Update to 1.17.1-6

author: kyak 2015-06-09 17:11:05 +0300
committer: kyak 2015-06-09 17:11:05 +0300
commit: 27fb682a479dcde53c58c62ea57928dac8ef289f (patch)
tree: e93b4aed04ed28c34ecb5fa108839e02c663542f
parent: 657536ee5689f8dfe4738d0b34f9e9b9ab938cdd (diff)
download: aur-27fb682a479dcde53c58c62ea57928dac8ef289f.tar.gz
6 files changed, 735 insertions, 8 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 54d9fa5ec9ae..41dba4351f67 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,6 @@
-# Generated by makepkg 4.2.1
-# Tue Apr 14 17:00:41 UTC 2015
 pkgbase = xorg-server-bug865
 	pkgver = 1.17.1
-	pkgrel = 5
+	pkgrel = 6
 	url = http://xorg.freedesktop.org
 	arch = i686
 	arch = x86_64
@@ -63,6 +61,10 @@ pkgbase = xorg-server-bug865
 	source = v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch
 	source = 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch
 	source = 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch
+	source = 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
+	source = 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
+	source = 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
+	source = fix-CVE-2015-3164.patch
 	source = freedesktop-bug-865.patch
 	sha256sums = 2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab
 	sha256sums = SKIP
@@ -73,6 +75,10 @@ pkgbase = xorg-server-bug865
 	sha256sums = a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9
 	sha256sums = 2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071
 	sha256sums = ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90
+	sha256sums = b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa
+	sha256sums = 3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7
+	sha256sums = 416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96
+	sha256sums = bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28
 	sha256sums = ad64fd593cd4cdfdd830c4295ebe1acd4259e45cfc12a258a162ecdbb11fd7ca
 
 pkgname = xorg-server-bug865
@@ -92,7 +98,7 @@ pkgname = xorg-server-bug865
 	depends = libxshmfence
 	depends = libgl
 	provides = X-ABI-VIDEODRV_VERSION=19
-	provides = X-ABI-XINPUT_VERSION=21
+	provides = X-ABI-XINPUT_VERSION=21.1
 	provides = X-ABI-EXTENSION_VERSION=9.0
 	provides = x-server
 	provides = xorg-server=1.17.1
diff --git a/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
new file mode 100644
index 000000000000..86744f1402ea
--- /dev/null
+++ b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
@@ -0,0 +1,210 @@
+From e1a7f4bb5333b0271d29f785eb55f1c3273e626a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 5 May 2015 14:18:54 +1000
+Subject: [PATCH] dix: Add unaccelerated valuators to the ValuatorMask
+
+Allows a mask to carry both accelerated and unaccelerated motion at the same
+time.
+
+This is required for xf86-input-libinput where the pointer acceleration
+happens in libinput already, but parts of the server, specifically raw events
+and DGA rely on device-specific unaccelerated data.
+
+To ease integration add this as a second set to the ValuatorMask rather than
+extending all APIs to carry a second, possibly NULL set of valuators.
+
+Note that a valuator mask should only be used in either accel/unaccel or
+standard mode at any time. Switching requires either a valuator_mask_zero()
+call or unsetting all valuators one-by-one. Trying to mix the two will produce
+a warning.
+
+The server has a shortcut for changing a mask with the
+valuator_mask_drop_unaccelerated() call. This saves us from having to loop
+through all valuators on every event, we can just drop the bits we know we
+don't want.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+---
+ dix/inpututils.c               | 82 +++++++++++++++++++++++++++++++++++++++---
+ hw/xfree86/common/xf86Module.h |  2 +-
+ include/input.h                | 15 ++++++++
+ include/inpututils.h           |  2 ++
+ 4 files changed, 95 insertions(+), 6 deletions(-)
+
+diff --git a/dix/inpututils.c b/dix/inpututils.c
+index 5c2a32d..1363988 100644
+--- a/dix/inpututils.c
++++ b/dix/inpututils.c
+@@ -505,11 +505,8 @@ valuator_mask_isset(const ValuatorMask *mask, int valuator)
+     return mask->last_bit >= valuator && BitIsOn(mask->mask, valuator);
+ }
+ 
+-/**
+- * Set the valuator to the given floating-point data.
+- */
+-void
+-valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
++static inline void
++_valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
+ {
+     mask->last_bit = max(valuator, mask->last_bit);
+     SetBit(mask->mask, valuator);
+@@ -517,6 +514,17 @@ valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
+ }
+ 
+ /**
++ * Set the valuator to the given floating-point data.
++ */
++void
++valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
++{
++    BUG_WARN_MSG(mask->has_unaccelerated,
++                 "Do not mix valuator types, zero mask first\n");
++    _valuator_mask_set_double(mask, valuator, data);
++}
++
++/**
+  * Set the valuator to the given integer data.
+  */
+ void
+@@ -594,11 +602,15 @@ valuator_mask_unset(ValuatorMask *mask, int valuator)
+ 
+         ClearBit(mask->mask, valuator);
+         mask->valuators[valuator] = 0.0;
++        mask->unaccelerated[valuator] = 0.0;
+ 
+         for (i = 0; i <= mask->last_bit; i++)
+             if (valuator_mask_isset(mask, i))
+                 lastbit = max(lastbit, i);
+         mask->last_bit = lastbit;
++
++        if (mask->last_bit == -1)
++            mask->has_unaccelerated = FALSE;
+     }
+ }
+ 
+@@ -611,6 +623,66 @@ valuator_mask_copy(ValuatorMask *dest, const ValuatorMask *src)
+         valuator_mask_zero(dest);
+ }
+ 
++Bool
++valuator_mask_has_unaccelerated(const ValuatorMask *mask)
++{
++    return mask->has_unaccelerated;
++}
++
++void
++valuator_mask_drop_unaccelerated(ValuatorMask *mask)
++{
++    memset(mask->unaccelerated, 0, sizeof(mask->unaccelerated));
++    mask->has_unaccelerated = FALSE;
++}
++
++/**
++ * Set both accelerated and unaccelerated value for this mask.
++ */
++void
++valuator_mask_set_unaccelerated(ValuatorMask *mask,
++                                int valuator,
++                                double accel,
++                                double unaccel)
++{
++    BUG_WARN_MSG(mask->last_bit != -1 && !mask->has_unaccelerated,
++                 "Do not mix valuator types, zero mask first\n");
++    _valuator_mask_set_double(mask, valuator, accel);
++    mask->has_unaccelerated = TRUE;
++    mask->unaccelerated[valuator] = unaccel;
++}
++
++double
++valuator_mask_get_accelerated(const ValuatorMask *mask,
++                              int valuator)
++{
++    return valuator_mask_get_double(mask, valuator);
++}
++
++double
++valuator_mask_get_unaccelerated(const ValuatorMask *mask,
++                                int valuator)
++{
++    return mask->unaccelerated[valuator];
++}
++
++Bool
++valuator_mask_fetch_unaccelerated(const ValuatorMask *mask,
++                                  int valuator,
++                                  double *accel,
++                                  double *unaccel)
++{
++    if (valuator_mask_isset(mask, valuator)) {
++        if (accel)
++            *accel = valuator_mask_get_accelerated(mask, valuator);
++        if (unaccel)
++            *unaccel = valuator_mask_get_unaccelerated(mask, valuator);
++        return TRUE;
++    }
++    else
++        return FALSE;
++}
++
+ int
+ CountBits(const uint8_t * mask, int len)
+ {
+diff --git a/hw/xfree86/common/xf86Module.h b/hw/xfree86/common/xf86Module.h
+index e68fe9c..6133641 100644
+--- a/hw/xfree86/common/xf86Module.h
++++ b/hw/xfree86/common/xf86Module.h
+@@ -81,7 +81,7 @@ typedef enum {
+  */
+ #define ABI_ANSIC_VERSION	SET_ABI_VERSION(0, 4)
+ #define ABI_VIDEODRV_VERSION	SET_ABI_VERSION(19, 0)
+-#define ABI_XINPUT_VERSION	SET_ABI_VERSION(21, 0)
++#define ABI_XINPUT_VERSION	SET_ABI_VERSION(21, 1)
+ #define ABI_EXTENSION_VERSION	SET_ABI_VERSION(9, 0)
+ #define ABI_FONT_VERSION	SET_ABI_VERSION(0, 6)
+ 
+diff --git a/include/input.h b/include/input.h
+index bf22dc7..0a4c4f7 100644
+--- a/include/input.h
++++ b/include/input.h
+@@ -674,6 +674,21 @@ extern _X_EXPORT Bool valuator_mask_fetch(const ValuatorMask *mask,
+ extern _X_EXPORT Bool valuator_mask_fetch_double(const ValuatorMask *mask,
+                                                  int valnum, double *val);
+ 
++extern _X_EXPORT Bool valuator_mask_has_unaccelerated(const ValuatorMask *mask);
++extern _X_EXPORT void valuator_mask_set_unaccelerated(ValuatorMask *mask,
++                                                      int valuator,
++                                                      double accel,
++                                                      double unaccel);
++extern _X_EXPORT double valuator_mask_get_accelerated(const ValuatorMask *mask,
++                                                      int valuator);
++extern _X_EXPORT double valuator_mask_get_unaccelerated(const ValuatorMask *mask,
++                                                        int valuator);
++extern _X_EXPORT Bool valuator_mask_fetch_unaccelerated(const ValuatorMask *mask,
++                                                        int valuator,
++                                                        double *accel,
++                                                        double *unaccel);
++extern _X_HIDDEN void valuator_mask_drop_unaccelerated(ValuatorMask *mask);
++
+ /* InputOption handling interface */
+ extern _X_EXPORT InputOption *input_option_new(InputOption *list,
+                                                const char *key,
+diff --git a/include/inpututils.h b/include/inpututils.h
+index 53c96ba..4e90815 100644
+--- a/include/inpututils.h
++++ b/include/inpututils.h
+@@ -36,8 +36,10 @@ extern Mask event_filters[MAXDEVICES][MAXEVENTS];
+ 
+ struct _ValuatorMask {
+     int8_t last_bit;            /* highest bit set in mask */
++    int8_t has_unaccelerated;
+     uint8_t mask[(MAX_VALUATORS + 7) / 8];
+     double valuators[MAX_VALUATORS];    /* valuator data */
++    double unaccelerated[MAX_VALUATORS];    /* valuator data */
+ };
+ 
+ extern void verify_internal_event(const InternalEvent *ev);
+-- 
+2.4.1
+
diff --git a/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
new file mode 100644
index 000000000000..0e0b20df6fc9
--- /dev/null
+++ b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
@@ -0,0 +1,51 @@
+From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 11 Feb 2015 16:26:40 +0100
+Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5.
+
+gcc5's cpp inserts patterns like this:
+
+extern
+      __attribute__((visibility("default")))
+                int WaitForSomething(int *
+    );
+
+This patch make sdksyms.sh work with this. Note my awk skills are weak, so
+there likely is a better way to deal with this.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ hw/xfree86/sdksyms.sh | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh
+index 2305073..99b0cae 100755
+--- a/hw/xfree86/sdksyms.sh
++++ b/hw/xfree86/sdksyms.sh
+@@ -350,6 +350,23 @@ BEGIN {
+     if (sdk) {
+ 	n = 3;
+ 
++	# detect the following gcc5 cpp pattern and skip it:
++	# extern
++	# # 320 "../../include/os.h" 3 4
++	#     __attribute__((visibility("default")))
++	# # 320 "../../include/os.h"
++	# Note in this case the "extern " or "extern void " always has
++	# a trailing space
++	if ($0 ~ "^extern.* $") {
++	    getline;
++	    getline;
++	    getline;
++	    getline;
++	    n = 1;
++	    while ($n == " ")
++		n++;
++	}
++
+ 	# skip attribute, if any
+ 	while ($n ~ /^(__attribute__|__global)/ ||
+ 	    # skip modifiers, if any
+-- 
+2.1.0
+
diff --git a/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
new file mode 100644
index 000000000000..6b8b1e5b5d73
--- /dev/null
+++ b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
@@ -0,0 +1,134 @@
+From 7504fbd2239257f1a00a1a15d02862eea81f167c Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 5 May 2015 14:48:41 +1000
+Subject: [PATCH] dix: hook up the unaccelerated valuator masks
+
+If present, access the unaccelerated valuator mask values for DGA and XI2 raw
+events.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+---
+ dix/getevents.c                | 31 ++++++++++++++++++++++---------
+ hw/xfree86/common/xf86Xinput.c |  4 ++++
+ 2 files changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index 6fb12c5..64bf76e 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -213,14 +213,25 @@ init_raw(DeviceIntPtr dev, RawDeviceEvent *event, Time ms, int type, int detail)
+ }
+ 
+ static void
+-set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, double *data)
++set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask,
++                  BOOL use_unaccel, double *data)
+ {
+     int i;
+ 
++    use_unaccel = use_unaccel && valuator_mask_has_unaccelerated(mask);
++
+     for (i = 0; i < valuator_mask_size(mask); i++) {
+         if (valuator_mask_isset(mask, i)) {
++            double v;
++
+             SetBit(event->valuators.mask, i);
+-            data[i] = valuator_mask_get_double(mask, i);
++
++            if (use_unaccel)
++                v = valuator_mask_get_unaccelerated(mask, i);
++            else
++                v = valuator_mask_get_double(mask, i);
++
++            data[i] = v;
+         }
+     }
+ }
+@@ -1138,11 +1149,11 @@ GetKeyboardEvents(InternalEvent *events, DeviceIntPtr pDev, int type,
+     valuator_mask_copy(&mask, mask_in);
+ 
+     init_raw(pDev, raw, ms, type, key_code);
+-    set_raw_valuators(raw, &mask, raw->valuators.data_raw);
++    set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw);
+ 
+     clipValuators(pDev, &mask);
+ 
+-    set_raw_valuators(raw, &mask, raw->valuators.data);
++    set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+ 
+     event = &events->device_event;
+     init_device_event(event, pDev, ms);
+@@ -1423,9 +1434,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type,
+         num_events++;
+ 
+         init_raw(pDev, raw, ms, type, buttons);
+-        set_raw_valuators(raw, &mask, raw->valuators.data_raw);
++        set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw);
+     }
+ 
++    valuator_mask_drop_unaccelerated(&mask);
++
+     /* valuators are in driver-native format (rel or abs) */
+ 
+     if (flags & POINTER_ABSOLUTE) {
+@@ -1438,7 +1451,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type,
+         transformAbsolute(pDev, &mask);
+         clipAbsolute(pDev, &mask);
+         if ((flags & POINTER_NORAW) == 0 && raw)
+-            set_raw_valuators(raw, &mask, raw->valuators.data);
++            set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+     }
+     else {
+         transformRelative(pDev, &mask);
+@@ -1446,7 +1459,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type,
+         if (flags & POINTER_ACCELERATE)
+             accelPointer(pDev, &mask, ms);
+         if ((flags & POINTER_NORAW) == 0 && raw)
+-            set_raw_valuators(raw, &mask, raw->valuators.data);
++            set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+ 
+         moveRelative(pDev, flags, &mask);
+     }
+@@ -1951,7 +1964,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid,
+         events++;
+         num_events++;
+         init_raw(dev, raw, ms, type, client_id);
+-        set_raw_valuators(raw, &mask, raw->valuators.data_raw);
++        set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw);
+     }
+ 
+     event = &events->device_event;
+@@ -2013,7 +2026,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid,
+         screeny = dev->spriteInfo->sprite->hotPhys.y;
+     }
+     if (need_rawevent)
+-        set_raw_valuators(raw, &mask, raw->valuators.data);
++        set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+ 
+     /* Indirect device touch coordinates are not used for cursor positioning.
+      * They are merely informational, and are provided in device coordinates.
+diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
+index 1fb5b16..5ce4c71 100644
+--- a/hw/xfree86/common/xf86Xinput.c
++++ b/hw/xfree86/common/xf86Xinput.c
+@@ -1137,12 +1137,16 @@ xf86CheckMotionEvent4DGA(DeviceIntPtr device, int is_absolute,
+                 dx = valuator_mask_get(mask, 0);
+                 if (is_absolute)
+                     dx -= device->last.valuators[0];
++                else if (valuator_mask_has_unaccelerated(mask))
++                    dx = valuator_mask_get_unaccelerated(mask, 0);
+             }
+ 
+             if (valuator_mask_isset(mask, 1)) {
+                 dy = valuator_mask_get(mask, 1);
+                 if (is_absolute)
+                     dy -= device->last.valuators[1];
++                else if (valuator_mask_has_unaccelerated(mask))
++                    dy = valuator_mask_get_unaccelerated(mask, 1);
+             }
+ 
+             if (DGAStealMotionEvent(device, idx, dx, dy))
+-- 
+2.4.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 7317024a6364..c0de7f913aa4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,7 +5,7 @@
 pkgbase=xorg-server-bug865
 pkgname=xorg-server-bug865
 pkgver=1.17.1
-pkgrel=5 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild
+pkgrel=6 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild
 arch=('i686' 'x86_64')
 license=('custom')
 url="http://xorg.freedesktop.org"
@@ -24,6 +24,10 @@ source=(${url}/releases/individual/xserver/xorg-server-${pkgver}.tar.bz2{,.sig}
         v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch
         0001-int10-Fix-error-check-for-pci_device_map_legacy.patch
         0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch
+        0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
+        0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
+        0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
+        fix-CVE-2015-3164.patch
         freedesktop-bug-865.patch)
 validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C'
               'C383B778255613DFDB409D91DB221A6900000011')
@@ -36,18 +40,29 @@ sha256sums=('2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab'
             'a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9'
             '2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071'
             'ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90'
+            'b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa'
+            '3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7'
+            '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96'
+            'bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28'
             'ad64fd593cd4cdfdd830c4295ebe1acd4259e45cfc12a258a162ecdbb11fd7ca')
 
 prepare() {
   cd "xorg-server-${pkgver}"
-  # fix FS#43884, not yet upstream
+  # fix FS#43884, merged upstream
   patch -Np1 -i ../os-access-fix-regression-in-server-interpreted-auth.patch
-  # partially fix FS#43867, not yet upstream
+  # partially fix FS#43867, merged upstream
   patch -Np1 -i ../v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch
   # fix FS#43924, merged upstream
   patch -Np1 -i ../0001-int10-Fix-error-check-for-pci_device_map_legacy.patch
   # fix FS#43937, merged upstream
   patch -Np1 -i ../0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch
+  # fix FS#45245, merged upstream
+  patch -Np1 -i ../0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
+  # fix FS#45229, merged upstream
+  patch -Np1 -i ../0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
+  patch -Np1 -i ../0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
+  # fix CVE-2015-3164, merged upstream
+  patch -Np1 -i ../fix-CVE-2015-3164.patch
   # The patch for freedesktop bug 865
   patch -Np1 -i "${srcdir}/freedesktop-bug-865.patch"
 }
@@ -108,7 +123,7 @@ package_xorg-server-bug865() {
   depends=(libepoxy libxdmcp libxfont libpciaccess libdrm pixman libgcrypt libxau xorg-server-common xf86-input-evdev libxshmfence libgl)
   # see xorg-server-*/hw/xfree86/common/xf86Module.h for ABI versions - we provide major numbers that drivers can depend on
   # and /usr/lib/pkgconfig/xorg-server.pc in xorg-server-devel pkg
-  provides=('X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21' 'X-ABI-EXTENSION_VERSION=9.0' 'x-server' 'xorg-server=1.17.1')
+  provides=('X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21.1' 'X-ABI-EXTENSION_VERSION=9.0' 'x-server' 'xorg-server=1.17.1')
   groups=('xorg')
   conflicts=('nvidia-utils<=331.20' 'glamor-egl' 'xf86-video-modesetting' 'xorg-server')
   replaces=('glamor-egl' 'xf86-video-modesetting')
diff --git a/fix-CVE-2015-3164.patch b/fix-CVE-2015-3164.patch
new file mode 100644
index 000000000000..e2ee1297323d
--- /dev/null
+++ b/fix-CVE-2015-3164.patch
@@ -0,0 +1,311 @@
+From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Tue, 5 May 2015 16:43:42 -0400
+Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3]
+
+Xwayland currently allows wide-open access to the X sockets
+it listens on, ignoring Xauth access control.
+
+This commit makes sure to enable access control on the sockets,
+so one user can't snoop on another user's X-over-wayland
+applications.
+
+Signed-off-by: Ray Strode <rstrode@redhat.com>
+Reviewed-by: Daniel Stone <daniels@collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+
+diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
+index 7e8d667..c5bee77 100644
+--- a/hw/xwayland/xwayland.c
++++ b/hw/xwayland/xwayland.c
+@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen)
+     int i;
+ 
+     for (i = 0; i < xwl_screen->listen_fd_count; i++)
+-        ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
++        ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
+ }
+ 
+ static void
+-- 
+cgit v0.10.2
+From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Tue, 5 May 2015 16:43:43 -0400
+Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3]
+
+If the X server is started without a '-auth' argument, then
+it gets started wide open to all local users on the system.
+
+This isn't a great default access model, but changing it in
+Xorg at this point would break backward compatibility.
+
+Xwayland, on the other hand is new, and much more targeted
+in scope.  It could, in theory, be changed to allow the much
+more secure default of a "user who started X server can connect
+clients to that server."
+
+This commit paves the way for that change, by adding a mechanism
+for DDXs to opt-in to that behavior.  They merely need to call
+
+LocalAccessScopeUser()
+
+in their init functions.
+
+A subsequent commit will add that call for Xwayland.
+
+Signed-off-by: Ray Strode <rstrode@redhat.com>
+Reviewed-by: Daniel Stone <daniels@collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+
+diff --git a/include/os.h b/include/os.h
+index 6638c84..b2b96c8 100644
+--- a/include/os.h
++++ b/include/os.h
+@@ -431,11 +431,28 @@ extern _X_EXPORT void
+ ResetHosts(const char *display);
+ 
+ extern _X_EXPORT void
++EnableLocalAccess(void);
++
++extern _X_EXPORT void
++DisableLocalAccess(void);
++
++extern _X_EXPORT void
+ EnableLocalHost(void);
+ 
+ extern _X_EXPORT void
+ DisableLocalHost(void);
+ 
++#ifndef NO_LOCAL_CLIENT_CRED
++extern _X_EXPORT void
++EnableLocalUser(void);
++
++extern _X_EXPORT void
++DisableLocalUser(void);
++
++extern _X_EXPORT void
++LocalAccessScopeUser(void);
++#endif
++
+ extern _X_EXPORT void
+ AccessUsingXdmcp(void);
+ 
+diff --git a/os/access.c b/os/access.c
+index 8fa028e..75e7a69 100644
+--- a/os/access.c
++++ b/os/access.c
+@@ -102,6 +102,10 @@ SOFTWARE.
+ #include <sys/ioctl.h>
+ #include <ctype.h>
+ 
++#ifndef NO_LOCAL_CLIENT_CRED
++#include <pwd.h>
++#endif
++
+ #if defined(TCPCONN) || defined(STREAMSCONN)
+ #include <netinet/in.h>
+ #endif                          /* TCPCONN || STREAMSCONN */
+@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE;
+ static int LocalHostRequested = FALSE;
+ static int UsingXdmcp = FALSE;
+ 
++static enum {
++    LOCAL_ACCESS_SCOPE_HOST = 0,
++#ifndef NO_LOCAL_CLIENT_CRED
++    LOCAL_ACCESS_SCOPE_USER,
++#endif
++} LocalAccessScope;
++
+ /* FamilyServerInterpreted implementation */
+ static Bool siAddrMatch(int family, void *addr, int len, HOST * host,
+                         ClientPtr client);
+@@ -237,6 +248,21 @@ static void siTypesInitialize(void);
+  */
+ 
+ void
++EnableLocalAccess(void)
++{
++    switch (LocalAccessScope) {
++        case LOCAL_ACCESS_SCOPE_HOST:
++            EnableLocalHost();
++            break;
++#ifndef NO_LOCAL_CLIENT_CRED
++        case LOCAL_ACCESS_SCOPE_USER:
++            EnableLocalUser();
++            break;
++#endif
++    }
++}
++
++void
+ EnableLocalHost(void)
+ {
+     if (!UsingXdmcp) {
+@@ -249,6 +275,21 @@ EnableLocalHost(void)
+  * called when authorization is enabled to keep us secure
+  */
+ void
++DisableLocalAccess(void)
++{
++    switch (LocalAccessScope) {
++        case LOCAL_ACCESS_SCOPE_HOST:
++            DisableLocalHost();
++            break;
++#ifndef NO_LOCAL_CLIENT_CRED
++        case LOCAL_ACCESS_SCOPE_USER:
++            DisableLocalUser();
++            break;
++#endif
++    }
++}
++
++void
+ DisableLocalHost(void)
+ {
+     HOST *self;
+@@ -262,6 +303,74 @@ DisableLocalHost(void)
+     }
+ }
+ 
++#ifndef NO_LOCAL_CLIENT_CRED
++static int GetLocalUserAddr(char **addr)
++{
++    static const char *type = "localuser";
++    static const char delimiter = '\0';
++    static const char *value;
++    struct passwd *pw;
++    int length = -1;
++
++    pw = getpwuid(getuid());
++
++    if (pw == NULL || pw->pw_name == NULL)
++        goto out;
++
++    value = pw->pw_name;
++
++    length = asprintf(addr, "%s%c%s", type, delimiter, value);
++
++    if (length == -1) {
++        goto out;
++    }
++
++    /* Trailing NUL */
++    length++;
++
++out:
++    return length;
++}
++
++void
++EnableLocalUser(void)
++{
++    char *addr = NULL;
++    int length = -1;
++
++    length = GetLocalUserAddr(&addr);
++
++    if (length == -1)
++        return;
++
++    NewHost(FamilyServerInterpreted, addr, length, TRUE);
++
++    free(addr);
++}
++
++void
++DisableLocalUser(void)
++{
++    char *addr = NULL;
++    int length = -1;
++
++    length = GetLocalUserAddr(&addr);
++
++    if (length == -1)
++        return;
++
++    RemoveHost(NULL, FamilyServerInterpreted, length, addr);
++
++    free(addr);
++}
++
++void
++LocalAccessScopeUser(void)
++{
++    LocalAccessScope = LOCAL_ACCESS_SCOPE_USER;
++}
++#endif
++
+ /*
+  * called at init time when XDMCP will be used; xdmcp always
+  * adds local hosts manually when needed
+diff --git a/os/auth.c b/os/auth.c
+index 5fcb538..7da6fc6 100644
+--- a/os/auth.c
++++ b/os/auth.c
+@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length,
+ 
+         /*
+          * If the authorization file has at least one entry for this server,
+-         * disable local host access. (loadauth > 0)
++         * disable local access. (loadauth > 0)
+          *
+          * If there are zero entries (either initially or when the
+          * authorization file is later reloaded), or if a valid
+-         * authorization file was never loaded, enable local host access.
++         * authorization file was never loaded, enable local access.
+          * (loadauth == 0 || !loaded)
+          *
+          * If the authorization file was loaded initially (with valid
+@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length,
+          */
+ 
+         if (loadauth > 0) {
+-            DisableLocalHost(); /* got at least one */
++            DisableLocalAccess(); /* got at least one */
+             loaded = TRUE;
+         }
+         else if (loadauth == 0 || !loaded)
+-            EnableLocalHost();
++            EnableLocalAccess();
+     }
+     if (name_length) {
+         for (i = 0; i < NUM_AUTHORIZATION; i++) {
+-- 
+cgit v0.10.2
+From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Tue, 5 May 2015 16:43:44 -0400
+Subject: xwayland: default to local user if no xauth file given.
+ [CVE-2015-3164 3/3]
+
+Right now if "-auth" isn't passed on the command line, we let
+any user on the system connect to the Xwayland server.
+
+That's clearly suboptimal, given Xwayland is generally designed
+to be used by one user at a time.
+
+This commit changes the behavior, so only the user who started the
+X server can connect clients to it.
+
+Signed-off-by: Ray Strode <rstrode@redhat.com>
+Reviewed-by: Daniel Stone <daniels@collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+
+diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
+index c5bee77..bc92beb 100644
+--- a/hw/xwayland/xwayland.c
++++ b/hw/xwayland/xwayland.c
+@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
+     if (AddScreen(xwl_screen_init, argc, argv) == -1) {
+         FatalError("Couldn't add screen\n");
+     }
++
++    LocalAccessScopeUser();
+ }
+-- 
+cgit v0.10.2
+
author	kyak	2015-06-09 17:11:05 +0300
committer	kyak	2015-06-09 17:11:05 +0300
commit	27fb682a479dcde53c58c62ea57928dac8ef289f (patch)
tree	e93b4aed04ed28c34ecb5fa108839e02c663542f
parent	657536ee5689f8dfe4738d0b34f9e9b9ab938cdd (diff)
download	aur-27fb682a479dcde53c58c62ea57928dac8ef289f.tar.gz