News, tips, partners, and perspectives for the Oracle Solaris operating system

X Changes in Nevada Build 36

Alan Coopersmith
Senior Principal Software Engineer

Another two weeks, another list of fixes checked in. The one with the biggest share of attention is also the one with the smallest code change - two missing pairs of parentheses - four simple characters that closed one big security hole.

6387822 Wrong library path in xft.pc file
Simple fix to the pkg-config data file we ship for libXft2 so it produces the right library path flags for linking so that GNOME 2.14 builds correctly.
6383556 Problem in allocating pixmap
The last security fix in X servers added checks to both Xsun & Xorg to prevent pixmap allocations from overflowing. Unfortunately one of the checks in Xsun clamped down too far - preventing pixmaps with dimensions larger than 8192 instead of the intended 32k limit.
6390864 nevada removal of ddxSUNWdials
We bow our heads for SunButtons and SunDials - faithful servants of almost two decades, now sent to permanent retirement. The hardware for these hasn't been sold for several years now and the kernel driver for them was removed, so we had to remove the Xsun support as well. (The official end of support notice should appear in the Solaris 10 Update 2 release notes, warning of removal in the a future release - but we normally don't remove support in update releases, so users still attached to theirs can stay on Solaris 10 without fear.)

If you've never seen these they were additional input devices - SunButtons offered a big pad of extra buttons, like a jumbo set of keyboard function keys, and SunDials offered a bunch of knobs you could twist. These were accessed via the X Input Extension by software such as CAD programs for more efficient interaction with their features.

6368334 common postscript-derived font names are no longer recognized
An updated set of font aliases to fix some problems reported with the ones added in build 34.
6390453 SUNWxorg-mesa has broken links in snv nightly build for 2/24/2006
The script integrated into build 34 to make symlinks to either the nVidia or Mesa OpenGL libraries was failing to create the right links to the Mesa libraries in certain cases.
6395871 integrate Solaris Trusted Extensions to X Windows (Xsun)
6395892 integrate Solaris Trusted Extensions to X Windows (X.org)
Sun's previous Trusted Solaris product is being replaced for Solaris 10 with the Trusted Extensions to Solaris. Instead of a separate fork of the OS, it will instead run standard Solaris 10, but with additional modules loaded to provide the multi-level security features. For X, this means shipping a new library (libXtsol) and putting hooks into the X server that the XTSOL extension loadable modules delivered in the Trusted Extensions for Xsun & Xorg can use to implement their own security checks as needed. We'll be offering this back to the open source X.Org community in the near future under the standard MIT/X11 license.
6396593 [Xorg Bug 6213] local user DoS and arbitrary code execution as root [CVE-2006-0745]
See previous blog post.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.