Compare commits
2 Commits
debian-uns
...
ubuntu-luc
Author | SHA1 | Date |
---|---|---|
|
5b966137db | |
|
3adad0e69c |
|
@ -1,3 +1,28 @@
|
||||||
|
x11-xserver-utils (7.5+1ubuntu2.1) lucid-security; urgency=low
|
||||||
|
|
||||||
|
* SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
|
||||||
|
- xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
|
||||||
|
case.
|
||||||
|
- http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
|
||||||
|
- CVE-2011-0465
|
||||||
|
|
||||||
|
-- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 06 Apr 2011 17:42:55 +0300
|
||||||
|
|
||||||
|
x11-xserver-utils (7.5+1ubuntu2) lucid; urgency=low
|
||||||
|
|
||||||
|
* Add 101_xset_spellfix.patch: Spelling fix in help docs
|
||||||
|
(LP: #426152)
|
||||||
|
|
||||||
|
-- Bryce Harrington <bryce@ubuntu.com> Wed, 17 Mar 2010 15:23:57 -0700
|
||||||
|
|
||||||
|
x11-xserver-utils (7.5+1ubuntu1) lucid; urgency=low
|
||||||
|
|
||||||
|
* Merge from Debian. Remaining Ubuntu changes:
|
||||||
|
- Add 100_xrandr-output.patch: When using --scale or --transform, verify
|
||||||
|
a valid output parameter is used; crashes otherwise.
|
||||||
|
|
||||||
|
-- Bryce Harrington <bryce@ubuntu.com> Fri, 08 Jan 2010 18:38:47 -0800
|
||||||
|
|
||||||
x11-xserver-utils (7.5+1) unstable; urgency=low
|
x11-xserver-utils (7.5+1) unstable; urgency=low
|
||||||
|
|
||||||
[ Julien Cristau ]
|
[ Julien Cristau ]
|
||||||
|
@ -31,6 +56,28 @@ x11-xserver-utils (7.5+1) unstable; urgency=low
|
||||||
|
|
||||||
-- Brice Goglin <bgoglin@debian.org> Sun, 06 Dec 2009 20:41:37 +0100
|
-- Brice Goglin <bgoglin@debian.org> Sun, 06 Dec 2009 20:41:37 +0100
|
||||||
|
|
||||||
|
x11-xserver-utils (7.4+2ubuntu3) karmic; urgency=low
|
||||||
|
|
||||||
|
* 100_xrandr-output.patch: Refresh patch to apply cleanly, fixing
|
||||||
|
FTBFS. LP: #432079
|
||||||
|
|
||||||
|
-- Michael Terry <michael.terry@canonical.com> Thu, 17 Sep 2009 15:46:30 -0400
|
||||||
|
|
||||||
|
x11-xserver-utils (7.4+2ubuntu2) karmic; urgency=low
|
||||||
|
|
||||||
|
* 100_xrandr-output.patch: Replace with patch sent upstream.
|
||||||
|
(LP: #354715)
|
||||||
|
|
||||||
|
-- Bryce Harrington <bryce@ubuntu.com> Wed, 02 Sep 2009 02:15:48 -0700
|
||||||
|
|
||||||
|
x11-xserver-utils (7.4+2ubuntu1) karmic; urgency=low
|
||||||
|
|
||||||
|
* Add 100_xrandr-output.patch: When using --scale or --transform, verify
|
||||||
|
a valid output parameter is used; crashes otherwise.
|
||||||
|
(LP: #354715)
|
||||||
|
|
||||||
|
-- Bryce Harrington <bryce@ubuntu.com> Wed, 02 Sep 2009 01:18:10 -0700
|
||||||
|
|
||||||
x11-xserver-utils (7.4+2) unstable; urgency=low
|
x11-xserver-utils (7.4+2) unstable; urgency=low
|
||||||
|
|
||||||
* xrandr 1.3.
|
* xrandr 1.3.
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
Source: x11-xserver-utils
|
Source: x11-xserver-utils
|
||||||
Section: x11
|
Section: x11
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
|
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
|
||||||
|
XSBC-Original-Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
|
||||||
Uploaders: David Nusinow <dnusinow@debian.org>, Julien Cristau <jcristau@debian.org>, Brice Goglin <bgoglin@debian.org>
|
Uploaders: David Nusinow <dnusinow@debian.org>, Julien Cristau <jcristau@debian.org>, Brice Goglin <bgoglin@debian.org>
|
||||||
Build-Depends: debhelper (>= 5.0.0), pkg-config, libx11-dev (>= 2:1.0.0),
|
Build-Depends: debhelper (>= 5.0.0), pkg-config, libx11-dev (>= 2:1.0.0),
|
||||||
libxaw7-dev (>= 1:1.0.1), libxext-dev (>= 1:1.0.0),
|
libxaw7-dev (>= 1:1.0.1), libxext-dev (>= 1:1.0.0),
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
From dc627718d77b0e853311e480bba90eddefd0b891 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bryce Harrington <bryce@bryceharrington.org>
|
||||||
|
Date: Wed, 2 Sep 2009 01:46:50 -0700
|
||||||
|
Subject: [PATCH] Check output pointer validity for --sale and --transform
|
||||||
|
|
||||||
|
Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
|
||||||
|
---
|
||||||
|
xrandr.c | 2 ++
|
||||||
|
1 files changed, 2 insertions(+), 0 deletions(-)
|
||||||
|
|
||||||
|
Index: x11-xserver-utils-7.4+2ubuntu2/xrandr/xrandr.c
|
||||||
|
===================================================================
|
||||||
|
--- x11-xserver-utils-7.4+2ubuntu2.orig/xrandr/xrandr.c 2009-09-17 15:45:26.000000000 -0400
|
||||||
|
+++ x11-xserver-utils-7.4+2ubuntu2/xrandr/xrandr.c 2009-09-17 15:45:46.000000000 -0400
|
||||||
|
@@ -2327,6 +2327,7 @@
|
||||||
|
{
|
||||||
|
double sx, sy;
|
||||||
|
if (++i>=argc) usage();
|
||||||
|
+ if (!output) usage();
|
||||||
|
if (sscanf (argv[i], "%lfx%lf", &sx, &sy) != 2)
|
||||||
|
usage ();
|
||||||
|
init_transform (&output->transform);
|
||||||
|
@@ -2346,6 +2347,7 @@
|
||||||
|
double transform[3][3];
|
||||||
|
int k, l;
|
||||||
|
if (++i>=argc) usage ();
|
||||||
|
+ if (!output) usage();
|
||||||
|
init_transform (&output->transform);
|
||||||
|
if (strcmp (argv[i], "none") != 0)
|
||||||
|
{
|
|
@ -0,0 +1,14 @@
|
||||||
|
diff -Nurp x11-xserver-utils-7.4+2ubuntu3/xset/xset.c working/xset/xset.c
|
||||||
|
--- x11-xserver-utils-7.4+2ubuntu3/xset/xset.c 2009-02-01 05:04:01.000000000 -0800
|
||||||
|
+++ working/xset/xset.c 2010-03-15 19:02:50.000000000 -0700
|
||||||
|
@@ -1554,8 +1554,8 @@ usage(char *fmt, ...)
|
||||||
|
#ifdef FONTCACHE
|
||||||
|
fprintf(stderr, " To control font cache:\n");
|
||||||
|
fprintf(stderr, "\t fc [hi-mark [low-mark [balance]]]\n");
|
||||||
|
- fprintf(stderr, "\t both mark values spcecified in KB\n");
|
||||||
|
- fprintf(stderr, "\t balance value spcecified in percent (10 - 90)\n");
|
||||||
|
+ fprintf(stderr, "\t both mark values specified in KB\n");
|
||||||
|
+ fprintf(stderr, "\t balance value specified in percent (10 - 90)\n");
|
||||||
|
fprintf(stderr, " Show font cache statistics:\n");
|
||||||
|
fprintf(stderr, "\t fc s\n");
|
||||||
|
#endif
|
|
@ -0,0 +1,178 @@
|
||||||
|
commit 4ca7e1a5e4e9d52d062175e10c8fd58e218dea41
|
||||||
|
Author: Matthias Hopf <mhopf@suse.de>
|
||||||
|
Date: Tue Mar 1 19:37:34 2011 +0100
|
||||||
|
|
||||||
|
xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp case.
|
||||||
|
|
||||||
|
Fixes CVE-2011-0465.
|
||||||
|
|
||||||
|
Signed-off-by: Matthias Hopf <mhopf@suse.de>
|
||||||
|
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
||||||
|
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
||||||
|
|
||||||
|
diff --git a/xrdb/xrdb.c b/xrdb/xrdb.c
|
||||||
|
index 6d266e5..bece59c 100644
|
||||||
|
--- a/xrdb/xrdb.c
|
||||||
|
+++ b/xrdb/xrdb.c
|
||||||
|
@@ -144,6 +144,8 @@ Entries newDB;
|
||||||
|
|
||||||
|
static void fatal(char *, ...);
|
||||||
|
static void addstring ( String *arg, const char *s );
|
||||||
|
+static void addescapedstring ( String *arg, const char *s );
|
||||||
|
+static void addtokstring ( String *arg, const char *s );
|
||||||
|
static void FormatEntries ( Buffer *buffer, Entries *entries );
|
||||||
|
static void StoreProperty ( Display *dpy, Window root, Atom res_prop );
|
||||||
|
static void Process ( int scrno, Bool doScreen, Bool execute );
|
||||||
|
@@ -393,14 +395,20 @@ AddDef(String *buff, char *title, char *value)
|
||||||
|
addstring(buff, " -D");
|
||||||
|
} else
|
||||||
|
addstring(buff, "-D");
|
||||||
|
- addstring(buff, title);
|
||||||
|
+ addtokstring(buff, title);
|
||||||
|
if (value && (value[0] != '\0')) {
|
||||||
|
addstring(buff, "=");
|
||||||
|
- addstring(buff, value);
|
||||||
|
+ addescapedstring(buff, value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
+AddSimpleDef(String *buff, char *title)
|
||||||
|
+{
|
||||||
|
+ AddDef(buff, title, (char *)NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
AddDefQ(String *buff, char *title, char *value)
|
||||||
|
{
|
||||||
|
#ifdef PATHETICCPP
|
||||||
|
@@ -409,8 +417,9 @@ AddDefQ(String *buff, char *title, char *value)
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
if (value && (value[0] != '\0')) {
|
||||||
|
- AddDef(buff, title, "\"");
|
||||||
|
- addstring(buff, value);
|
||||||
|
+ AddSimpleDef(buff, title);
|
||||||
|
+ addstring(buff, "=\"");
|
||||||
|
+ addescapedstring(buff, value);
|
||||||
|
addstring(buff, "\"");
|
||||||
|
} else
|
||||||
|
AddDef(buff, title, NULL);
|
||||||
|
@@ -425,24 +434,28 @@ AddNum(String *buff, char *title, int value)
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
-AddSimpleDef(String *buff, char *title)
|
||||||
|
+AddDefTok(String *buff, char *prefix, char *title)
|
||||||
|
{
|
||||||
|
- AddDef(buff, title, (char *)NULL);
|
||||||
|
+ char name[512];
|
||||||
|
+
|
||||||
|
+ snprintf(name, sizeof(name), "%s%s", prefix, title);
|
||||||
|
+ AddSimpleDef(buff, name);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
-AddDefTok(String *buff, char *prefix, char *title)
|
||||||
|
+AddDefHostname(String *buff, char *title, char *value)
|
||||||
|
{
|
||||||
|
char *s;
|
||||||
|
char name[512];
|
||||||
|
char c;
|
||||||
|
|
||||||
|
- snprintf(name, sizeof(name), "%s%s", prefix, title);
|
||||||
|
+ strncpy (name, value, sizeof(name)-1);
|
||||||
|
+ name[sizeof(name)-1] = '\0';
|
||||||
|
for (s = name; (c = *s); s++) {
|
||||||
|
- if (!isalpha(c) && !isdigit(c) && c != '_')
|
||||||
|
+ if (!isalpha(c) && !isdigit(c) && c != '_' && c != '.' && c != ':' && c != '-')
|
||||||
|
*s = '_';
|
||||||
|
}
|
||||||
|
- AddSimpleDef(buff, name);
|
||||||
|
+ AddDef(buff, title, name);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -462,7 +475,7 @@ AddUndef(String *buff, char *title)
|
||||||
|
addstring(buff, " -U");
|
||||||
|
} else
|
||||||
|
addstring(buff, "-U");
|
||||||
|
- addstring(buff, title);
|
||||||
|
+ addtokstring(buff, title);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -522,11 +535,11 @@ DoDisplayDefines(Display *display, String *defs, char *host)
|
||||||
|
}
|
||||||
|
if (!*server || !strcmp(server, "unix") || !strcmp(server, "localhost"))
|
||||||
|
strcpy(server, client);
|
||||||
|
- AddDef(defs, "HOST", server); /* R3 compatibility */
|
||||||
|
- AddDef(defs, "SERVERHOST", server);
|
||||||
|
+ AddDefHostname(defs, "HOST", server); /* R3 compatibility */
|
||||||
|
+ AddDefHostname(defs, "SERVERHOST", server);
|
||||||
|
AddDefTok(defs, "SRVR_", server);
|
||||||
|
AddNum(defs, "DISPLAY_NUM", n);
|
||||||
|
- AddDef(defs, "CLIENTHOST", client);
|
||||||
|
+ AddDefHostname(defs, "CLIENTHOST", client);
|
||||||
|
AddDefTok(defs, "CLNT_", client);
|
||||||
|
AddNum(defs, "VERSION", ProtocolVersion(display));
|
||||||
|
AddNum(defs, "REVISION", ProtocolRevision(display));
|
||||||
|
@@ -569,7 +582,7 @@ DoScreenDefines(Display *display, int scrno, String *defs)
|
||||||
|
AddNum(defs, "Y_RESOLUTION", Resolution(screen->height,screen->mheight));
|
||||||
|
AddNum(defs, "PLANES", DisplayPlanes(display, scrno));
|
||||||
|
AddNum(defs, "BITS_PER_RGB", visual->bits_per_rgb);
|
||||||
|
- AddDef(defs, "CLASS", ClassNames[visual->class]);
|
||||||
|
+ AddDefQ(defs, "CLASS", ClassNames[visual->class]);
|
||||||
|
snprintf(name, sizeof(name), "CLASS_%s", ClassNames[visual->class]);
|
||||||
|
AddNum(defs, name, (int)visual->visualid);
|
||||||
|
switch(visual->class) {
|
||||||
|
@@ -762,6 +775,40 @@ addstring(String *arg, const char *s)
|
||||||
|
arg->used += strlen(s);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+addescapedstring(String *arg, const char *s)
|
||||||
|
+{
|
||||||
|
+ char copy[512], *c;
|
||||||
|
+
|
||||||
|
+ for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) {
|
||||||
|
+ switch (*s) {
|
||||||
|
+ case '"': case '\'': case '`':
|
||||||
|
+ case '$': case '\\':
|
||||||
|
+ *c++ = '_';
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ *c++ = *s;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ *c = 0;
|
||||||
|
+ addstring (arg, copy);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+addtokstring(String *arg, const char *s)
|
||||||
|
+{
|
||||||
|
+ char copy[512], *c;
|
||||||
|
+
|
||||||
|
+ for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) {
|
||||||
|
+ if (!isalpha(*s) && !isdigit(*s) && *s != '_')
|
||||||
|
+ *c++ = '_';
|
||||||
|
+ else
|
||||||
|
+ *c++ = *s;
|
||||||
|
+ }
|
||||||
|
+ *c = 0;
|
||||||
|
+ addstring (arg, copy);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
|
||||||
|
int
|
||||||
|
main(int argc, char *argv[])
|
||||||
|
@@ -857,7 +904,7 @@ main(int argc, char *argv[])
|
||||||
|
continue;
|
||||||
|
} else if (arg[1] == 'I') {
|
||||||
|
addstring(&includes, " ");
|
||||||
|
- addstring(&includes, arg);
|
||||||
|
+ addescapedstring(&includes, arg);
|
||||||
|
continue;
|
||||||
|
} else if (arg[1] == 'U' || arg[1] == 'D') {
|
||||||
|
if (num_cmd_defines < MAX_CMD_DEFINES) {
|
|
@ -1 +1,4 @@
|
||||||
01_sessreg_implement_hostname_hashing.diff
|
01_sessreg_implement_hostname_hashing.diff
|
||||||
|
100_xrandr-output.patch
|
||||||
|
101_xset_spellfix.patch
|
||||||
|
CVE-2011-0465.diff
|
||||||
|
|
Loading…
Reference in New Issue