Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Fedora Core Advisory: XFree86

Feb 15, 2004, 20:01 (0 Talkback[s])

Fedora Update Notification
FEDORA-2004-069
2004-02-13

Name : XFree86
Version : 4.3.0
Release : 55
Summary : The basic fonts, programs and docs for an X workstation.

Description :
XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.


Update Information:

Updated XFree86 packages that fix a privilege escalation vulnerability are now available.

XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers.

iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues.

Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0106 to these issues.

All users of XFree86 are advised to upgrade to these erratum packages, which contain a backported fix and are not vulnerable to these issues.

Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues.


* Thu Feb 12 2004 Mike A. Harris <mharris@redhat.com> 4.3.0-55
  • Added {x11datadir}/X11/xinit back to package list, which seems to have been inadvertently dropped during attempts to get package to compile on Red Hat Linux 9 s390 builds earlier this week.
  • Added XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106.patch to fix all recent security flaws in libXfont which are outlined in CAN-2004-0083, CAN-2004-0084, CAN-2004-0106, discovered by iDefense, David Dawes and others. This patch replace all previous libXfont patches from XFree86 builds 4.3.0-49 through to present.
  • Added XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2.patch which is the same as the above patch, but modified to cleanly apply to 4.3.0, renamed to keep all patches present in src.rpm for comparative purposes.
  • Built 4.3.0-54 with target build_yarrow for Fedora Core 1 erratum
  • Built 4.3.0-54.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
  • Built 4.3.0-2.90.54 with target build_shrike for Red Hat Linux 9 erratum
  • Added XFree86-4.3.0-security-dirname-CAN-2004-0106.patch which replaces XFree86-4.3.0-security-fonts-alias-dirname3.patch, the new patch being the same but without the second hunk, as the patch Keith wrote for CAN-2004-0083 and CAN-2004-0084 already handled that issue so there was a conflict.
  • Built 4.3.0-53 with target build_yarrow for Fedora Core 1 erratum
  • Built 4.3.0-53.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
  • Built 4.3.0-2.90.53 with target build_shrike for Red Hat Linux 9 erratum
  • Added XFree86-4.3.0-security-fonts-alias-dirname3.patch in order to fix 2 additional buffer overflows in libXfont, discovered by iDefense and David Dawes. No CVE assignment has been provided yet.
  • Built 4.3.0-52 with target build_yarrow for Fedora Core 1 erratum
  • Built 4.3.0-52.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
  • Built 4.3.0-2.90.52 with target build_shrike for Red Hat Linux 9 erratum
  • Added XFree86-4.3.0-security-dirname-CAN-2004-0083-CAN-2004-0084-keithp.patch alternative patch written by Keith Packard, to fix CAN-2004-0083 and CAN-2004-0084 security issues
  • Added XFree86-4.3.0-security-fonts-alias-dirname-CAN-2004-0084.patch to the package, but disabled for now while we test the above patch from Keith Packard which addresses both security issues.
  • Built 4.3.0-51 with target build_yarrow for Fedora Core 1 erratum
  • Built 4.3.0-51.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
  • Built 4.3.0-2.90.51 with target build_shrike for Red Hat Linux 9 erratum
  • Fix issues detected in QA testing
  • Built 4.3.0-50 with target build_yarrow for Fedora Core 1 erratum
  • Built 4.3.0-50.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
  • Built 4.3.0-2.90.50 with target build_shrike for Red Hat Linux 9 erratum
  • Built 4.3.0-2.90.49 with target build_shrike for Red Hat Linux 9 erratum
  • Split {_x11datadir}/X11/etc/* glob previously wrapped using with_Xserver into a with_xterm portion and with_Xterm portion with the dir being always included, in order to work around obscure build failure on s390 on RHL 9. Yes this is an insane problem to have to fix because we do not ship an RHL 9 s390 product and never will. But we seek perfection however, and who knows, maybe next week we will release a Red Hat Linux 9 port to s390 for consumer desktops or something. <grin>
  • Rename with_included_xterm macro to with_xterm for naming consistency with other options, as it threw me off.
  • Built 4.3.0-49.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
  • Added XFree86-4.3.0-security-fonts-alias-dirname-CAN-2004-0083.patch to fix security issue in core fonts backend reported by iDefense in CAN-2004-0083
  • Added build_maintainer_mode distribution version autodetection to simplify local build testing procedures, added dist_ver macro, dist_test parameterized macro (to keep jbj on his toes), and updated build_xxxx target autoconfig when build_auto_mode is enabled. This only affects local builds, not any Red Hat builds.
  • Enabled radeon-agp-detection-using-capability-list-walk patch on all builds, which was inadvertently left off on some due to misplaced macro conditional
  • Built 4.3.0-49 with target build_yarrow for Fedora Core 1 erratum
  • Rebuilt with build_taroon for RHEL 3 testing
  • Added XFree86-4.3.0-Xserver-dix-xkb-key-repeating-bug-CVS-backport.patch to fix a bug in DIX when xkb is being used that causes keys to repeat spuriously on some hardware under certain system loads. This patch has been backported from the 4.3.0-48 developmental head package. (#76959,114635)
  • Added XFree86-4.3.0-XRes-IncludeSharedObjectInNormalLib.patch to make libXRes get built PIC for bug (#114292)
  • Updated XFree86-4.3.0-missing-lib-sharedreqs.patch to remove dependancy on libXt caused by improper dependancy listing in SharedXmuuReqs (#113336)
  • Build test release for RHEL3 U2 testing
  • Temporary fork of 4.3.0-45 to add some patches for test builds, until post 4.3.0-45 (4.3.0-46 through 4.3.0-50) local-work-in-progress stuff is in clean enough shape for tree inclusion
  • Added XFree86-4.3.0-fixes-for-freetype-2.1.7-v2.patch so that XFree86 will build properly against freetype 2.1.7 (#114343)
  • Implemented new AGP/PCI autodetection in the Radeon driver by examining PCI configuration space and walking the PCI extended capabilities list in order to determine if the device implements the AGP capability. This code should work on _any_ AGP/PCI hardware generically and should be factored out into generic X server code in future XFree86 releases so all drivers can benefit from it. XFree86-4.3.0-radeon-agp-detection-using-capability-list-walk.patch should fix all Radeon PCI/AGP autodetection bugs, including (#111191). Some AGP Radeon users may experience a performance boost with this new driver if their card was misdetected and treated as PCI before, as pcigart mode works on AGP hardware, but is slower than using AGP.
  • Fixed build_rawhide to work the same as build_yarrow everywhere since the two are functionally identical for the time being.
  • Rebuilt 4.3.0-44 as 4.3.0-44.EL for RHEL3 QU1 update
  • Added XFree86-4.3.0-libfontenc-IncludeSharedObjectInNormalLib.patch to fix KDE build problem on AMD64 which links to the static libfontenc library and fails because it wasn't compiled with -fPIC, reported in bug (#111058)
  • Enable the open source vmware_drv.o video driver that ships with XFree86 on all builds now, to supply this driver as-is to users as a convenience although it is still unsupported by Red Hat. Users encountering video or other X related problems with this driver, need to report their problems directly to XFree86.org, or to VMware Inc.
  • Rebuild in rawhide for FC2 development
  • Added XFree86-4.3.0-nv-riva-videomem-autodetection-debugging.patch to be able to debug Riva TNT memory autodetection problems in the future (#109459)
  • Added new build_rawhide flag to wrap experimental changes and test patches with for Rawhide builds
  • Rename rpm macro from tlssubdir to _tlsdir, and enforce it's usage everywhere in the spec file
  • Rebuild 4.3.0-43 for Red Hat Linux 9 erratum with build_shrike set
  • Updated to XFree86-4.3.0-xf-4_3-branch-2003-11-03.patch to pick up latest fixes in the XFree86 4.3.x stable branch including:
    • Fix for crash on ia64 because of wrong setjmp buffer alignment (John Dennis)
    • Close freetype fontfile filehandle in mkfontscale, this prevents problems from limitation of simultaniously open files
    • Fixed erronous freeing of DisplayModeRec in xf86DeleteMode() when deleting the modePool in xf86PruneDriverModes() the 'prev' member has a different meaning for modePool modes than for ScrnInfoPtr->modes modes where it creates a doubly linked list
    • Fix some i830+ VT switch/exit crashes
    • Fix DRM_CAS on ia64 as used by the DRI (Bugzilla #778, John Dennis).
  • Removed XFree86-4.3.0-Xlib-XIM-bugfix-from-XFree86-bugzilla.patch, XFree86-4.3.0-ia64-setjmp-alignment.patch
  • Updated XFree86-4.3.0-ia64-drm-locking.patch as part of it is in the stable branch patch now.
  • Updated some spec file comments, and other mostly cosmetic changes.
  • Fixed some mistakes in spec file changelog dates.
  • Enable new Radeon support patches for shrike builds also to support newer Radeon hardware, so future erratum picks up these enhancements.
  • Backport XFree86-4.3.0-RandR-refresh-rate-rounding-error-fix-from-CVSHEAD.patch from CVS HEAD in order to fix bug (#108008)
  • Added XFree86-4.3.0-vidmode-SEGV-fix-from-CVS-HEAD.patch, backported from CVS HEAD to fix a SEGV in the vidmode extension (#101276)
  • Renamed build_cambridge target to build_yarrow to indicate the change from project name to final product name.
  • Added XFree86-4.3.0-rendition-complete-driver-backport-CVS20031031.patch which is a backport of the rendition driver from CVS head, including a couple bug fixes and the rest of changes are cosmetic. (#108693)
  • Disabled XFree86-4.3.0-rendition-disable-cause-of-SEGV.patch which should now be obsolete from above rendition driver backport.
  • This release is the long awaited answer to the meaning of life, the universe and everything.
  • Added XFree86-4.3.0-redhat-exec-shield-GNU-stack.patch to make the complete XFree86 build including Mesa et al. exec-shield friendly (arjanv, mharris)
  • Updated to new XFree86-4.3.0-Mesa-SSE-fixes-from-MesaCVS-v2.patch which should fix compatibility problems between DRI and 2.6.x kernels which were caused by the previous version of this patch. Linus reported the fix for this with details of the problem, and explanation of the solution, which I extracted out of CVS (#107932,106566,107829)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

46d4fad36fa397d351705442806a55f8 SRPMS/XFree86-4.3.0-55.src.rpm
eaa18d075933f605fb6c19a9b180ec1c i386/XFree86-4.3.0-55.i386.rpm
daacc9c8fe9b6c9f5f5771a8b0cf87bc i386/XFree86-devel-4.3.0-55.i386.rpm
569907746b3a7d477f787dbe73401fd7 i386/XFree86-font-utils-4.3.0-55.i386.rpm
8e8f3b42277228aa45f0c872c3a65b8d i386/XFree86-xfs-4.3.0-55.i386.rpm
26ee40c0d60377f5ce1b8194c5466d4a i386/XFree86-twm-4.3.0-55.i386.rpm
e7e81b18626ae9a344e5574174420e32 i386/XFree86-xdm-4.3.0-55.i386.rpm
27789e66d96649e7e8bf62a307f5e68d i386/XFree86-libs-4.3.0-55.i386.rpm
b430abfefec36784e994ed5bf83d3ad9 i386/XFree86-libs-data-4.3.0-55.i386.rpm
46cf2ad73245f4ac966b7454bd310d88 i386/XFree86-base-fonts-4.3.0-55.i386.rpm
52b542cad1b247baadcea05e2e1c91dd i386/XFree86-truetype-fonts-4.3.0-55.i386.rpm
fb9cc6191cb98dd93ef6ec71a167fb7e i386/XFree86-syriac-fonts-4.3.0-55.i386.rpm
fb2926cae361d65cf6c78a7ca7ce88d8 i386/XFree86-75dpi-fonts-4.3.0-55.i386.rpm
f0415822893f04c481ebfc473ffdff22 i386/XFree86-100dpi-fonts-4.3.0-55.i386.rpm
efde62414088faf5789179176e6911e1 i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-55.i386.rpm
0cc9300e3c46d2d0346af3c2d0664834 i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-55.i386.rpm
8c6f63975595f1bbb3f5404322230c5a i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-55.i386.rpm
06cf300fb6b9c8c6eed3092d0ad1d3bb i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-55.i386.rpm
52c0f8f22e413279afee17df2ae2bb78 i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-55.i386.rpm
b24b694caeee5c983cacbfc6937fce49 i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-55.i386.rpm
27e52ae1bb82fa59f9a1ae6c331bcce9 i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-55.i386.rpm
d6d91aa0756c9519bfe6de3ad6af3809 i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-55.i386.rpm
e071fc5a16476dbf7d9c321ec088a384 i386/XFree86-cyrillic-fonts-4.3.0-55.i386.rpm
6cb9ea90c43132853e8809aaff48a267 i386/XFree86-doc-4.3.0-55.i386.rpm
700d174f88e364cefe89bf5dcaf93033 i386/XFree86-Xnest-4.3.0-55.i386.rpm
1d81c120f7775261ee76b4ecd521485d i386/XFree86-Xvfb-4.3.0-55.i386.rpm
22718bdd290a8c7b86e12a7924531e55 i386/XFree86-tools-4.3.0-55.i386.rpm
d4cbd6bd883f061d091458ce02a3f487 i386/XFree86-xauth-4.3.0-55.i386.rpm
6477ce536f8d084b48ae7aa9cf30c5c0 i386/XFree86-Mesa-libGL-4.3.0-55.i386.rpm
949ea216b0666dc971cd369661a49ec8 i386/XFree86-Mesa-libGLU-4.3.0-55.i386.rpm
89e0f5723f835b75dd265d8e7f40ab1e i386/XFree86-sdk-4.3.0-55.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.