- U_xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch
  * So when we VT switch back and attempt to flush the input
    devices, we don't succeed because evdev won't return part
    of an event, since we were only asking for 4 bytes, we'd
    only get -EINVAL back. This could later cause events to be
    flushed that we shouldn't have gotten.
    This is a fix for CVE-2013-1940. (bnc#814653)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

removed _link

• Files Changed
• Browse Source

Fixes for two vulnerabilities in X server announced in

  http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html

  CVE-2011-4028: File disclosure vulnerability:
  It is possible to deduce if a file exists or not by exploiting the
  way that Xorg creates its lock files.
  This is caused by the fact that the X server is behaving differently
  if the lock file already exists as a symbolic link pointing to an
  existing or non-existing file.

  CVE-2011-4029: File permission change vulnerability:
  It is possible for a non-root user to set the permissions for
  all users on any file or directory to 444, giving unwanted read
  access or causing denies of service (by removing execute permission).
  This is caused by a race between creating the lock file and setting
  its access modes.

Removed unused patches 165-167 to make "osc commit" stop complaining.

• Files Changed
• Browse Source

• Browse Source