Merge branch 'ubuntu'
authorXavier Boudet <x-boudet@ti.com>
Thu, 30 Aug 2012 12:59:01 +0000 (14:59 +0200)
committerXavier Boudet <x-boudet@ti.com>
Thu, 30 Aug 2012 12:59:01 +0000 (14:59 +0200)
Conflicts:
debian/changelog
debian/patches/series

debian/changelog
debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch [new file with mode: 0644]
debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch [new file with mode: 0644]
debian/patches/series

index c6733480fde422dd19695767af75234a0a65f34f..6ca7701b558e4ba165ad8e23d875414a927ec0fb 100644 (file)
@@ -1,21 +1,11 @@
-xorg-server (2:1.11.4-0ubuntu10.7+ti2.0) precise; urgency=low
+xorg-server (2:1.11.4-0ubuntu10.8) precise-proposed; urgency=low
 
-  [Ricardo Salveti de Araujo <ricardo.salveti@linaro.org>]
-  * debian/patches/111_armel-drv-fallbacks.patch:
-     - Refresh patch to also include the omap driver together with pvr
   * Add upstream patches to avoid seg fault in case the user is running with
     multiple screens and xrandr is only enabled at one (LP: #1015292):
-    - 516-randr-first-check-pScrPriv-before-using-the-pointer.patch
-    - 517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch
-
- -- Xavier Boudet <x-boudet@ti.com>  Tue, 21 Aug 2012 16:51:11 +0200
-
-xorg-server (2:1.11.4-0ubuntu10.7+ti1.0) precise; urgency=low
-
-  * Rebased dri2video support on 0ubuntu10.7
-  * Add patches for driver to handle the transform 
+    - 229_randr_first_check_pScrPriv_before_using_the_pointer.patch
+    - 230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
 
- -- Xavier Boudet <x-boudet@ti.com>  Tue, 07 Aug 2012 11:06:32 +0200
+ -- Ricardo Salveti de Araujo <ricardo.salveti@linaro.org>  Thu, 19 Jul 2012 22:57:12 -0300
 
 xorg-server (2:1.11.4-0ubuntu10.7) precise-proposed; urgency=low
 
diff --git a/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch b/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch
new file mode 100644 (file)
index 0000000..8c9cf71
--- /dev/null
@@ -0,0 +1,30 @@
+From 32603f57ca03b6390b109960f8bb5ea53ac95ecb Mon Sep 17 00:00:00 2001
+From: Ricardo Salveti de Araujo <ricardo.salveti@linaro.org>
+Date: Thu, 21 Jun 2012 00:55:53 -0300
+Subject: [PATCH] randr: first check pScrPriv before using the pointer at
+ RRFirstOutput
+
+Fix a seg fault in case pScrPriv is NULL at ProcRRGetScreenInfo,
+which later calls RRFirstOutput.
+
+Signed-off-by: Ricardo Salveti de Araujo <ricardo.salveti@linaro.org>
+Reviewed-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+---
+ randr/randr.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: xorg-server-1.11.4/randr/randr.c
+===================================================================
+--- xorg-server-1.11.4.orig/randr/randr.c      2012-07-17 18:46:06.000000000 -0300
++++ xorg-server-1.11.4/randr/randr.c   2012-07-17 18:48:35.169824448 -0300
+@@ -454,6 +454,9 @@
+     rrScrPriv(pScreen);
+     RROutputPtr                   output;
+     int       i, j;
++
++    if (!pScrPriv)
++        return NULL;
+     
+     if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc)
+       return pScrPriv->primaryOutput;
diff --git a/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch b/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
new file mode 100644 (file)
index 0000000..e37d073
--- /dev/null
@@ -0,0 +1,52 @@
+From 855003c333a0ead1db912695bc9705ef2b3144b4 Mon Sep 17 00:00:00 2001
+From: Keith Packard <keithp@keithp.com>
+Date: Thu, 21 Jun 2012 18:45:18 -0700
+Subject: [PATCH] randr: Catch two more potential unset rrScrPriv uses
+
+Ricardo Salveti <ricardo.salveti@linaro.org> found one place where the
+randr code could use the randr screen private data without checking
+for null first. This happens when the X server is running with
+multiple screens, some of which are randr enabled and some of which
+are not. Applications making protocol requests to the non-randr
+screens can cause segfaults where the server touches the unset private
+structure.
+
+I audited the code and found two more possible problem spots; the
+trick to auditing for this issue was to look for functions not taking
+a RandR data structure and where there was no null screen private
+check above them in the call graph.
+
+Signed-off-by: Keith Packard <keithp@keithp.com>
+---
+ randr/rroutput.c |    3 ++-
+ randr/rrscreen.c |    3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/randr/rroutput.c b/randr/rroutput.c
+index 091e06b..fbd0e32 100644
+--- a/randr/rroutput.c
++++ b/randr/rroutput.c
+@@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client)
+     }
+     pScrPriv = rrGetScrPriv(pWin->drawable.pScreen);
+-    RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
++    if (pScrPriv)
++        RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
+     return Success;
+ }
+diff --git a/randr/rrscreen.c b/randr/rrscreen.c
+index f570afa..55110e0 100644
+--- a/randr/rrscreen.c
++++ b/randr/rrscreen.c
+@@ -261,6 +261,9 @@
+     pScreen = pWin->drawable.pScreen;
+     pScrPriv = rrGetScrPriv(pScreen);
++    if (!pScrPriv)
++        return BadMatch;
++
+     if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width)
+     {
+       client->errorValue = stuff->width;
index 325ccbe1d665e929b45f115c079619932cd89885..14910e7e1757a5885e5140c9455d3721a1a99e0e 100644 (file)
 226_fall_back_to_autoconfiguration.patch
 227_null_ptr_midispcur.patch
 228_log-format-fix.patch
+229_randr_first_check_pScrPriv_before_using_the_pointer.patch
+230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
 
 ## Input Stack Patches (from xserver 1.12) ##
 500_pointer_barrier_thresholds.diff
 505_query_pointer_touchscreen.patch
 506_touchscreen_pointer_emulation_checks.patch
 507_touchscreen_fixes.patch
-
 # Patch 508 attempted to fix LP: #968845, but caused regression
 # crash bug #1009629.  Patches 510-515 attempted to fix that
 # regression, but this led to the severe crash bug #1021517.
@@ -56,6 +57,3 @@
 1001-xfree86-modes-Let-the-driver-handle-the-transform.patch
 1002-xfree86-modes-Make-cursor-position-transform-a-helpe.patch
 
-# Upstream patches
-516-randr-first-check-pScrPriv-before-using-the-pointer.patch
-517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch