diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index e9c310b84f17..e5b7a9a34021 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -221,7 +221,7 @@ in xorgserver = attrs: attrs // { configureFlags = "--enable-xcsecurity"; # enable SECURITY extension - patches = [./xorgserver-dri-path.patch ./xorgserver-xkbcomp-path.patch]; + patches = [./xorgserver-dri-path.patch ./xorgserver-xkbcomp-path.patch ./xorgserver12-CVE-1940.patch]; buildInputs = attrs.buildInputs ++ [ args.zlib args.udev args.mesa args.dbus.libs xorg.xf86bigfontproto xorg.glproto xorg.xf86driproto diff --git a/pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch b/pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch new file mode 100644 index 000000000000..d85494f90293 --- /dev/null +++ b/pkgs/servers/x11/xorg/xorgserver12-CVE-1940.patch @@ -0,0 +1,34 @@ +From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Wed, 10 Apr 2013 06:09:01 +0000 +Subject: xf86: fix flush input to work with Linux evdev devices. + +So when we VT switch back and attempt to flush the input devices, +we don't succeed because evdev won't return part of an event, +since we were only asking for 4 bytes, we'd only get -EINVAL back. + +This could later cause events to be flushed that we shouldn't have +gotten. + +This is a fix for CVE-2013-1940. + +Signed-off-by: Dave Airlie +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer +--- +diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c +index ab3757a..4d08c1e 100644 +--- a/hw/xfree86/os-support/shared/posix_tty.c ++++ b/hw/xfree86/os-support/shared/posix_tty.c +@@ -421,7 +421,8 @@ xf86FlushInput(int fd) + { + fd_set fds; + struct timeval timeout; +- char c[4]; ++ /* this needs to be big enough to flush an evdev event. */ ++ char c[256]; + + DebugF("FlushingSerial\n"); + if (tcflush(fd, TCIFLUSH) == 0) +-- +cgit v0.9.0.2-2-gbebe