgency=low + + * Extend 112_xaa-fbcomposite-fix-negative-size.patch to also correct a + mod() definition in the mi code which suffers the same flaw. + + -- Bryce Harrington <[email protected]> Mon, 29 Mar 2010 14:07:08 -0700 + xorg-server (2:1.7.6-1ubuntu2) lucid; urgency=low * Add 112_xaa-fbcomposite-fix-negative-size.patch: Prevent 3rd-party diff --git a/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch b/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch index c0d8bb1..39c1d87 100644 --- a/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch +++ b/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch @@ -11,3 +11,16 @@ index c046bae..7c06a64 100644 void fbWalkCompositeRegion (CARD8 op, +diff --git a/mi/miarc.c b/mi/miarc.c +index a3e2580..54fd743 100644 +--- a/mi/miarc.c ++++ b/mi/miarc.c +@@ -1524,7 +1524,7 @@ miRoundCap( + + # define Dsin(d) ((d) == 0.0 ? 0.0 : ((d) == 90.0 ? 1.0 : sin(d*M_PI/180.0))) + # define Dcos(d) ((d) == 0.0 ? 1.0 : ((d) == 90.0 ? 0.0 : cos(d*M_PI/180.0))) +-# define mod(a,b) ((a) >= 0 ? (a) % (b) : (b) - (-a) % (b)) ++# define mod(a,b) ((a) >= 0 ? (a) % (b) : (b) - (-(a)) % (b)) + + static double + miDcos (double a) commit 7132df8483234551138b28f35d8d5ff9ad0d9bde Author: Bryce Harrington <[email protected]> Date: Mon Mar 29 13:47:09 2010 -0700 Backport patch to make mod() define not open an exploit when using XAA and compositing. diff --git a/debian/changelog b/debian/changelog index 4fa335c..612e02a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +xorg-server (2:1.7.6-1ubuntu2) lucid; urgency=low + + * Add 112_xaa-fbcomposite-fix-negative-size.patch: Prevent 3rd-party + controllable Xorg crash/exploit when XAA and compositing is in use. + Be more careful in sign-changes with mod(). + (LP: #551193) + + -- Bryce Harrington <[email protected]> Mon, 29 Mar 2010 13:37:06 -0700 + xorg-server (2:1.7.6-1ubuntu1) lucid; urgency=low [Timo Aaltonen] diff --git a/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch b/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch new file mode 100644 index 0000000..c0d8bb1 --- /dev/null +++ b/debian/patches/112_xaa-fbcomposite-fix-negative-size.patch @@ -0,0 +1,13 @@ +diff --git a/fb/fbpict.c b/fb/fbpict.c +index c046bae..7c06a64 100644 +--- a/fb/fbpict.c ++++ b/fb/fbpict.c +@@ -37,7 +37,7 @@ + #include "mipict.h" + #include "fbpict.h" + +-#define mod(a,b) ((b) == 1 ? 0 : (a) >= 0 ? (a) % (b) : (b) - (-a) % (b)) ++#define mod(a,b) ((b) == 1 ? 0 : (a) >= 0 ? (a) % (b) : (b) - (-(a)) % (b)) + + void + fbWalkCompositeRegion (CARD8 op, diff --git a/debian/patches/series b/debian/patches/series index 8b484e2..3a9e2ff 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -22,6 +22,7 @@ 109_fix-swcursor-crash.patch 110_findglyphbyhash-fix.patch 111_armel-drv-fallbacks.patch +112_xaa-fbcomposite-fix-negative-size.patch 121_only_switch_vt_when_active.diff #143_default_to_vesa.patch 157_check_null_modes.patch -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
