diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2013-04-18 12:49:28 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2013-04-18 12:50:26 +0200 |
commit | a40e82547449450736d0a89e3dc5360a910b41cc (patch) | |
tree | c658cb1ce548f50134e5556b30a62ca75c86a060 /pkgs/servers/x11 | |
parent | fd76a89bcb6e0c038eca31a693eba23991c71e77 (diff) | |
download | nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.tar nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.tar.gz nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.tar.bz2 nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.tar.lz nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.tar.xz nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.tar.zst nixlib-a40e82547449450736d0a89e3dc5360a910b41cc.zip |
xorg-server: fix CVE-1940
http://lists.x.org/archives/xorg-devel/2013-April/036014.html It's a low-priority issue, but it should cause almost no rebuilds.
Diffstat (limited to 'pkgs/servers/x11')
-rw-r--r-- | pkgs/servers/x11/xorg/overrides.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch | 34 |
2 files changed, 35 insertions, 1 deletions
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index e9c310b84f17..e5b7a9a34021 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -221,7 +221,7 @@ in xorgserver = attrs: attrs // { configureFlags = "--enable-xcsecurity"; # enable SECURITY extension - patches = [./xorgserver-dri-path.patch ./xorgserver-xkbcomp-path.patch]; + patches = [./xorgserver-dri-path.patch ./xorgserver-xkbcomp-path.patch ./xorgserver12-CVE-1940.patch]; buildInputs = attrs.buildInputs ++ [ args.zlib args.udev args.mesa args.dbus.libs xorg.xf86bigfontproto xorg.glproto xorg.xf86driproto diff --git a/pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch b/pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch new file mode 100644 index 000000000000..d85494f90293 --- /dev/null +++ b/pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch @@ -0,0 +1,34 @@ +From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001 +From: Dave Airlie <airlied@gmail.com> +Date: Wed, 10 Apr 2013 06:09:01 +0000 +Subject: xf86: fix flush input to work with Linux evdev devices. + +So when we VT switch back and attempt to flush the input devices, +we don't succeed because evdev won't return part of an event, +since we were only asking for 4 bytes, we'd only get -EINVAL back. + +This could later cause events to be flushed that we shouldn't have +gotten. + +This is a fix for CVE-2013-1940. + +Signed-off-by: Dave Airlie <airlied@redhat.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- +diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c +index ab3757a..4d08c1e 100644 +--- a/hw/xfree86/os-support/shared/posix_tty.c ++++ b/hw/xfree86/os-support/shared/posix_tty.c +@@ -421,7 +421,8 @@ xf86FlushInput(int fd) + { + fd_set fds; + struct timeval timeout; +- char c[4]; ++ /* this needs to be big enough to flush an evdev event. */ ++ char c[256]; + + DebugF("FlushingSerial\n"); + if (tcflush(fd, TCIFLUSH) == 0) +-- +cgit v0.9.0.2-2-gbebe |