Annotation of /trunk/xorg-server/patches/xorg-server-1.17.1-CVE-2015-3164.patch
Parent Directory | Revision Log
Revision 2575 -
(hide annotations)
(download)
Mon Jun 15 12:22:48 2015 UTC (9 years, 3 months ago) by niro
File size: 28091 byte(s)
Mon Jun 15 12:22:48 2015 UTC (9 years, 3 months ago) by niro
File size: 28091 byte(s)
-serveral upstream patches
1 | niro | 2575 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
2 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
3 | <html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'> | ||
4 | <head> | ||
5 | <title>svntogit/packages.git - Git clone of the 'packages' repository | ||
6 | </title> | ||
7 | <meta name='generator' content='cgit v0.10.2'/> | ||
8 | <meta name='robots' content='index, nofollow'/> | ||
9 | <link rel='stylesheet' type='text/css' href='/cgit.css'/> | ||
10 | <link rel='shortcut icon' href='/favicon.ico'/> | ||
11 | <link rel='alternate' title='Atom feed' href='https://projects.archlinux.org/svntogit/packages.git/atom/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server' type='application/atom+xml'/> | ||
12 | <link rel='vcs-git' href='git://projects.archlinux.org/svntogit/packages.git' title='svntogit/packages.git Git repository'/> | ||
13 | <link rel='vcs-git' href='http://projects.archlinux.org/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/> | ||
14 | <link rel='vcs-git' href='https://projects.archlinux.org/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/> | ||
15 | <link rel='vcs-git' href='ssh://gerolde.archlinux.org/srv/projects/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/> | ||
16 | </head> | ||
17 | <body> | ||
18 | <div id="archnavbar"><!-- Arch Linux global navigation bar --> | ||
19 | <div id="archnavbarlogo"> | ||
20 | <p><a href="http://www.archlinux.org/" title="Arch news, packages, projects and more"></a></p> | ||
21 | </div> | ||
22 | <div id="archnavbarmenu"> | ||
23 | <ul id="archnavbarlist"> | ||
24 | <li id="anb-home"><a href="http://www.archlinux.org/" title="Arch news, packages, projects and more">Home</a></li> | ||
25 | <li id="anb-packages"><a href="http://www.archlinux.org/packages/" title="Arch Package Database">Packages</a></li> | ||
26 | <li id="anb-forums"><a href="https://bbs.archlinux.org/" title="Community forums">Forums</a></li> | ||
27 | <li id="anb-wiki"><a href="https://wiki.archlinux.org/" title="Community documentation">Wiki</a></li> | ||
28 | <li id="anb-bugs"><a href="https://bugs.archlinux.org/" title="Report and follow bugs">Bugs</a></li> | ||
29 | <li id="anb-aur"><a href="https://aur.archlinux.org/" title="Arch Linux User Repository">AUR</a></li> | ||
30 | <li id="anb-download"><a href="http://www.archlinux.org/download/" title="Get Arch Linux">Download</a></li> | ||
31 | </ul> | ||
32 | </div> | ||
33 | </div><!-- #archnavbar --> | ||
34 | <div id='cgit'><table id='header'> | ||
35 | <tr> | ||
36 | <td class='main'><a href='/'>index</a> : <a title='svntogit/packages.git' href='/svntogit/packages.git/'>svntogit/packages.git</a></td></tr> | ||
37 | <tr><td class='sub'>Git clone of the 'packages' repository | ||
38 | </td><td class='sub right'></td></tr></table> | ||
39 | <table class='tabs'><tr><td> | ||
40 | <a href='/svntogit/packages.git/?h=packages/xorg-server'>summary</a><a href='/svntogit/packages.git/refs/?h=packages/xorg-server'>refs</a><a href='/svntogit/packages.git/log/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>log</a><a class='active' href='/svntogit/packages.git/tree/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>tree</a><a href='/svntogit/packages.git/commit/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>commit</a><a href='/svntogit/packages.git/diff/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>diff</a><a href='/svntogit/packages.git/stats/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>stats</a></td><td class='form'><form class='right' method='get' action='/svntogit/packages.git/log/trunk/fix-CVE-2015-3164.patch'> | ||
41 | <input type='hidden' name='h' value='packages/xorg-server'/><select name='qt'> | ||
42 | <option value='grep'>log msg</option> | ||
43 | <option value='author'>author</option> | ||
44 | <option value='committer'>committer</option> | ||
45 | <option value='range'>range</option> | ||
46 | </select> | ||
47 | <input class='txt' type='text' size='10' name='q' value=''/> | ||
48 | <input type='submit' value='search'/> | ||
49 | </form> | ||
50 | </td></tr></table> | ||
51 | <div class='path'>path: <a href='/svntogit/packages.git/tree/?h=packages/xorg-server'>root</a>/<a href='/svntogit/packages.git/tree/trunk?h=packages/xorg-server'>trunk</a>/<a href='/svntogit/packages.git/tree/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>fix-CVE-2015-3164.patch</a></div><div class='content'>blob: e2ee1297323db4493e3babf9baf8f536463c61fb (<a href='/svntogit/packages.git/plain/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>plain</a>) | ||
52 | <table summary='blob content' class='blob'> | ||
53 | <tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a> | ||
54 | <a id='n2' href='#n2'>2</a> | ||
55 | <a id='n3' href='#n3'>3</a> | ||
56 | <a id='n4' href='#n4'>4</a> | ||
57 | <a id='n5' href='#n5'>5</a> | ||
58 | <a id='n6' href='#n6'>6</a> | ||
59 | <a id='n7' href='#n7'>7</a> | ||
60 | <a id='n8' href='#n8'>8</a> | ||
61 | <a id='n9' href='#n9'>9</a> | ||
62 | <a id='n10' href='#n10'>10</a> | ||
63 | <a id='n11' href='#n11'>11</a> | ||
64 | <a id='n12' href='#n12'>12</a> | ||
65 | <a id='n13' href='#n13'>13</a> | ||
66 | <a id='n14' href='#n14'>14</a> | ||
67 | <a id='n15' href='#n15'>15</a> | ||
68 | <a id='n16' href='#n16'>16</a> | ||
69 | <a id='n17' href='#n17'>17</a> | ||
70 | <a id='n18' href='#n18'>18</a> | ||
71 | <a id='n19' href='#n19'>19</a> | ||
72 | <a id='n20' href='#n20'>20</a> | ||
73 | <a id='n21' href='#n21'>21</a> | ||
74 | <a id='n22' href='#n22'>22</a> | ||
75 | <a id='n23' href='#n23'>23</a> | ||
76 | <a id='n24' href='#n24'>24</a> | ||
77 | <a id='n25' href='#n25'>25</a> | ||
78 | <a id='n26' href='#n26'>26</a> | ||
79 | <a id='n27' href='#n27'>27</a> | ||
80 | <a id='n28' href='#n28'>28</a> | ||
81 | <a id='n29' href='#n29'>29</a> | ||
82 | <a id='n30' href='#n30'>30</a> | ||
83 | <a id='n31' href='#n31'>31</a> | ||
84 | <a id='n32' href='#n32'>32</a> | ||
85 | <a id='n33' href='#n33'>33</a> | ||
86 | <a id='n34' href='#n34'>34</a> | ||
87 | <a id='n35' href='#n35'>35</a> | ||
88 | <a id='n36' href='#n36'>36</a> | ||
89 | <a id='n37' href='#n37'>37</a> | ||
90 | <a id='n38' href='#n38'>38</a> | ||
91 | <a id='n39' href='#n39'>39</a> | ||
92 | <a id='n40' href='#n40'>40</a> | ||
93 | <a id='n41' href='#n41'>41</a> | ||
94 | <a id='n42' href='#n42'>42</a> | ||
95 | <a id='n43' href='#n43'>43</a> | ||
96 | <a id='n44' href='#n44'>44</a> | ||
97 | <a id='n45' href='#n45'>45</a> | ||
98 | <a id='n46' href='#n46'>46</a> | ||
99 | <a id='n47' href='#n47'>47</a> | ||
100 | <a id='n48' href='#n48'>48</a> | ||
101 | <a id='n49' href='#n49'>49</a> | ||
102 | <a id='n50' href='#n50'>50</a> | ||
103 | <a id='n51' href='#n51'>51</a> | ||
104 | <a id='n52' href='#n52'>52</a> | ||
105 | <a id='n53' href='#n53'>53</a> | ||
106 | <a id='n54' href='#n54'>54</a> | ||
107 | <a id='n55' href='#n55'>55</a> | ||
108 | <a id='n56' href='#n56'>56</a> | ||
109 | <a id='n57' href='#n57'>57</a> | ||
110 | <a id='n58' href='#n58'>58</a> | ||
111 | <a id='n59' href='#n59'>59</a> | ||
112 | <a id='n60' href='#n60'>60</a> | ||
113 | <a id='n61' href='#n61'>61</a> | ||
114 | <a id='n62' href='#n62'>62</a> | ||
115 | <a id='n63' href='#n63'>63</a> | ||
116 | <a id='n64' href='#n64'>64</a> | ||
117 | <a id='n65' href='#n65'>65</a> | ||
118 | <a id='n66' href='#n66'>66</a> | ||
119 | <a id='n67' href='#n67'>67</a> | ||
120 | <a id='n68' href='#n68'>68</a> | ||
121 | <a id='n69' href='#n69'>69</a> | ||
122 | <a id='n70' href='#n70'>70</a> | ||
123 | <a id='n71' href='#n71'>71</a> | ||
124 | <a id='n72' href='#n72'>72</a> | ||
125 | <a id='n73' href='#n73'>73</a> | ||
126 | <a id='n74' href='#n74'>74</a> | ||
127 | <a id='n75' href='#n75'>75</a> | ||
128 | <a id='n76' href='#n76'>76</a> | ||
129 | <a id='n77' href='#n77'>77</a> | ||
130 | <a id='n78' href='#n78'>78</a> | ||
131 | <a id='n79' href='#n79'>79</a> | ||
132 | <a id='n80' href='#n80'>80</a> | ||
133 | <a id='n81' href='#n81'>81</a> | ||
134 | <a id='n82' href='#n82'>82</a> | ||
135 | <a id='n83' href='#n83'>83</a> | ||
136 | <a id='n84' href='#n84'>84</a> | ||
137 | <a id='n85' href='#n85'>85</a> | ||
138 | <a id='n86' href='#n86'>86</a> | ||
139 | <a id='n87' href='#n87'>87</a> | ||
140 | <a id='n88' href='#n88'>88</a> | ||
141 | <a id='n89' href='#n89'>89</a> | ||
142 | <a id='n90' href='#n90'>90</a> | ||
143 | <a id='n91' href='#n91'>91</a> | ||
144 | <a id='n92' href='#n92'>92</a> | ||
145 | <a id='n93' href='#n93'>93</a> | ||
146 | <a id='n94' href='#n94'>94</a> | ||
147 | <a id='n95' href='#n95'>95</a> | ||
148 | <a id='n96' href='#n96'>96</a> | ||
149 | <a id='n97' href='#n97'>97</a> | ||
150 | <a id='n98' href='#n98'>98</a> | ||
151 | <a id='n99' href='#n99'>99</a> | ||
152 | <a id='n100' href='#n100'>100</a> | ||
153 | <a id='n101' href='#n101'>101</a> | ||
154 | <a id='n102' href='#n102'>102</a> | ||
155 | <a id='n103' href='#n103'>103</a> | ||
156 | <a id='n104' href='#n104'>104</a> | ||
157 | <a id='n105' href='#n105'>105</a> | ||
158 | <a id='n106' href='#n106'>106</a> | ||
159 | <a id='n107' href='#n107'>107</a> | ||
160 | <a id='n108' href='#n108'>108</a> | ||
161 | <a id='n109' href='#n109'>109</a> | ||
162 | <a id='n110' href='#n110'>110</a> | ||
163 | <a id='n111' href='#n111'>111</a> | ||
164 | <a id='n112' href='#n112'>112</a> | ||
165 | <a id='n113' href='#n113'>113</a> | ||
166 | <a id='n114' href='#n114'>114</a> | ||
167 | <a id='n115' href='#n115'>115</a> | ||
168 | <a id='n116' href='#n116'>116</a> | ||
169 | <a id='n117' href='#n117'>117</a> | ||
170 | <a id='n118' href='#n118'>118</a> | ||
171 | <a id='n119' href='#n119'>119</a> | ||
172 | <a id='n120' href='#n120'>120</a> | ||
173 | <a id='n121' href='#n121'>121</a> | ||
174 | <a id='n122' href='#n122'>122</a> | ||
175 | <a id='n123' href='#n123'>123</a> | ||
176 | <a id='n124' href='#n124'>124</a> | ||
177 | <a id='n125' href='#n125'>125</a> | ||
178 | <a id='n126' href='#n126'>126</a> | ||
179 | <a id='n127' href='#n127'>127</a> | ||
180 | <a id='n128' href='#n128'>128</a> | ||
181 | <a id='n129' href='#n129'>129</a> | ||
182 | <a id='n130' href='#n130'>130</a> | ||
183 | <a id='n131' href='#n131'>131</a> | ||
184 | <a id='n132' href='#n132'>132</a> | ||
185 | <a id='n133' href='#n133'>133</a> | ||
186 | <a id='n134' href='#n134'>134</a> | ||
187 | <a id='n135' href='#n135'>135</a> | ||
188 | <a id='n136' href='#n136'>136</a> | ||
189 | <a id='n137' href='#n137'>137</a> | ||
190 | <a id='n138' href='#n138'>138</a> | ||
191 | <a id='n139' href='#n139'>139</a> | ||
192 | <a id='n140' href='#n140'>140</a> | ||
193 | <a id='n141' href='#n141'>141</a> | ||
194 | <a id='n142' href='#n142'>142</a> | ||
195 | <a id='n143' href='#n143'>143</a> | ||
196 | <a id='n144' href='#n144'>144</a> | ||
197 | <a id='n145' href='#n145'>145</a> | ||
198 | <a id='n146' href='#n146'>146</a> | ||
199 | <a id='n147' href='#n147'>147</a> | ||
200 | <a id='n148' href='#n148'>148</a> | ||
201 | <a id='n149' href='#n149'>149</a> | ||
202 | <a id='n150' href='#n150'>150</a> | ||
203 | <a id='n151' href='#n151'>151</a> | ||
204 | <a id='n152' href='#n152'>152</a> | ||
205 | <a id='n153' href='#n153'>153</a> | ||
206 | <a id='n154' href='#n154'>154</a> | ||
207 | <a id='n155' href='#n155'>155</a> | ||
208 | <a id='n156' href='#n156'>156</a> | ||
209 | <a id='n157' href='#n157'>157</a> | ||
210 | <a id='n158' href='#n158'>158</a> | ||
211 | <a id='n159' href='#n159'>159</a> | ||
212 | <a id='n160' href='#n160'>160</a> | ||
213 | <a id='n161' href='#n161'>161</a> | ||
214 | <a id='n162' href='#n162'>162</a> | ||
215 | <a id='n163' href='#n163'>163</a> | ||
216 | <a id='n164' href='#n164'>164</a> | ||
217 | <a id='n165' href='#n165'>165</a> | ||
218 | <a id='n166' href='#n166'>166</a> | ||
219 | <a id='n167' href='#n167'>167</a> | ||
220 | <a id='n168' href='#n168'>168</a> | ||
221 | <a id='n169' href='#n169'>169</a> | ||
222 | <a id='n170' href='#n170'>170</a> | ||
223 | <a id='n171' href='#n171'>171</a> | ||
224 | <a id='n172' href='#n172'>172</a> | ||
225 | <a id='n173' href='#n173'>173</a> | ||
226 | <a id='n174' href='#n174'>174</a> | ||
227 | <a id='n175' href='#n175'>175</a> | ||
228 | <a id='n176' href='#n176'>176</a> | ||
229 | <a id='n177' href='#n177'>177</a> | ||
230 | <a id='n178' href='#n178'>178</a> | ||
231 | <a id='n179' href='#n179'>179</a> | ||
232 | <a id='n180' href='#n180'>180</a> | ||
233 | <a id='n181' href='#n181'>181</a> | ||
234 | <a id='n182' href='#n182'>182</a> | ||
235 | <a id='n183' href='#n183'>183</a> | ||
236 | <a id='n184' href='#n184'>184</a> | ||
237 | <a id='n185' href='#n185'>185</a> | ||
238 | <a id='n186' href='#n186'>186</a> | ||
239 | <a id='n187' href='#n187'>187</a> | ||
240 | <a id='n188' href='#n188'>188</a> | ||
241 | <a id='n189' href='#n189'>189</a> | ||
242 | <a id='n190' href='#n190'>190</a> | ||
243 | <a id='n191' href='#n191'>191</a> | ||
244 | <a id='n192' href='#n192'>192</a> | ||
245 | <a id='n193' href='#n193'>193</a> | ||
246 | <a id='n194' href='#n194'>194</a> | ||
247 | <a id='n195' href='#n195'>195</a> | ||
248 | <a id='n196' href='#n196'>196</a> | ||
249 | <a id='n197' href='#n197'>197</a> | ||
250 | <a id='n198' href='#n198'>198</a> | ||
251 | <a id='n199' href='#n199'>199</a> | ||
252 | <a id='n200' href='#n200'>200</a> | ||
253 | <a id='n201' href='#n201'>201</a> | ||
254 | <a id='n202' href='#n202'>202</a> | ||
255 | <a id='n203' href='#n203'>203</a> | ||
256 | <a id='n204' href='#n204'>204</a> | ||
257 | <a id='n205' href='#n205'>205</a> | ||
258 | <a id='n206' href='#n206'>206</a> | ||
259 | <a id='n207' href='#n207'>207</a> | ||
260 | <a id='n208' href='#n208'>208</a> | ||
261 | <a id='n209' href='#n209'>209</a> | ||
262 | <a id='n210' href='#n210'>210</a> | ||
263 | <a id='n211' href='#n211'>211</a> | ||
264 | <a id='n212' href='#n212'>212</a> | ||
265 | <a id='n213' href='#n213'>213</a> | ||
266 | <a id='n214' href='#n214'>214</a> | ||
267 | <a id='n215' href='#n215'>215</a> | ||
268 | <a id='n216' href='#n216'>216</a> | ||
269 | <a id='n217' href='#n217'>217</a> | ||
270 | <a id='n218' href='#n218'>218</a> | ||
271 | <a id='n219' href='#n219'>219</a> | ||
272 | <a id='n220' href='#n220'>220</a> | ||
273 | <a id='n221' href='#n221'>221</a> | ||
274 | <a id='n222' href='#n222'>222</a> | ||
275 | <a id='n223' href='#n223'>223</a> | ||
276 | <a id='n224' href='#n224'>224</a> | ||
277 | <a id='n225' href='#n225'>225</a> | ||
278 | <a id='n226' href='#n226'>226</a> | ||
279 | <a id='n227' href='#n227'>227</a> | ||
280 | <a id='n228' href='#n228'>228</a> | ||
281 | <a id='n229' href='#n229'>229</a> | ||
282 | <a id='n230' href='#n230'>230</a> | ||
283 | <a id='n231' href='#n231'>231</a> | ||
284 | <a id='n232' href='#n232'>232</a> | ||
285 | <a id='n233' href='#n233'>233</a> | ||
286 | <a id='n234' href='#n234'>234</a> | ||
287 | <a id='n235' href='#n235'>235</a> | ||
288 | <a id='n236' href='#n236'>236</a> | ||
289 | <a id='n237' href='#n237'>237</a> | ||
290 | <a id='n238' href='#n238'>238</a> | ||
291 | <a id='n239' href='#n239'>239</a> | ||
292 | <a id='n240' href='#n240'>240</a> | ||
293 | <a id='n241' href='#n241'>241</a> | ||
294 | <a id='n242' href='#n242'>242</a> | ||
295 | <a id='n243' href='#n243'>243</a> | ||
296 | <a id='n244' href='#n244'>244</a> | ||
297 | <a id='n245' href='#n245'>245</a> | ||
298 | <a id='n246' href='#n246'>246</a> | ||
299 | <a id='n247' href='#n247'>247</a> | ||
300 | <a id='n248' href='#n248'>248</a> | ||
301 | <a id='n249' href='#n249'>249</a> | ||
302 | <a id='n250' href='#n250'>250</a> | ||
303 | <a id='n251' href='#n251'>251</a> | ||
304 | <a id='n252' href='#n252'>252</a> | ||
305 | <a id='n253' href='#n253'>253</a> | ||
306 | <a id='n254' href='#n254'>254</a> | ||
307 | <a id='n255' href='#n255'>255</a> | ||
308 | <a id='n256' href='#n256'>256</a> | ||
309 | <a id='n257' href='#n257'>257</a> | ||
310 | <a id='n258' href='#n258'>258</a> | ||
311 | <a id='n259' href='#n259'>259</a> | ||
312 | <a id='n260' href='#n260'>260</a> | ||
313 | <a id='n261' href='#n261'>261</a> | ||
314 | <a id='n262' href='#n262'>262</a> | ||
315 | <a id='n263' href='#n263'>263</a> | ||
316 | <a id='n264' href='#n264'>264</a> | ||
317 | <a id='n265' href='#n265'>265</a> | ||
318 | <a id='n266' href='#n266'>266</a> | ||
319 | <a id='n267' href='#n267'>267</a> | ||
320 | <a id='n268' href='#n268'>268</a> | ||
321 | <a id='n269' href='#n269'>269</a> | ||
322 | <a id='n270' href='#n270'>270</a> | ||
323 | <a id='n271' href='#n271'>271</a> | ||
324 | <a id='n272' href='#n272'>272</a> | ||
325 | <a id='n273' href='#n273'>273</a> | ||
326 | <a id='n274' href='#n274'>274</a> | ||
327 | <a id='n275' href='#n275'>275</a> | ||
328 | <a id='n276' href='#n276'>276</a> | ||
329 | <a id='n277' href='#n277'>277</a> | ||
330 | <a id='n278' href='#n278'>278</a> | ||
331 | <a id='n279' href='#n279'>279</a> | ||
332 | <a id='n280' href='#n280'>280</a> | ||
333 | <a id='n281' href='#n281'>281</a> | ||
334 | <a id='n282' href='#n282'>282</a> | ||
335 | <a id='n283' href='#n283'>283</a> | ||
336 | <a id='n284' href='#n284'>284</a> | ||
337 | <a id='n285' href='#n285'>285</a> | ||
338 | <a id='n286' href='#n286'>286</a> | ||
339 | <a id='n287' href='#n287'>287</a> | ||
340 | <a id='n288' href='#n288'>288</a> | ||
341 | <a id='n289' href='#n289'>289</a> | ||
342 | <a id='n290' href='#n290'>290</a> | ||
343 | <a id='n291' href='#n291'>291</a> | ||
344 | <a id='n292' href='#n292'>292</a> | ||
345 | <a id='n293' href='#n293'>293</a> | ||
346 | <a id='n294' href='#n294'>294</a> | ||
347 | <a id='n295' href='#n295'>295</a> | ||
348 | <a id='n296' href='#n296'>296</a> | ||
349 | <a id='n297' href='#n297'>297</a> | ||
350 | <a id='n298' href='#n298'>298</a> | ||
351 | <a id='n299' href='#n299'>299</a> | ||
352 | <a id='n300' href='#n300'>300</a> | ||
353 | <a id='n301' href='#n301'>301</a> | ||
354 | <a id='n302' href='#n302'>302</a> | ||
355 | <a id='n303' href='#n303'>303</a> | ||
356 | <a id='n304' href='#n304'>304</a> | ||
357 | <a id='n305' href='#n305'>305</a> | ||
358 | <a id='n306' href='#n306'>306</a> | ||
359 | <a id='n307' href='#n307'>307</a> | ||
360 | <a id='n308' href='#n308'>308</a> | ||
361 | <a id='n309' href='#n309'>309</a> | ||
362 | <a id='n310' href='#n310'>310</a> | ||
363 | <a id='n311' href='#n311'>311</a> | ||
364 | </pre></td> | ||
365 | <td class='lines'><pre><code>From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 | ||
366 | From: Ray Strode <rstrode@redhat.com> | ||
367 | Date: Tue, 5 May 2015 16:43:42 -0400 | ||
368 | Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] | ||
369 | |||
370 | Xwayland currently allows wide-open access to the X sockets | ||
371 | it listens on, ignoring Xauth access control. | ||
372 | |||
373 | This commit makes sure to enable access control on the sockets, | ||
374 | so one user can't snoop on another user's X-over-wayland | ||
375 | applications. | ||
376 | |||
377 | Signed-off-by: Ray Strode <rstrode@redhat.com> | ||
378 | Reviewed-by: Daniel Stone <daniels@collabora.com> | ||
379 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
380 | Signed-off-by: Keith Packard <keithp@keithp.com> | ||
381 | |||
382 | diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c | ||
383 | index 7e8d667..c5bee77 100644 | ||
384 | <span class="hl kwb">--- a/hw/xwayland/xwayland.c</span> | ||
385 | <span class="hl kwa">+++ b/hw/xwayland/xwayland.c</span> | ||
386 | @@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) | ||
387 | int i; | ||
388 | |||
389 | for (i = 0; i < xwl_screen->listen_fd_count; i++) | ||
390 | <span class="hl kwb">- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);</span> | ||
391 | <span class="hl kwa">+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);</span> | ||
392 | } | ||
393 | |||
394 | static void | ||
395 | <span class="hl kwb">-- </span> | ||
396 | cgit v0.10.2 | ||
397 | From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 | ||
398 | From: Ray Strode <rstrode@redhat.com> | ||
399 | Date: Tue, 5 May 2015 16:43:43 -0400 | ||
400 | Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] | ||
401 | |||
402 | If the X server is started without a '-auth' argument, then | ||
403 | it gets started wide open to all local users on the system. | ||
404 | |||
405 | This isn't a great default access model, but changing it in | ||
406 | Xorg at this point would break backward compatibility. | ||
407 | |||
408 | Xwayland, on the other hand is new, and much more targeted | ||
409 | in scope. It could, in theory, be changed to allow the much | ||
410 | more secure default of a "user who started X server can connect | ||
411 | clients to that server." | ||
412 | |||
413 | This commit paves the way for that change, by adding a mechanism | ||
414 | for DDXs to opt-in to that behavior. They merely need to call | ||
415 | |||
416 | LocalAccessScopeUser() | ||
417 | |||
418 | in their init functions. | ||
419 | |||
420 | A subsequent commit will add that call for Xwayland. | ||
421 | |||
422 | Signed-off-by: Ray Strode <rstrode@redhat.com> | ||
423 | Reviewed-by: Daniel Stone <daniels@collabora.com> | ||
424 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
425 | Signed-off-by: Keith Packard <keithp@keithp.com> | ||
426 | |||
427 | diff --git a/include/os.h b/include/os.h | ||
428 | index 6638c84..b2b96c8 100644 | ||
429 | <span class="hl kwb">--- a/include/os.h</span> | ||
430 | <span class="hl kwa">+++ b/include/os.h</span> | ||
431 | @@ -431,11 +431,28 @@ extern _X_EXPORT void | ||
432 | ResetHosts(const char *display); | ||
433 | |||
434 | extern _X_EXPORT void | ||
435 | <span class="hl kwa">+EnableLocalAccess(void);</span> | ||
436 | <span class="hl kwa">+</span> | ||
437 | <span class="hl kwa">+extern _X_EXPORT void</span> | ||
438 | <span class="hl kwa">+DisableLocalAccess(void);</span> | ||
439 | <span class="hl kwa">+</span> | ||
440 | <span class="hl kwa">+extern _X_EXPORT void</span> | ||
441 | EnableLocalHost(void); | ||
442 | |||
443 | extern _X_EXPORT void | ||
444 | DisableLocalHost(void); | ||
445 | |||
446 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> | ||
447 | <span class="hl kwa">+extern _X_EXPORT void</span> | ||
448 | <span class="hl kwa">+EnableLocalUser(void);</span> | ||
449 | <span class="hl kwa">+</span> | ||
450 | <span class="hl kwa">+extern _X_EXPORT void</span> | ||
451 | <span class="hl kwa">+DisableLocalUser(void);</span> | ||
452 | <span class="hl kwa">+</span> | ||
453 | <span class="hl kwa">+extern _X_EXPORT void</span> | ||
454 | <span class="hl kwa">+LocalAccessScopeUser(void);</span> | ||
455 | <span class="hl kwa">+#endif</span> | ||
456 | <span class="hl kwa">+</span> | ||
457 | extern _X_EXPORT void | ||
458 | AccessUsingXdmcp(void); | ||
459 | |||
460 | diff --git a/os/access.c b/os/access.c | ||
461 | index 8fa028e..75e7a69 100644 | ||
462 | <span class="hl kwb">--- a/os/access.c</span> | ||
463 | <span class="hl kwa">+++ b/os/access.c</span> | ||
464 | @@ -102,6 +102,10 @@ SOFTWARE. | ||
465 | #include <sys/ioctl.h> | ||
466 | #include <ctype.h> | ||
467 | |||
468 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> | ||
469 | <span class="hl kwa">+#include <pwd.h></span> | ||
470 | <span class="hl kwa">+#endif</span> | ||
471 | <span class="hl kwa">+</span> | ||
472 | #if defined(TCPCONN) || defined(STREAMSCONN) | ||
473 | #include <netinet/in.h> | ||
474 | #endif /* TCPCONN || STREAMSCONN */ | ||
475 | @@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; | ||
476 | static int LocalHostRequested = FALSE; | ||
477 | static int UsingXdmcp = FALSE; | ||
478 | |||
479 | <span class="hl kwa">+static enum {</span> | ||
480 | <span class="hl kwa">+ LOCAL_ACCESS_SCOPE_HOST = 0,</span> | ||
481 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> | ||
482 | <span class="hl kwa">+ LOCAL_ACCESS_SCOPE_USER,</span> | ||
483 | <span class="hl kwa">+#endif</span> | ||
484 | <span class="hl kwa">+} LocalAccessScope;</span> | ||
485 | <span class="hl kwa">+</span> | ||
486 | /* FamilyServerInterpreted implementation */ | ||
487 | static Bool siAddrMatch(int family, void *addr, int len, HOST * host, | ||
488 | ClientPtr client); | ||
489 | @@ -237,6 +248,21 @@ static void siTypesInitialize(void); | ||
490 | */ | ||
491 | |||
492 | void | ||
493 | <span class="hl kwa">+EnableLocalAccess(void)</span> | ||
494 | <span class="hl kwa">+{</span> | ||
495 | <span class="hl kwa">+ switch (LocalAccessScope) {</span> | ||
496 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_HOST:</span> | ||
497 | <span class="hl kwa">+ EnableLocalHost();</span> | ||
498 | <span class="hl kwa">+ break;</span> | ||
499 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> | ||
500 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_USER:</span> | ||
501 | <span class="hl kwa">+ EnableLocalUser();</span> | ||
502 | <span class="hl kwa">+ break;</span> | ||
503 | <span class="hl kwa">+#endif</span> | ||
504 | <span class="hl kwa">+ }</span> | ||
505 | <span class="hl kwa">+}</span> | ||
506 | <span class="hl kwa">+</span> | ||
507 | <span class="hl kwa">+void</span> | ||
508 | EnableLocalHost(void) | ||
509 | { | ||
510 | if (!UsingXdmcp) { | ||
511 | @@ -249,6 +275,21 @@ EnableLocalHost(void) | ||
512 | * called when authorization is enabled to keep us secure | ||
513 | */ | ||
514 | void | ||
515 | <span class="hl kwa">+DisableLocalAccess(void)</span> | ||
516 | <span class="hl kwa">+{</span> | ||
517 | <span class="hl kwa">+ switch (LocalAccessScope) {</span> | ||
518 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_HOST:</span> | ||
519 | <span class="hl kwa">+ DisableLocalHost();</span> | ||
520 | <span class="hl kwa">+ break;</span> | ||
521 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> | ||
522 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_USER:</span> | ||
523 | <span class="hl kwa">+ DisableLocalUser();</span> | ||
524 | <span class="hl kwa">+ break;</span> | ||
525 | <span class="hl kwa">+#endif</span> | ||
526 | <span class="hl kwa">+ }</span> | ||
527 | <span class="hl kwa">+}</span> | ||
528 | <span class="hl kwa">+</span> | ||
529 | <span class="hl kwa">+void</span> | ||
530 | DisableLocalHost(void) | ||
531 | { | ||
532 | HOST *self; | ||
533 | @@ -262,6 +303,74 @@ DisableLocalHost(void) | ||
534 | } | ||
535 | } | ||
536 | |||
537 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> | ||
538 | <span class="hl kwa">+static int GetLocalUserAddr(char **addr)</span> | ||
539 | <span class="hl kwa">+{</span> | ||
540 | <span class="hl kwa">+ static const char *type = "localuser";</span> | ||
541 | <span class="hl kwa">+ static const char delimiter = '\0';</span> | ||
542 | <span class="hl kwa">+ static const char *value;</span> | ||
543 | <span class="hl kwa">+ struct passwd *pw;</span> | ||
544 | <span class="hl kwa">+ int length = -1;</span> | ||
545 | <span class="hl kwa">+</span> | ||
546 | <span class="hl kwa">+ pw = getpwuid(getuid());</span> | ||
547 | <span class="hl kwa">+</span> | ||
548 | <span class="hl kwa">+ if (pw == NULL || pw->pw_name == NULL)</span> | ||
549 | <span class="hl kwa">+ goto out;</span> | ||
550 | <span class="hl kwa">+</span> | ||
551 | <span class="hl kwa">+ value = pw->pw_name;</span> | ||
552 | <span class="hl kwa">+</span> | ||
553 | <span class="hl kwa">+ length = asprintf(addr, "%s%c%s", type, delimiter, value);</span> | ||
554 | <span class="hl kwa">+</span> | ||
555 | <span class="hl kwa">+ if (length == -1) {</span> | ||
556 | <span class="hl kwa">+ goto out;</span> | ||
557 | <span class="hl kwa">+ }</span> | ||
558 | <span class="hl kwa">+</span> | ||
559 | <span class="hl kwa">+ /* Trailing NUL */</span> | ||
560 | <span class="hl kwa">+ length++;</span> | ||
561 | <span class="hl kwa">+</span> | ||
562 | <span class="hl kwa">+out:</span> | ||
563 | <span class="hl kwa">+ return length;</span> | ||
564 | <span class="hl kwa">+}</span> | ||
565 | <span class="hl kwa">+</span> | ||
566 | <span class="hl kwa">+void</span> | ||
567 | <span class="hl kwa">+EnableLocalUser(void)</span> | ||
568 | <span class="hl kwa">+{</span> | ||
569 | <span class="hl kwa">+ char *addr = NULL;</span> | ||
570 | <span class="hl kwa">+ int length = -1;</span> | ||
571 | <span class="hl kwa">+</span> | ||
572 | <span class="hl kwa">+ length = GetLocalUserAddr(&addr);</span> | ||
573 | <span class="hl kwa">+</span> | ||
574 | <span class="hl kwa">+ if (length == -1)</span> | ||
575 | <span class="hl kwa">+ return;</span> | ||
576 | <span class="hl kwa">+</span> | ||
577 | <span class="hl kwa">+ NewHost(FamilyServerInterpreted, addr, length, TRUE);</span> | ||
578 | <span class="hl kwa">+</span> | ||
579 | <span class="hl kwa">+ free(addr);</span> | ||
580 | <span class="hl kwa">+}</span> | ||
581 | <span class="hl kwa">+</span> | ||
582 | <span class="hl kwa">+void</span> | ||
583 | <span class="hl kwa">+DisableLocalUser(void)</span> | ||
584 | <span class="hl kwa">+{</span> | ||
585 | <span class="hl kwa">+ char *addr = NULL;</span> | ||
586 | <span class="hl kwa">+ int length = -1;</span> | ||
587 | <span class="hl kwa">+</span> | ||
588 | <span class="hl kwa">+ length = GetLocalUserAddr(&addr);</span> | ||
589 | <span class="hl kwa">+</span> | ||
590 | <span class="hl kwa">+ if (length == -1)</span> | ||
591 | <span class="hl kwa">+ return;</span> | ||
592 | <span class="hl kwa">+</span> | ||
593 | <span class="hl kwa">+ RemoveHost(NULL, FamilyServerInterpreted, length, addr);</span> | ||
594 | <span class="hl kwa">+</span> | ||
595 | <span class="hl kwa">+ free(addr);</span> | ||
596 | <span class="hl kwa">+}</span> | ||
597 | <span class="hl kwa">+</span> | ||
598 | <span class="hl kwa">+void</span> | ||
599 | <span class="hl kwa">+LocalAccessScopeUser(void)</span> | ||
600 | <span class="hl kwa">+{</span> | ||
601 | <span class="hl kwa">+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER;</span> | ||
602 | <span class="hl kwa">+}</span> | ||
603 | <span class="hl kwa">+#endif</span> | ||
604 | <span class="hl kwa">+</span> | ||
605 | /* | ||
606 | * called at init time when XDMCP will be used; xdmcp always | ||
607 | * adds local hosts manually when needed | ||
608 | diff --git a/os/auth.c b/os/auth.c | ||
609 | index 5fcb538..7da6fc6 100644 | ||
610 | <span class="hl kwb">--- a/os/auth.c</span> | ||
611 | <span class="hl kwa">+++ b/os/auth.c</span> | ||
612 | @@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, | ||
613 | |||
614 | /* | ||
615 | * If the authorization file has at least one entry for this server, | ||
616 | <span class="hl kwb">- * disable local host access. (loadauth > 0)</span> | ||
617 | <span class="hl kwa">+ * disable local access. (loadauth > 0)</span> | ||
618 | * | ||
619 | * If there are zero entries (either initially or when the | ||
620 | * authorization file is later reloaded), or if a valid | ||
621 | <span class="hl kwb">- * authorization file was never loaded, enable local host access.</span> | ||
622 | <span class="hl kwa">+ * authorization file was never loaded, enable local access.</span> | ||
623 | * (loadauth == 0 || !loaded) | ||
624 | * | ||
625 | * If the authorization file was loaded initially (with valid | ||
626 | @@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, | ||
627 | */ | ||
628 | |||
629 | if (loadauth > 0) { | ||
630 | <span class="hl kwb">- DisableLocalHost(); /* got at least one */</span> | ||
631 | <span class="hl kwa">+ DisableLocalAccess(); /* got at least one */</span> | ||
632 | loaded = TRUE; | ||
633 | } | ||
634 | else if (loadauth == 0 || !loaded) | ||
635 | <span class="hl kwb">- EnableLocalHost();</span> | ||
636 | <span class="hl kwa">+ EnableLocalAccess();</span> | ||
637 | } | ||
638 | if (name_length) { | ||
639 | for (i = 0; i < NUM_AUTHORIZATION; i++) { | ||
640 | <span class="hl kwb">-- </span> | ||
641 | cgit v0.10.2 | ||
642 | From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 | ||
643 | From: Ray Strode <rstrode@redhat.com> | ||
644 | Date: Tue, 5 May 2015 16:43:44 -0400 | ||
645 | Subject: xwayland: default to local user if no xauth file given. | ||
646 | [CVE-2015-3164 3/3] | ||
647 | |||
648 | Right now if "-auth" isn't passed on the command line, we let | ||
649 | any user on the system connect to the Xwayland server. | ||
650 | |||
651 | That's clearly suboptimal, given Xwayland is generally designed | ||
652 | to be used by one user at a time. | ||
653 | |||
654 | This commit changes the behavior, so only the user who started the | ||
655 | X server can connect clients to it. | ||
656 | |||
657 | Signed-off-by: Ray Strode <rstrode@redhat.com> | ||
658 | Reviewed-by: Daniel Stone <daniels@collabora.com> | ||
659 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
660 | Signed-off-by: Keith Packard <keithp@keithp.com> | ||
661 | |||
662 | diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c | ||
663 | index c5bee77..bc92beb 100644 | ||
664 | <span class="hl kwb">--- a/hw/xwayland/xwayland.c</span> | ||
665 | <span class="hl kwa">+++ b/hw/xwayland/xwayland.c</span> | ||
666 | @@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) | ||
667 | if (AddScreen(xwl_screen_init, argc, argv) == -1) { | ||
668 | FatalError("Couldn't add screen\n"); | ||
669 | } | ||
670 | <span class="hl kwa">+</span> | ||
671 | <span class="hl kwa">+ LocalAccessScopeUser();</span> | ||
672 | } | ||
673 | <span class="hl kwb">-- </span> | ||
674 | cgit v0.10.2 | ||
675 | |||
676 | </code></pre></td></tr></table> | ||
677 | </div> <!-- class=content --> | ||
678 | <div class="foot" style="padding-left:1em;padding-right:1em;"> | ||
679 | <p>Copyright © 2002-2014 <a href="mailto:jvinet@zeroflux.org" | ||
680 | title="contact Judd Vinet">Judd Vinet</a> and <a href="mailto:aaron@archlinux.org" | ||
681 | title="contact Aaron Griffin">Aaron Griffin</a>. The Arch Linux name and logo | ||
682 | are recognized trademarks. Some rights reserved. The registered trademark | ||
683 | Linux® is used pursuant to a sublicense from LMI, the exclusive licensee | ||
684 | of Linus Torvalds, owner of the mark on a world-wide basis.</p> | ||
685 | </div> | ||
686 | </div> <!-- id=cgit --> | ||
687 | </body> | ||
688 | </html> |