Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

Fedora Update

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
This update can be installed with Yum Update Agent; you can type 'yum update' command in the terminal.
This update can also be installed with the Red Hat Update Agent; you can launch the Red Hat Update Agent with the 'up2date' command in the terminal.

Fedora Core 1 Update: XFree86-4.3.0-55

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-069
2004-02-13
---------------------------------------------------------------------

Name        : XFree86
Version     : 4.3.0                      
Release     : 55                  
Summary     : The basic fonts, programs and docs for an X workstation.
Description :
XFree86 is an open source implementation of the X Window System.  It
provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.

---------------------------------------------------------------------
Update Information:

Updated XFree86 packages that fix a privilege escalation vulnerability are
now available.

XFree86 is an implementation of the X Window System, providing the core
graphical user interface and video drivers.

iDefense discovered two buffer overflows in the parsing of the 'font.alias'
file. A local attacker could exploit this vulnerability by creating a
carefully-crafted file and gaining root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0083 and CAN-2004-0084 to these issues.

Additionally David Dawes discovered additional flaws in reading font files.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0106 to these issues.

All users of XFree86 are advised to upgrade to these erratum packages,
which contain a backported fix and are not vulnerable to these issues.

Red Hat would like to thank David Dawes from XFree86 for the patches and
notification of these issues.

---------------------------------------------------------------------
* Thu Feb 12 2004 Mike A. Harris  4.3.0-55

- Added {x11datadir}/X11/xinit back to package list, which seems to have been
 inadvertently dropped during attempts to get package to compile on Red Hat
 Linux 9 s390 builds earlier this week.

* Wed Feb 11 2004 Mike A. Harris  4.3.0-54

- Added XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106.patch
 to fix all recent security flaws in libXfont which are outlined in
 CAN-2004-0083, CAN-2004-0084, CAN-2004-0106, discovered by iDefense, David
 Dawes and others.  This patch replace all previous libXfont patches from
 XFree86 builds 4.3.0-49 through to present.
- Added XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2.patch
 which is the same as the above patch, but modified to cleanly apply to 4.3.0,
 renamed to keep all patches present in src.rpm for comparative purposes.
- Built 4.3.0-54 with target build_yarrow for Fedora Core 1 erratum
- Built 4.3.0-54.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
- Built 4.3.0-2.90.54 with target build_shrike for Red Hat Linux 9 erratum

* Tue Feb 10 2004 Mike A. Harris  4.3.0-53

- Added XFree86-4.3.0-security-dirname-CAN-2004-0106.patch which replaces
 XFree86-4.3.0-security-fonts-alias-dirname3.patch, the new patch being the
 same but without the second hunk, as the patch Keith wrote for CAN-2004-0083
 and CAN-2004-0084 already handled that issue so there was a conflict.
- Built 4.3.0-53 with target build_yarrow for Fedora Core 1 erratum
- Built 4.3.0-53.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
- Built 4.3.0-2.90.53 with target build_shrike for Red Hat Linux 9 erratum

* Tue Feb 10 2004 Mike A. Harris  4.3.0-52

- Added XFree86-4.3.0-security-fonts-alias-dirname3.patch in order to fix 2
 additional buffer overflows in libXfont, discovered by iDefense and David
 Dawes.  No CVE assignment has been provided yet.
- Built 4.3.0-52 with target build_yarrow for Fedora Core 1 erratum
- Built 4.3.0-52.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
- Built 4.3.0-2.90.52 with target build_shrike for Red Hat Linux 9 erratum

* Tue Feb 10 2004 Mike A. Harris  4.3.0-51

- Added XFree86-4.3.0-security-dirname-CAN-2004-0083-CAN-2004-0084-keithp.patch
 alternative patch written by Keith Packard, to fix CAN-2004-0083 and
 CAN-2004-0084 security issues
- Added XFree86-4.3.0-security-fonts-alias-dirname-CAN-2004-0084.patch to the
 package, but disabled for now while we test the above patch from Keith
 Packard which addresses both security issues.
- Built 4.3.0-51 with target build_yarrow for Fedora Core 1 erratum
- Built 4.3.0-51.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
- Built 4.3.0-2.90.51 with target build_shrike for Red Hat Linux 9 erratum

* Mon Feb 09 2004 Mike A. Harris  4.3.0-50

- Fix issues detected in QA testing
- Built 4.3.0-50 with target build_yarrow for Fedora Core 1 erratum
- Built 4.3.0-50.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum
- Built 4.3.0-2.90.50 with target build_shrike for Red Hat Linux 9 erratum

* Wed Feb 04 2004 Mike A. Harris  4.3.0-2.90.49

- Built 4.3.0-2.90.49 with target build_shrike for Red Hat Linux 9 erratum
- Split {_x11datadir}/X11/etc/* glob previously wrapped using with_Xserver into a
 with_xterm portion and with_Xterm portion with the dir being always included,
 in order to work around obscure build failure on s390 on RHL 9.  Yes this is
 an insane problem to have to fix because we do not ship an RHL 9 s390 product
 and never will.  But we seek perfection however, and who knows, maybe next
 week we will release a Red Hat Linux 9 port to s390 for consumer desktops or
 something.  
- Rename with_included_xterm macro to with_xterm for naming consistency with
 other options, as it threw me off.

* Wed Feb 04 2004 Mike A. Harris  4.3.0-49.EL

- Built 4.3.0-49.EL with target build_taroon for Red Hat Enterprise Linux 3 erratum

* Wed Feb 04 2004 Mike A. Harris  4.3.0-49

- Added XFree86-4.3.0-security-fonts-alias-dirname-CAN-2004-0083.patch to
 fix security issue in core fonts backend reported by iDefense in CAN-2004-0083
- Added build_maintainer_mode distribution version autodetection to simplify
 local build testing procedures, added dist_ver macro, dist_test parameterized
 macro (to keep jbj on his toes), and updated build_xxxx target autoconfig
 when build_auto_mode is enabled.  This only affects local builds, not any
 Red Hat builds.
- Enabled radeon-agp-detection-using-capability-list-walk patch on all builds,
 which was inadvertently left off on some due to misplaced macro conditional
- Built 4.3.0-49 with target build_yarrow for Fedora Core 1 erratum

* Sun Feb 01 2004 Mike A. Harris  4.3.0-45.0.2.EL.test

- Rebuilt with build_taroon for RHEL 3 testing

* Sat Jan 31 2004 Mike A. Harris  4.3.0-45.0.2

- Added XFree86-4.3.0-Xserver-dix-xkb-key-repeating-bug-CVS-backport.patch
 to fix a bug in DIX when xkb is being used that causes keys to repeat
 spuriously on some hardware under certain system loads.  This patch has been
 backported from the 4.3.0-48 developmental head package. (#76959,114635)
- Added XFree86-4.3.0-XRes-IncludeSharedObjectInNormalLib.patch to make
 libXRes get built PIC for bug (#114292)
- Updated XFree86-4.3.0-missing-lib-sharedreqs.patch to remove dependancy on
 libXt caused by improper dependancy listing in SharedXmuuReqs (#113336)

* Thu Jan 29 2004 Mike A. Harris  4.3.0-45.0.1.EL.test

- Build test release for RHEL3 U2 testing

* Wed Jan 28 2004 Mike A. Harris  4.3.0-45.0.1

- Temporary fork of 4.3.0-45 to add some patches for test builds, until post
 4.3.0-45 (4.3.0-46 through 4.3.0-50) local-work-in-progress stuff is in
 clean enough shape for tree inclusion
- Added XFree86-4.3.0-fixes-for-freetype-2.1.7-v2.patch so that XFree86 will
 build properly against freetype 2.1.7 (#114343)

* Sun Nov 30 2003 Mike A. Harris  4.3.0-45

- Implemented new AGP/PCI autodetection in the Radeon driver by examining PCI
 configuration space and walking the PCI extended capabilities list in order
 to determine if the device implements the AGP capability.  This code should
 work on _any_ AGP/PCI hardware generically and should be factored out into
 generic X server code in future XFree86 releases so all drivers can benefit
 from it.  XFree86-4.3.0-radeon-agp-detection-using-capability-list-walk.patch
 should fix all Radeon PCI/AGP autodetection bugs, including (#111191).  Some
 AGP Radeon users may experience a performance boost with this new driver if
 their card was misdetected and treated as PCI before, as pcigart mode works
 on AGP hardware, but is slower than using AGP.
- Fixed build_rawhide to work the same as build_yarrow everywhere since the
 two are functionally identical for the time being.

* Wed Nov 26 2003 Mike A. Harris  4.3.0-44.EL

- Rebuilt 4.3.0-44 as 4.3.0-44.EL for RHEL3 QU1 update

* Wed Nov 26 2003 Mike A. Harris  4.3.0-44

- Added XFree86-4.3.0-libfontenc-IncludeSharedObjectInNormalLib.patch to fix
 KDE build problem on AMD64 which links to the static libfontenc library and
 fails because it wasn't compiled with -fPIC, reported in bug (#111058)
- Enable the open source vmware_drv.o video driver that ships with XFree86 on
 all builds now, to supply this driver as-is to users as a convenience
 although it is still unsupported by Red Hat.  Users encountering video or
 other X related problems with this driver, need to report their problems
 directly to XFree86.org, or to VMware Inc.
- Rebuild in rawhide for FC2 development

* Fri Nov 14 2003 Mike A. Harris  4.3.0-43.1

- Added XFree86-4.3.0-nv-riva-videomem-autodetection-debugging.patch to be
 able to debug Riva TNT memory autodetection problems in the future (#109459)
- Added new build_rawhide flag to wrap experimental changes and test patches
 with for Rawhide builds
- Rename rpm macro from tlssubdir to _tlsdir, and enforce it's usage everywhere
 in the spec file

* Mon Nov 03 2003 Mike A. Harris  4.3.0-2.90.43

- Rebuild 4.3.0-43 for Red Hat Linux 9 erratum with build_shrike set

* Mon Nov 03 2003 Mike A. Harris  4.3.0-43

- Updated to XFree86-4.3.0-xf-4_3-branch-2003-11-03.patch to pick up latest
 fixes in the XFree86 4.3.x stable branch including:
 - Fix for crash on ia64 because of wrong setjmp buffer alignment (John Dennis)
 - Close freetype fontfile filehandle in mkfontscale, this prevents problems
   from limitation of simultaniously open files
 - Fixed erronous freeing of DisplayModeRec in xf86DeleteMode() when
   deleting the modePool in xf86PruneDriverModes() the 'prev' member has
   a different meaning for modePool modes than for ScrnInfoPtr->modes modes
   where it creates a doubly linked list
 - Fix some i830+ VT switch/exit crashes
 - Fix DRM_CAS on ia64 as used by the DRI (Bugzilla #778, John Dennis).
- Removed XFree86-4.3.0-Xlib-XIM-bugfix-from-XFree86-bugzilla.patch,
 XFree86-4.3.0-ia64-setjmp-alignment.patch
- Updated XFree86-4.3.0-ia64-drm-locking.patch as part of it is in the stable
 branch patch now.
- Updated some spec file comments, and other mostly cosmetic changes.
- Fixed some mistakes in spec file changelog dates.

* Wed Oct 29 2003 Mike A. Harris  4.3.0-42.2

- Enable new Radeon support patches for shrike builds also to support newer
 Radeon hardware, so future erratum picks up these enhancements.
- Backport XFree86-4.3.0-RandR-refresh-rate-rounding-error-fix-from-CVSHEAD.patch
 from CVS HEAD in order to fix bug (#108008)
- Added XFree86-4.3.0-vidmode-SEGV-fix-from-CVS-HEAD.patch, backported from
 CVS HEAD to fix a SEGV in the vidmode extension (#101276)
- Renamed build_cambridge target to build_yarrow to indicate the change from
 project name to final product name.
- Added XFree86-4.3.0-rendition-complete-driver-backport-CVS20031031.patch which
 is a backport of the rendition driver from CVS head, including a couple bug
 fixes and the rest of changes are cosmetic.  (#108693)
- Disabled XFree86-4.3.0-rendition-disable-cause-of-SEGV.patch which should now
 be obsolete from above rendition driver backport.

* Fri Oct 24 2003 Mike A. Harris  4.3.0-42

- This release is the long awaited answer to the meaning of life, the universe
 and everything.
- Added XFree86-4.3.0-redhat-exec-shield-GNU-stack.patch to make the complete
 XFree86 build including Mesa et al. exec-shield friendly (arjanv, mharris)
- Updated to new XFree86-4.3.0-Mesa-SSE-fixes-from-MesaCVS-v2.patch which
 should fix compatibility problems between DRI and 2.6.x kernels which were
 caused by the previous version of this patch.  Linus reported the fix for
 this with details of the problem, and explanation of the solution, which I
 extracted out of CVS (#107932,106566,107829)

---------------------------------------------------------------------