diff -u xorg-server-1.7.6/debian/changelog xorg-server-1.7.6/debian/changelog
--- xorg-server-1.7.6/debian/changelog
+++ xorg-server-1.7.6/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.7.6-2ubuntu8~bug587710) lucid; urgency=low
+
+  * Add 101-fix-dixFreePrivates-doublefree.patch: Fixes a crash during
+    server regeneration due to private keys spuriously being reassigned
+    in a different order. (LP: #587710)
+
+ -- Robert Hooker <sarvatt@ubuntu.com>  Mon, 31 May 2010 14:34:17 -0400
+
 xorg-server (2:1.7.6-2ubuntu7) lucid; urgency=low
 
   * Drop 117_fix_crash_with_createglyphset.patch
diff -u xorg-server-1.7.6/debian/patches/series xorg-server-1.7.6/debian/patches/series
--- xorg-server-1.7.6/debian/patches/series
+++ xorg-server-1.7.6/debian/patches/series
@@ -15,6 +15,7 @@
 14-tone-down-nidr-errors.diff
 15-keep-udev-x11-driver.diff
 100_rethrow_signals.patch
+101-fix-dixFreePrivates-doublefree.patch
 #104_nvidia_autodetect.patch
 #105_fglrx_autodetect.patch
 106_nouveau_autodetect.patch
only in patch2:
unchanged:
--- xorg-server-1.7.6.orig/debian/patches/101-fix-dixFreePrivates-doublefree.patch
+++ xorg-server-1.7.6/debian/patches/101-fix-dixFreePrivates-doublefree.patch
@@ -0,0 +1,30 @@
+From 4151a13c80f3afa43f88afcf19a7aeb16dace93a Mon Sep 17 00:00:00 2001
+From: Francisco Jerez <currojerez@riseup.net>
+Date: Mon, 05 Oct 2009 00:39:03 +0000
+Subject: dix: Fix a double free in dixFreePrivates.
+
+It can be reproduced when the server is regenerated and for some
+reason the private keys are reassigned in a different order: a
+manually allocated private may get an index formerly used by a
+preallocated private. In that case it will first be manually freed and
+then again by dixFreePrivates, as items[i].size was never zeroed
+out. Do it in dixResetPrivates.
+
+Signed-off-by: Francisco Jerez <currojerez@riseup.net>
+Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+---
+diff --git a/dix/privates.c b/dix/privates.c
+index 3a2deb8..e3e7274 100644
+--- a/dix/privates.c
++++ b/dix/privates.c
+@@ -303,6 +303,7 @@ dixResetPrivates(void)
+     /* reset private descriptors */
+     for (i = 1; i < nextPriv; i++) {
+ 	*items[i].key = 0;
++	items[i].size = 0;
+ 	DeleteCallbackList(&items[i].initfuncs);
+ 	DeleteCallbackList(&items[i].deletefuncs);
+     }
+--
+cgit v0.8.3-6-g21f6