diff options
| author | Mattias Andrée | 2015-06-11 18:07:46 +0200 |
|---|---|---|
| committer | Mattias Andrée | 2015-06-11 18:07:46 +0200 |
| commit | 04b9ce25138401ff00d21cd9a5615b073f44c142 (patch) | |
| tree | 2965a268f808037f3248e801b98dfd8762bf89f2 | |
| download | aur-04b9ce25138401ff00d21cd9a5615b073f44c142.tar.gz | |
Initial import, version 1.17.1-6
| -rw-r--r-- | .SRCINFO | 111 | ||||
| -rw-r--r-- | 0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch | 55 | ||||
| -rw-r--r-- | 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch | 210 | ||||
| -rw-r--r-- | 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch | 47 | ||||
| -rw-r--r-- | 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch | 42 | ||||
| -rw-r--r-- | 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch | 51 | ||||
| -rw-r--r-- | 0002-Fix-for-full-and-semi-transparency-under-negative-im.patch | 86 | ||||
| -rw-r--r-- | 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch | 134 | ||||
| -rw-r--r-- | 0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch | 54 | ||||
| -rw-r--r-- | PKGBUILD | 154 | ||||
| -rw-r--r-- | fix-CVE-2015-3164.patch | 311 | ||||
| -rw-r--r-- | nvidia-drm-outputclass.conf | 6 | ||||
| -rw-r--r-- | os-access-fix-regression-in-server-interpreted-auth.patch | 30 | ||||
| -rw-r--r-- | v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch | 23 | ||||
| -rw-r--r-- | xvfb-run | 180 | ||||
| -rw-r--r-- | xvfb-run.1 | 282 |
16 files changed, 1776 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..ebe522a4e430 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,111 @@ +pkgbase = xorg-server-hwcursor-gamma + pkgdesc = Xorg X server with patch to apply gamma ramps on hardware cursors + pkgver = 1.17.1 + pkgrel = 6 + url = http://xorg.freedesktop.org + arch = i686 + arch = x86_64 + license = custom + makedepends = pixman + makedepends = libx11 + makedepends = mesa + makedepends = mesa-libgl + makedepends = xf86driproto + makedepends = xcmiscproto + makedepends = xtrans + makedepends = bigreqsproto + makedepends = randrproto + makedepends = inputproto + makedepends = fontsproto + makedepends = videoproto + makedepends = presentproto + makedepends = compositeproto + makedepends = recordproto + makedepends = scrnsaverproto + makedepends = resourceproto + makedepends = xineramaproto + makedepends = libxkbfile + makedepends = libxfont + makedepends = renderproto + makedepends = libpciaccess + makedepends = libxv + makedepends = xf86dgaproto + makedepends = libxmu + makedepends = libxrender + makedepends = libxi + makedepends = dmxproto + makedepends = libxaw + makedepends = libdmx + makedepends = libxtst + makedepends = libxres + makedepends = xorg-xkbcomp + makedepends = xorg-util-macros + makedepends = xorg-font-util + makedepends = glproto + makedepends = dri2proto + makedepends = libgcrypt + makedepends = libepoxy + makedepends = xcb-util + makedepends = xcb-util-image + makedepends = xcb-util-renderutil + makedepends = xcb-util-wm + makedepends = xcb-util-keysyms + makedepends = dri3proto + makedepends = libxshmfence + makedepends = libunwind + depends = libepoxy + depends = libxdmcp + depends = libxfont + depends = libpciaccess + depends = libdrm + depends = pixman + depends = libgcrypt + depends = libxau + depends = xorg-server-common + depends = xf86-input-evdev + depends = libxshmfence + depends = libgl + provides = xorg-server=1.17.1 + provides = X-ABI-VIDEODRV_VERSION=19 + provides = X-ABI-XINPUT_VERSION=21.1 + provides = X-ABI-EXTENSION_VERSION=9.0 + provides = x-server + conflicts = xorg-server + conflicts = nvidia-utils<=331.20 + conflicts = glamor-egl + conflicts = xf86-video-modesetting + replaces = glamor-egl + replaces = xf86-video-modesetting + source = http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.17.1.tar.bz2 + source = nvidia-drm-outputclass.conf + source = xvfb-run + source = xvfb-run.1 + source = os-access-fix-regression-in-server-interpreted-auth.patch + source = v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + source = 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + source = 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + source = 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + source = 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + source = 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + source = fix-CVE-2015-3164.patch + source = 0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch + source = 0002-Fix-for-full-and-semi-transparency-under-negative-im.patch + source = 0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch + sha256sums = 2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab + sha256sums = af1c3d2ea5de7f6a6b5f7c60951a189a4749d1495e5462f3157ae7ac8fe1dc56 + sha256sums = ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9 + sha256sums = 2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776 + sha256sums = 8a9d76eecf8795ca645fb1ce261733965578e953f6606153ce001a0e15d036e8 + sha256sums = a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9 + sha256sums = 2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071 + sha256sums = ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90 + sha256sums = b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa + sha256sums = 3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7 + sha256sums = 416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96 + sha256sums = bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28 + sha256sums = bea348631dedd66475d84ac2cfe0840f22a80a642b4680d73fead4749e47f055 + sha256sums = be9169b937b5d0b44f7f05d7c08aaa5f0c1092e128ce261d9cb350f09dfe1fb0 + sha256sums = 0a643ae83e03faee0f4db669a33c5b3c99edbba5c86cde2c83962ae536d31081 + +pkgname = xorg-server-hwcursor-gamma + diff --git a/0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch b/0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch new file mode 100644 index 000000000000..5eeb826c6568 --- /dev/null +++ b/0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch @@ -0,0 +1,55 @@ +From e63b5656a6509ece2d5ffb1fb962911519163988 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mattias=20Andr=C3=A9e?= <maandree@operamail.com> +Date: Tue, 15 Apr 2014 02:45:25 +0200 +Subject: [PATCH 1/3] When an cursor is set, it is adjusted to use the gamma + ramps of the CRTC:s that it is loaded on. + +This could be improved to be done in +`crtc->funcs->load_cursor_argb` with more +accurate adjustments. But I was not able to +find where `crtc->funcs->load_cursor_argb` +is implement. + +Additionally, `xf86_reload_cursors` should be +called when the gamma settings changes. This +way the cursor's colours are adjusted to use +the gamma settings directly when the gamma +is modified rather than the next time its +image changes. +--- + hw/xfree86/modes/xf86Cursors.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/hw/xfree86/modes/xf86Cursors.c b/hw/xfree86/modes/xf86Cursors.c +index 2b0db34..3cb499f 100644 +--- a/hw/xfree86/modes/xf86Cursors.c ++++ b/hw/xfree86/modes/xf86Cursors.c +@@ -242,6 +242,12 @@ xf86_crtc_convert_cursor_to_argb(xf86CrtcPtr crtc, unsigned char *src) + } + else + bits = 0; ++ if (crtc->gamma_red && crtc->gamma_size == 256) { ++ bits = (bits & 0xFF000000) | ++ ((crtc->gamma_red[(bits >> 16) & 255] >> 8) << 16) | ++ (crtc->gamma_green[(bits >> 8) & 255] & 0xFF00) | ++ (crtc->gamma_blue[bits & 255] >> 8); ++ } + cursor_image[y * cursor_info->MaxWidth + x] = bits; + } + crtc->funcs->load_cursor_argb(crtc, cursor_image); +@@ -541,6 +547,12 @@ xf86_crtc_load_cursor_argb(xf86CrtcPtr crtc, CursorPtr cursor) + bits = cursor_source[yin * source_width + xin]; + else + bits = 0; ++ if (crtc->gamma_red && crtc->gamma_size == 256) { ++ bits = (bits & 0xFF000000) | ++ ((crtc->gamma_red[(bits >> 16) & 255] >> 8) << 16) | ++ (crtc->gamma_green[(bits >> 8) & 255] & 0xFF00) | ++ (crtc->gamma_blue[bits & 255] >> 8); ++ } + cursor_image[y * image_width + x] = bits; + } + +-- +1.9.2 + diff --git a/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch new file mode 100644 index 000000000000..86744f1402ea --- /dev/null +++ b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch @@ -0,0 +1,210 @@ +From e1a7f4bb5333b0271d29f785eb55f1c3273e626a Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 5 May 2015 14:18:54 +1000 +Subject: [PATCH] dix: Add unaccelerated valuators to the ValuatorMask + +Allows a mask to carry both accelerated and unaccelerated motion at the same +time. + +This is required for xf86-input-libinput where the pointer acceleration +happens in libinput already, but parts of the server, specifically raw events +and DGA rely on device-specific unaccelerated data. + +To ease integration add this as a second set to the ValuatorMask rather than +extending all APIs to carry a second, possibly NULL set of valuators. + +Note that a valuator mask should only be used in either accel/unaccel or +standard mode at any time. Switching requires either a valuator_mask_zero() +call or unsetting all valuators one-by-one. Trying to mix the two will produce +a warning. + +The server has a shortcut for changing a mask with the +valuator_mask_drop_unaccelerated() call. This saves us from having to loop +through all valuators on every event, we can just drop the bits we know we +don't want. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +--- + dix/inpututils.c | 82 +++++++++++++++++++++++++++++++++++++++--- + hw/xfree86/common/xf86Module.h | 2 +- + include/input.h | 15 ++++++++ + include/inpututils.h | 2 ++ + 4 files changed, 95 insertions(+), 6 deletions(-) + +diff --git a/dix/inpututils.c b/dix/inpututils.c +index 5c2a32d..1363988 100644 +--- a/dix/inpututils.c ++++ b/dix/inpututils.c +@@ -505,11 +505,8 @@ valuator_mask_isset(const ValuatorMask *mask, int valuator) + return mask->last_bit >= valuator && BitIsOn(mask->mask, valuator); + } + +-/** +- * Set the valuator to the given floating-point data. +- */ +-void +-valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) ++static inline void ++_valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) + { + mask->last_bit = max(valuator, mask->last_bit); + SetBit(mask->mask, valuator); +@@ -517,6 +514,17 @@ valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) + } + + /** ++ * Set the valuator to the given floating-point data. ++ */ ++void ++valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) ++{ ++ BUG_WARN_MSG(mask->has_unaccelerated, ++ "Do not mix valuator types, zero mask first\n"); ++ _valuator_mask_set_double(mask, valuator, data); ++} ++ ++/** + * Set the valuator to the given integer data. + */ + void +@@ -594,11 +602,15 @@ valuator_mask_unset(ValuatorMask *mask, int valuator) + + ClearBit(mask->mask, valuator); + mask->valuators[valuator] = 0.0; ++ mask->unaccelerated[valuator] = 0.0; + + for (i = 0; i <= mask->last_bit; i++) + if (valuator_mask_isset(mask, i)) + lastbit = max(lastbit, i); + mask->last_bit = lastbit; ++ ++ if (mask->last_bit == -1) ++ mask->has_unaccelerated = FALSE; + } + } + +@@ -611,6 +623,66 @@ valuator_mask_copy(ValuatorMask *dest, const ValuatorMask *src) + valuator_mask_zero(dest); + } + ++Bool ++valuator_mask_has_unaccelerated(const ValuatorMask *mask) ++{ ++ return mask->has_unaccelerated; ++} ++ ++void ++valuator_mask_drop_unaccelerated(ValuatorMask *mask) ++{ ++ memset(mask->unaccelerated, 0, sizeof(mask->unaccelerated)); ++ mask->has_unaccelerated = FALSE; ++} ++ ++/** ++ * Set both accelerated and unaccelerated value for this mask. ++ */ ++void ++valuator_mask_set_unaccelerated(ValuatorMask *mask, ++ int valuator, ++ double accel, ++ double unaccel) ++{ ++ BUG_WARN_MSG(mask->last_bit != -1 && !mask->has_unaccelerated, ++ "Do not mix valuator types, zero mask first\n"); ++ _valuator_mask_set_double(mask, valuator, accel); ++ mask->has_unaccelerated = TRUE; ++ mask->unaccelerated[valuator] = unaccel; ++} ++ ++double ++valuator_mask_get_accelerated(const ValuatorMask *mask, ++ int valuator) ++{ ++ return valuator_mask_get_double(mask, valuator); ++} ++ ++double ++valuator_mask_get_unaccelerated(const ValuatorMask *mask, ++ int valuator) ++{ ++ return mask->unaccelerated[valuator]; ++} ++ ++Bool ++valuator_mask_fetch_unaccelerated(const ValuatorMask *mask, ++ int valuator, ++ double *accel, ++ double *unaccel) ++{ ++ if (valuator_mask_isset(mask, valuator)) { ++ if (accel) ++ *accel = valuator_mask_get_accelerated(mask, valuator); ++ if (unaccel) ++ *unaccel = valuator_mask_get_unaccelerated(mask, valuator); ++ return TRUE; ++ } ++ else ++ return FALSE; ++} ++ + int + CountBits(const uint8_t * mask, int len) + { +diff --git a/hw/xfree86/common/xf86Module.h b/hw/xfree86/common/xf86Module.h +index e68fe9c..6133641 100644 +--- a/hw/xfree86/common/xf86Module.h ++++ b/hw/xfree86/common/xf86Module.h +@@ -81,7 +81,7 @@ typedef enum { + */ + #define ABI_ANSIC_VERSION SET_ABI_VERSION(0, 4) + #define ABI_VIDEODRV_VERSION SET_ABI_VERSION(19, 0) +-#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 0) ++#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 1) + #define ABI_EXTENSION_VERSION SET_ABI_VERSION(9, 0) + #define ABI_FONT_VERSION SET_ABI_VERSION(0, 6) + +diff --git a/include/input.h b/include/input.h +index bf22dc7..0a4c4f7 100644 +--- a/include/input.h ++++ b/include/input.h +@@ -674,6 +674,21 @@ extern _X_EXPORT Bool valuator_mask_fetch(const ValuatorMask *mask, + extern _X_EXPORT Bool valuator_mask_fetch_double(const ValuatorMask *mask, + int valnum, double *val); + ++extern _X_EXPORT Bool valuator_mask_has_unaccelerated(const ValuatorMask *mask); ++extern _X_EXPORT void valuator_mask_set_unaccelerated(ValuatorMask *mask, ++ int valuator, ++ double accel, ++ double unaccel); ++extern _X_EXPORT double valuator_mask_get_accelerated(const ValuatorMask *mask, ++ int valuator); ++extern _X_EXPORT double valuator_mask_get_unaccelerated(const ValuatorMask *mask, ++ int valuator); ++extern _X_EXPORT Bool valuator_mask_fetch_unaccelerated(const ValuatorMask *mask, ++ int valuator, ++ double *accel, ++ double *unaccel); ++extern _X_HIDDEN void valuator_mask_drop_unaccelerated(ValuatorMask *mask); ++ + /* InputOption handling interface */ + extern _X_EXPORT InputOption *input_option_new(InputOption *list, + const char *key, +diff --git a/include/inpututils.h b/include/inpututils.h +index 53c96ba..4e90815 100644 +--- a/include/inpututils.h ++++ b/include/inpututils.h +@@ -36,8 +36,10 @@ extern Mask event_filters[MAXDEVICES][MAXEVENTS]; + + struct _ValuatorMask { + int8_t last_bit; /* highest bit set in mask */ ++ int8_t has_unaccelerated; + uint8_t mask[(MAX_VALUATORS + 7) / 8]; + double valuators[MAX_VALUATORS]; /* valuator data */ ++ double unaccelerated[MAX_VALUATORS]; /* valuator data */ + }; + + extern void verify_internal_event(const InternalEvent *ev); +-- +2.4.1 + diff --git a/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch b/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch new file mode 100644 index 000000000000..75e5bb92f8ef --- /dev/null +++ b/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch @@ -0,0 +1,47 @@ +From 0a78b599b34cc8b5fe6fe82f90e90234e8ab7a56 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=BCrg=20Billeter?= <j@bitron.ch> +Date: Sat, 7 Feb 2015 18:13:21 +0100 +Subject: [PATCH] int10: Fix error check for pci_device_map_legacy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pci_device_map_legacy returns 0 on success. + +Signed-off-by: Jürg Billeter <j@bitron.ch> +Reviewed-by: Adam Jackson <ajax@redhat.com> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + hw/xfree86/int10/generic.c | 2 +- + hw/xfree86/os-support/linux/int10/linux.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c +index 012d194..8d5c4da 100644 +--- a/hw/xfree86/int10/generic.c ++++ b/hw/xfree86/int10/generic.c +@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len) + { + void *map; + +- if (!pci_device_map_legacy(dev, 0, len, 0, &map)) ++ if (pci_device_map_legacy(dev, 0, len, 0, &map)) + return FALSE; + + memcpy(buf, map, len); +diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c +index 79b9a88..6ca118f 100644 +--- a/hw/xfree86/os-support/linux/int10/linux.c ++++ b/hw/xfree86/os-support/linux/int10/linux.c +@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int base, int len) + { + void *map; + +- if (!pci_device_map_legacy(dev, base, len, 0, &map)) ++ if (pci_device_map_legacy(dev, base, len, 0, &map)) + return FALSE; + + memcpy(buf, map, len); +-- +2.3.2 + diff --git a/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch b/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch new file mode 100644 index 000000000000..668ae21ba31b --- /dev/null +++ b/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch @@ -0,0 +1,42 @@ +From 41932dfbc841a1adc6512d41085ea3f8ebecb42c Mon Sep 17 00:00:00 2001 +From: Keith Packard <keithp@keithp.com> +Date: Wed, 8 Apr 2015 07:45:28 -0700 +Subject: [PATCH] mi: Partial pie-slice filled arcs may need more space for + spans + +The mi filled arc code estimates that a filled arc will produce no +more spans than the arc is tall. This is true for most arcs except +for pie-slice arcs strictly between 180 and 360 degrees where the missing +portion of the arc faces up or down such that we get two spans on some +scanlines. + +For those, we need to reserve room for another height/2 spans. This +patch just does it for all partial pie-sliced arcs to make the test +easier to understand; it's just over-allocating a bit of memory, so +that's safe. + +Signed-off-by: Keith Packard <keithp@keithp.com> +Reviewed-by: Adam Jackson <ajax@redhat.com> +--- + mi/mifillarc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/mi/mifillarc.c b/mi/mifillarc.c +index 246d70f..888519e 100644 +--- a/mi/mifillarc.c ++++ b/mi/mifillarc.c +@@ -660,6 +660,11 @@ miPolyFillArc(DrawablePtr pDraw, GCPtr pGC, int narcs_all, xArc * parcs) + if (narcs && nspans + arc->height > MAX_SPANS_PER_LOOP) + break; + nspans += arc->height; ++ ++ /* A pie-slice arc may add another pile of spans */ ++ if (pGC->arcMode == ArcPieSlice && ++ (-FULLCIRCLE < arc->angle2 && arc->angle2 < FULLCIRCLE)) ++ nspans += (arc->height + 1) >> 1; + } + + pts = points = malloc (sizeof (DDXPointRec) * nspans + +-- +2.3.5 + diff --git a/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch new file mode 100644 index 000000000000..0e0b20df6fc9 --- /dev/null +++ b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch @@ -0,0 +1,51 @@ +From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001 +From: Hans de Goede <hdegoede@redhat.com> +Date: Wed, 11 Feb 2015 16:26:40 +0100 +Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5. + +gcc5's cpp inserts patterns like this: + +extern + __attribute__((visibility("default"))) + int WaitForSomething(int * + ); + +This patch make sdksyms.sh work with this. Note my awk skills are weak, so +there likely is a better way to deal with this. + +Signed-off-by: Hans de Goede <hdegoede@redhat.com> +--- + hw/xfree86/sdksyms.sh | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh +index 2305073..99b0cae 100755 +--- a/hw/xfree86/sdksyms.sh ++++ b/hw/xfree86/sdksyms.sh +@@ -350,6 +350,23 @@ BEGIN { + if (sdk) { + n = 3; + ++ # detect the following gcc5 cpp pattern and skip it: ++ # extern ++ # # 320 "../../include/os.h" 3 4 ++ # __attribute__((visibility("default"))) ++ # # 320 "../../include/os.h" ++ # Note in this case the "extern " or "extern void " always has ++ # a trailing space ++ if ($0 ~ "^extern.* $") { ++ getline; ++ getline; ++ getline; ++ getline; ++ n = 1; ++ while ($n == " ") ++ n++; ++ } ++ + # skip attribute, if any + while ($n ~ /^(__attribute__|__global)/ || + # skip modifiers, if any +-- +2.1.0 + diff --git a/0002-Fix-for-full-and-semi-transparency-under-negative-im.patch b/0002-Fix-for-full-and-semi-transparency-under-negative-im.patch new file mode 100644 index 000000000000..3a41a81fc374 --- /dev/null +++ b/0002-Fix-for-full-and-semi-transparency-under-negative-im.patch @@ -0,0 +1,86 @@ +From 7b34ab1dbeb4a1e29d7475af65f42e1cb6f60de8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mattias=20Andr=C3=A9e?= <maandree@operamail.com> +Date: Sat, 19 Apr 2014 19:36:05 +0200 +Subject: [PATCH 2/3] Fix for full and semi-transparency under negative image. + +--- + hw/xfree86/modes/xf86Cursors.c | 49 +++++++++++++++++++++++++++++++----------- + 1 file changed, 37 insertions(+), 12 deletions(-) + +diff --git a/hw/xfree86/modes/xf86Cursors.c b/hw/xfree86/modes/xf86Cursors.c +index 3cb499f..5afd740 100644 +--- a/hw/xfree86/modes/xf86Cursors.c ++++ b/hw/xfree86/modes/xf86Cursors.c +@@ -209,6 +209,41 @@ set_bit(CARD8 *image, xf86CursorInfoPtr cursor_info, int x, int y, Bool mask) + } + + /* ++ * Remap a cursor pixel according to the gamma ramps ++ */ ++static CARD32 ++cursor_gamma_correct(xf86CrtcPtr crtc, CARD32 bits) ++{ ++ float alpha; ++ CARD32 old_red, new_red; ++ CARD32 old_green, new_green; ++ CARD32 old_blue, new_blue; ++ ++ if (!(crtc->gamma_red && crtc->gamma_size == 256)) ++ return bits; ++ ++ alpha = (float)((bits >> 24) & 255) / 255.f; ++ ++ old_red = (bits >> 16) & 255; ++ old_green = (bits >> 8) & 255; ++ old_blue = (bits >> 0) & 255; ++ ++ new_red = (crtc->gamma_red [old_red ]) >> 8; ++ new_green = (crtc->gamma_green[old_green]) >> 8; ++ new_blue = (crtc->gamma_blue [old_blue ]) >> 8; ++ ++ new_red = new_red * alpha + old_red * (1 - alpha); ++ new_green = new_green * alpha + old_green * (1 - alpha); ++ new_blue = new_blue * alpha + old_blue * (1 - alpha); ++ ++ new_red = new_red < 0 ? 0 : new_red > 255 ? 255 : new_red; ++ new_green = new_green < 0 ? 0 : new_green > 255 ? 255 : new_green; ++ new_blue = new_blue < 0 ? 0 : new_blue > 255 ? 255 : new_blue; ++ ++ return (bits & 0xFF000000) | (new_red << 16) | (new_green << 8) | (new_blue << 0); ++} ++ ++/* + * Load a two color cursor into a driver that supports only ARGB cursors + */ + static void +@@ -242,12 +277,7 @@ xf86_crtc_convert_cursor_to_argb(xf86CrtcPtr crtc, unsigned char *src) + } + else + bits = 0; +- if (crtc->gamma_red && crtc->gamma_size == 256) { +- bits = (bits & 0xFF000000) | +- ((crtc->gamma_red[(bits >> 16) & 255] >> 8) << 16) | +- (crtc->gamma_green[(bits >> 8) & 255] & 0xFF00) | +- (crtc->gamma_blue[bits & 255] >> 8); +- } ++ bits = cursor_gamma_correct(crtc, bits); + cursor_image[y * cursor_info->MaxWidth + x] = bits; + } + crtc->funcs->load_cursor_argb(crtc, cursor_image); +@@ -547,12 +577,7 @@ xf86_crtc_load_cursor_argb(xf86CrtcPtr crtc, CursorPtr cursor) + bits = cursor_source[yin * source_width + xin]; + else + bits = 0; +- if (crtc->gamma_red && crtc->gamma_size == 256) { +- bits = (bits & 0xFF000000) | +- ((crtc->gamma_red[(bits >> 16) & 255] >> 8) << 16) | +- (crtc->gamma_green[(bits >> 8) & 255] & 0xFF00) | +- (crtc->gamma_blue[bits & 255] >> 8); +- } ++ bits = cursor_gamma_correct(crtc, bits); + cursor_image[y * image_width + x] = bits; + } + +-- +1.9.2 + diff --git a/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch new file mode 100644 index 000000000000..6b8b1e5b5d73 --- /dev/null +++ b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch @@ -0,0 +1,134 @@ +From 7504fbd2239257f1a00a1a15d02862eea81f167c Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 5 May 2015 14:48:41 +1000 +Subject: [PATCH] dix: hook up the unaccelerated valuator masks + +If present, access the unaccelerated valuator mask values for DGA and XI2 raw +events. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +--- + dix/getevents.c | 31 ++++++++++++++++++++++--------- + hw/xfree86/common/xf86Xinput.c | 4 ++++ + 2 files changed, 26 insertions(+), 9 deletions(-) + +diff --git a/dix/getevents.c b/dix/getevents.c +index 6fb12c5..64bf76e 100644 +--- a/dix/getevents.c ++++ b/dix/getevents.c +@@ -213,14 +213,25 @@ init_raw(DeviceIntPtr dev, RawDeviceEvent *event, Time ms, int type, int detail) + } + + static void +-set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, double *data) ++set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, ++ BOOL use_unaccel, double *data) + { + int i; + ++ use_unaccel = use_unaccel && valuator_mask_has_unaccelerated(mask); ++ + for (i = 0; i < valuator_mask_size(mask); i++) { + if (valuator_mask_isset(mask, i)) { ++ double v; ++ + SetBit(event->valuators.mask, i); +- data[i] = valuator_mask_get_double(mask, i); ++ ++ if (use_unaccel) ++ v = valuator_mask_get_unaccelerated(mask, i); ++ else ++ v = valuator_mask_get_double(mask, i); ++ ++ data[i] = v; + } + } + } +@@ -1138,11 +1149,11 @@ GetKeyboardEvents(InternalEvent *events, DeviceIntPtr pDev, int type, + valuator_mask_copy(&mask, mask_in); + + init_raw(pDev, raw, ms, type, key_code); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + + clipValuators(pDev, &mask); + +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + event = &events->device_event; + init_device_event(event, pDev, ms); +@@ -1423,9 +1434,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + num_events++; + + init_raw(pDev, raw, ms, type, buttons); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + } + ++ valuator_mask_drop_unaccelerated(&mask); ++ + /* valuators are in driver-native format (rel or abs) */ + + if (flags & POINTER_ABSOLUTE) { +@@ -1438,7 +1451,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + transformAbsolute(pDev, &mask); + clipAbsolute(pDev, &mask); + if ((flags & POINTER_NORAW) == 0 && raw) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + } + else { + transformRelative(pDev, &mask); +@@ -1446,7 +1459,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + if (flags & POINTER_ACCELERATE) + accelPointer(pDev, &mask, ms); + if ((flags & POINTER_NORAW) == 0 && raw) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + moveRelative(pDev, flags, &mask); + } +@@ -1951,7 +1964,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid, + events++; + num_events++; + init_raw(dev, raw, ms, type, client_id); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + } + + event = &events->device_event; +@@ -2013,7 +2026,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid, + screeny = dev->spriteInfo->sprite->hotPhys.y; + } + if (need_rawevent) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + /* Indirect device touch coordinates are not used for cursor positioning. + * They are merely informational, and are provided in device coordinates. +diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c +index 1fb5b16..5ce4c71 100644 +--- a/hw/xfree86/common/xf86Xinput.c ++++ b/hw/xfree86/common/xf86Xinput.c +@@ -1137,12 +1137,16 @@ xf86CheckMotionEvent4DGA(DeviceIntPtr device, int is_absolute, + dx = valuator_mask_get(mask, 0); + if (is_absolute) + dx -= device->last.valuators[0]; ++ else if (valuator_mask_has_unaccelerated(mask)) ++ dx = valuator_mask_get_unaccelerated(mask, 0); + } + + if (valuator_mask_isset(mask, 1)) { + dy = valuator_mask_get(mask, 1); + if (is_absolute) + dy -= device->last.valuators[1]; ++ else if (valuator_mask_has_unaccelerated(mask)) ++ dy = valuator_mask_get_unaccelerated(mask, 1); + } + + if (DGAStealMotionEvent(device, idx, dx, dy)) +-- +2.4.1 + diff --git a/0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch b/0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch new file mode 100644 index 000000000000..35875ec0508e --- /dev/null +++ b/0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch @@ -0,0 +1,54 @@ +From b167a4d01048fc624fdf95faffa74099e5bd8efb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mattias=20Andr=C3=A9e?= <maandree@operamail.com> +Date: Mon, 21 Apr 2014 01:05:35 +0200 +Subject: [PATCH 3/3] Use Harms's suggest: do not use inline if. And fix + signness issue: CARD32 is unsigned, which results in that if a value because + less than zero it would be incorrectly corrected to be 255 rather than 0. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Mattias Andrée <maandree@operamail.com> +--- + hw/xfree86/modes/xf86Cursors.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/hw/xfree86/modes/xf86Cursors.c b/hw/xfree86/modes/xf86Cursors.c +index 5afd740..b18b7e6 100644 +--- a/hw/xfree86/modes/xf86Cursors.c ++++ b/hw/xfree86/modes/xf86Cursors.c +@@ -214,10 +214,10 @@ set_bit(CARD8 *image, xf86CursorInfoPtr cursor_info, int x, int y, Bool mask) + static CARD32 + cursor_gamma_correct(xf86CrtcPtr crtc, CARD32 bits) + { +- float alpha; +- CARD32 old_red, new_red; +- CARD32 old_green, new_green; +- CARD32 old_blue, new_blue; ++ float alpha; ++ int32_t old_red, new_red; ++ int32_t old_green, new_green; ++ int32_t old_blue, new_blue; + + if (!(crtc->gamma_red && crtc->gamma_size == 256)) + return bits; +@@ -236,9 +236,13 @@ cursor_gamma_correct(xf86CrtcPtr crtc, CARD32 bits) + new_green = new_green * alpha + old_green * (1 - alpha); + new_blue = new_blue * alpha + old_blue * (1 - alpha); + +- new_red = new_red < 0 ? 0 : new_red > 255 ? 255 : new_red; +- new_green = new_green < 0 ? 0 : new_green > 255 ? 255 : new_green; +- new_blue = new_blue < 0 ? 0 : new_blue > 255 ? 255 : new_blue; ++ /* Make sure the floating point operations did not yeild invalid results. */ ++ if (new_red < 0x00) new_red = 0x00; ++ if (new_red > 0xFF) new_red = 0xFF; ++ if (new_green < 0x00) new_green = 0x00; ++ if (new_green > 0xFF) new_green = 0xFF; ++ if (new_blue < 0x00) new_blue = 0x00; ++ if (new_blue > 0xFF) new_blue = 0xFF; + + return (bits & 0xFF000000) | (new_red << 16) | (new_green << 8) | (new_blue << 0); + } +-- +1.9.2 + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..fe74f0746d04 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,154 @@ +# Maintainer: Mattias Andrée <`base64 -d`(bWFhbmRyZWUK)@member.fsf.org> +# Maintainer of the xorg-server package: AndyRTR <andyrtr@archlinux.org> +# Maintainer of the xorg-server package: Jan de Groot <jgc@archlinux.org> + +_pkgname=xorg-server +pkgname=xorg-server-hwcursor-gamma +pkgver=1.17.1 +pkgrel=6 +pkgdesc="Xorg X server with patch to apply gamma ramps on hardware cursors" +depends=(libepoxy libxdmcp libxfont libpciaccess libdrm pixman libgcrypt libxau xorg-server-common xf86-input-evdev libxshmfence libgl) +provides=("xorg-server=${pkgver}" 'X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21.1' 'X-ABI-EXTENSION_VERSION=9.0' 'x-server') +conflicts=('xorg-server' 'nvidia-utils<=331.20' 'glamor-egl' 'xf86-video-modesetting') +replaces=('glamor-egl' 'xf86-video-modesetting') +arch=('i686' 'x86_64') +license=('custom') +url="http://xorg.freedesktop.org" +makedepends=('pixman' 'libx11' 'mesa' 'mesa-libgl' 'xf86driproto' 'xcmiscproto' 'xtrans' 'bigreqsproto' 'randrproto' + 'inputproto' 'fontsproto' 'videoproto' 'presentproto' 'compositeproto' 'recordproto' 'scrnsaverproto' + 'resourceproto' 'xineramaproto' 'libxkbfile' 'libxfont' 'renderproto' 'libpciaccess' 'libxv' + 'xf86dgaproto' 'libxmu' 'libxrender' 'libxi' 'dmxproto' 'libxaw' 'libdmx' 'libxtst' 'libxres' + 'xorg-xkbcomp' 'xorg-util-macros' 'xorg-font-util' 'glproto' 'dri2proto' 'libgcrypt' 'libepoxy' + 'xcb-util' 'xcb-util-image' 'xcb-util-renderutil' 'xcb-util-wm' 'xcb-util-keysyms' 'dri3proto' + 'libxshmfence' 'libunwind') +source=(${url}/releases/individual/xserver/${_pkgname}-${pkgver}.tar.bz2 + nvidia-drm-outputclass.conf + xvfb-run + xvfb-run.1 + os-access-fix-regression-in-server-interpreted-auth.patch + v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + fix-CVE-2015-3164.patch + 0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch + 0002-Fix-for-full-and-semi-transparency-under-negative-im.patch + 0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch) +sha256sums=('2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab' + 'af1c3d2ea5de7f6a6b5f7c60951a189a4749d1495e5462f3157ae7ac8fe1dc56' + 'ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9' + '2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776' + '8a9d76eecf8795ca645fb1ce261733965578e953f6606153ce001a0e15d036e8' + 'a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9' + '2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071' + 'ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90' + 'b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa' + '3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7' + '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96' + 'bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28' + 'bea348631dedd66475d84ac2cfe0840f22a80a642b4680d73fead4749e47f055' + 'be9169b937b5d0b44f7f05d7c08aaa5f0c1092e128ce261d9cb350f09dfe1fb0' + '0a643ae83e03faee0f4db669a33c5b3c99edbba5c86cde2c83962ae536d31081') + +prepare() { + cd "${_pkgname}-${pkgver}" + msg2 'Apply hardware cursors gamma adjustments patchs' + patch -Np1 -i ../0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch + patch -Np1 -i ../0002-Fix-for-full-and-semi-transparency-under-negative-im.patch + patch -Np1 -i ../0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch + + msg2 'fix FS#43884, merged upstream' + patch -Np1 -i ../os-access-fix-regression-in-server-interpreted-auth.patch + msg2 'partially fix FS#43867, merged upstream' + patch -Np1 -i ../v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + msg2 'fix FS#43924, merged upstream' + patch -Np1 -i ../0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + msg2 'fix FS#43937, merged upstream' + patch -Np1 -i ../0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + msg2 'fix FS#45245, merged upstream' + patch -Np1 -i ../0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + msg2 'fix FS#45229, merged upstream' + patch -Np1 -i ../0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + patch -Np1 -i ../0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + msg2 'fix CVE-2015-3164, merged upstream' + patch -Np1 -i ../fix-CVE-2015-3164.patch +} + +build() { + cd "${_pkgname}-${pkgver}" + autoreconf -fi + ./configure --prefix=/usr \ + --enable-ipv6 \ + --enable-dri \ + --enable-dmx \ + --enable-xvfb \ + --enable-xnest \ + --enable-composite \ + --enable-xcsecurity \ + --enable-libunwind \ + --enable-xorg \ + --enable-xephyr \ + --enable-glamor \ + --enable-xwayland \ + --enable-glx-tls \ + --enable-kdrive \ + --enable-kdrive-evdev \ + --enable-kdrive-kbd \ + --enable-kdrive-mouse \ + --enable-config-udev \ + --disable-systemd-logind \ + --disable-suid-wrapper \ + --enable-install-setuid \ + --enable-record \ + --disable-xfbdev \ + --disable-xfake \ + --disable-static \ + --libexecdir=/usr/lib/xorg-server \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --with-xkb-path=/usr/share/X11/xkb \ + --with-xkb-output=/var/lib/xkb \ + --with-fontrootdir=/usr/share/fonts \ + --with-sha1=libgcrypt \ + --without-systemd-daemon + +# --without-dtrace \ +# --disable-linux-acpi --disable-linux-apm \ + + make + + # Disable subdirs for make install rule to make splitting easier + sed -e 's/^DMX_SUBDIRS =.*/DMX_SUBDIRS =/' \ + -e 's/^XVFB_SUBDIRS =.*/XVFB_SUBDIRS =/' \ + -e 's/^XNEST_SUBDIRS =.*/XNEST_SUBDIRS = /' \ + -e 's/^KDRIVE_SUBDIRS =.*/KDRIVE_SUBDIRS =/' \ + -e 's/^XWAYLAND_SUBDIRS =.*/XWAYLAND_SUBDIRS =/' \ + -i hw/Makefile +} + +package() { + cd "${_pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + + # distro specific files must be installed in /usr/share/X11/xorg.conf.d + install -m755 -d "${pkgdir}/etc/X11/xorg.conf.d" + install -m644 "${srcdir}/nvidia-drm-outputclass.conf" "${pkgdir}/usr/share/X11/xorg.conf.d/" + + # Needed for non-mesa drivers, libgl will restore it + mv "${pkgdir}/usr/lib/xorg/modules/extensions/libglx.so" \ + "${pkgdir}/usr/lib/xorg/modules/extensions/libglx.xorg" + + rm -rf "${pkgdir}/var" + + rm -f "${pkgdir}/usr/share/man/man1/Xserver.1" + rm -f "${pkgdir}/usr/lib/xorg/protocol.txt" + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server/COPYING" + + rm -rf "${pkgdir}/usr/lib/pkgconfig" + rm -rf "${pkgdir}/usr/include" + rm -rf "${pkgdir}/usr/share/aclocal" +} diff --git a/fix-CVE-2015-3164.patch b/fix-CVE-2015-3164.patch new file mode 100644 index 000000000000..e2ee1297323d --- /dev/null +++ b/fix-CVE-2015-3164.patch @@ -0,0 +1,311 @@ +From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:42 -0400 +Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] + +Xwayland currently allows wide-open access to the X sockets +it listens on, ignoring Xauth access control. + +This commit makes sure to enable access control on the sockets, +so one user can't snoop on another user's X-over-wayland +applications. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index 7e8d667..c5bee77 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) + int i; + + for (i = 0; i < xwl_screen->listen_fd_count; i++) +- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); ++ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); + } + + static void +-- +cgit v0.10.2 +From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:43 -0400 +Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] + +If the X server is started without a '-auth' argument, then +it gets started wide open to all local users on the system. + +This isn't a great default access model, but changing it in +Xorg at this point would break backward compatibility. + +Xwayland, on the other hand is new, and much more targeted +in scope. It could, in theory, be changed to allow the much +more secure default of a "user who started X server can connect +clients to that server." + +This commit paves the way for that change, by adding a mechanism +for DDXs to opt-in to that behavior. They merely need to call + +LocalAccessScopeUser() + +in their init functions. + +A subsequent commit will add that call for Xwayland. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/include/os.h b/include/os.h +index 6638c84..b2b96c8 100644 +--- a/include/os.h ++++ b/include/os.h +@@ -431,11 +431,28 @@ extern _X_EXPORT void + ResetHosts(const char *display); + + extern _X_EXPORT void ++EnableLocalAccess(void); ++ ++extern _X_EXPORT void ++DisableLocalAccess(void); ++ ++extern _X_EXPORT void + EnableLocalHost(void); + + extern _X_EXPORT void + DisableLocalHost(void); + ++#ifndef NO_LOCAL_CLIENT_CRED ++extern _X_EXPORT void ++EnableLocalUser(void); ++ ++extern _X_EXPORT void ++DisableLocalUser(void); ++ ++extern _X_EXPORT void ++LocalAccessScopeUser(void); ++#endif ++ + extern _X_EXPORT void + AccessUsingXdmcp(void); + +diff --git a/os/access.c b/os/access.c +index 8fa028e..75e7a69 100644 +--- a/os/access.c ++++ b/os/access.c +@@ -102,6 +102,10 @@ SOFTWARE. + #include <sys/ioctl.h> + #include <ctype.h> + ++#ifndef NO_LOCAL_CLIENT_CRED ++#include <pwd.h> ++#endif ++ + #if defined(TCPCONN) || defined(STREAMSCONN) + #include <netinet/in.h> + #endif /* TCPCONN || STREAMSCONN */ +@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; + static int LocalHostRequested = FALSE; + static int UsingXdmcp = FALSE; + ++static enum { ++ LOCAL_ACCESS_SCOPE_HOST = 0, ++#ifndef NO_LOCAL_CLIENT_CRED ++ LOCAL_ACCESS_SCOPE_USER, ++#endif ++} LocalAccessScope; ++ + /* FamilyServerInterpreted implementation */ + static Bool siAddrMatch(int family, void *addr, int len, HOST * host, + ClientPtr client); +@@ -237,6 +248,21 @@ static void siTypesInitialize(void); + */ + + void ++EnableLocalAccess(void) ++{ ++ switch (LocalAccessScope) { ++ case LOCAL_ACCESS_SCOPE_HOST: ++ EnableLocalHost(); ++ break; ++#ifndef NO_LOCAL_CLIENT_CRED ++ case LOCAL_ACCESS_SCOPE_USER: ++ EnableLocalUser(); ++ break; ++#endif ++ } ++} ++ ++void + EnableLocalHost(void) + { + if (!UsingXdmcp) { +@@ -249,6 +275,21 @@ EnableLocalHost(void) + * called when authorization is enabled to keep us secure + */ + void ++DisableLocalAccess(void) ++{ ++ switch (LocalAccessScope) { ++ case LOCAL_ACCESS_SCOPE_HOST: ++ DisableLocalHost(); ++ break; ++#ifndef NO_LOCAL_CLIENT_CRED ++ case LOCAL_ACCESS_SCOPE_USER: ++ DisableLocalUser(); ++ break; ++#endif ++ } ++} ++ ++void + DisableLocalHost(void) + { + HOST *self; +@@ -262,6 +303,74 @@ DisableLocalHost(void) + } + } + ++#ifndef NO_LOCAL_CLIENT_CRED ++static int GetLocalUserAddr(char **addr) ++{ ++ static const char *type = "localuser"; ++ static const char delimiter = '\0'; ++ static const char *value; ++ struct passwd *pw; ++ int length = -1; ++ ++ pw = getpwuid(getuid()); ++ ++ if (pw == NULL || pw->pw_name == NULL) ++ goto out; ++ ++ value = pw->pw_name; ++ ++ length = asprintf(addr, "%s%c%s", type, delimiter, value); ++ ++ if (length == -1) { ++ goto out; ++ } ++ ++ /* Trailing NUL */ ++ length++; ++ ++out: ++ return length; ++} ++ ++void ++EnableLocalUser(void) ++{ ++ char *addr = NULL; ++ int length = -1; ++ ++ length = GetLocalUserAddr(&addr); ++ ++ if (length == -1) ++ return; ++ ++ NewHost(FamilyServerInterpreted, addr, length, TRUE); ++ ++ free(addr); ++} ++ ++void ++DisableLocalUser(void) ++{ ++ char *addr = NULL; ++ int length = -1; ++ ++ length = GetLocalUserAddr(&addr); ++ ++ if (length == -1) ++ return; ++ ++ RemoveHost(NULL, FamilyServerInterpreted, length, addr); ++ ++ free(addr); ++} ++ ++void ++LocalAccessScopeUser(void) ++{ ++ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER; ++} ++#endif ++ + /* + * called at init time when XDMCP will be used; xdmcp always + * adds local hosts manually when needed +diff --git a/os/auth.c b/os/auth.c +index 5fcb538..7da6fc6 100644 +--- a/os/auth.c ++++ b/os/auth.c +@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, + + /* + * If the authorization file has at least one entry for this server, +- * disable local host access. (loadauth > 0) ++ * disable local access. (loadauth > 0) + * + * If there are zero entries (either initially or when the + * authorization file is later reloaded), or if a valid +- * authorization file was never loaded, enable local host access. ++ * authorization file was never loaded, enable local access. + * (loadauth == 0 || !loaded) + * + * If the authorization file was loaded initially (with valid +@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, + */ + + if (loadauth > 0) { +- DisableLocalHost(); /* got at least one */ ++ DisableLocalAccess(); /* got at least one */ + loaded = TRUE; + } + else if (loadauth == 0 || !loaded) +- EnableLocalHost(); ++ EnableLocalAccess(); + } + if (name_length) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { +-- +cgit v0.10.2 +From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:44 -0400 +Subject: xwayland: default to local user if no xauth file given. + [CVE-2015-3164 3/3] + +Right now if "-auth" isn't passed on the command line, we let +any user on the system connect to the Xwayland server. + +That's clearly suboptimal, given Xwayland is generally designed +to be used by one user at a time. + +This commit changes the behavior, so only the user who started the +X server can connect clients to it. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index c5bee77..bc92beb 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) + if (AddScreen(xwl_screen_init, argc, argv) == -1) { + FatalError("Couldn't add screen\n"); + } ++ ++ LocalAccessScopeUser(); + } +-- +cgit v0.10.2 + diff --git a/nvidia-drm-outputclass.conf b/nvidia-drm-outputclass.conf new file mode 100644 index 000000000000..40c1e08b5f41 --- /dev/null +++ b/nvidia-drm-outputclass.conf @@ -0,0 +1,6 @@ +Section "OutputClass" + Identifier "nvidia" + MatchDriver "nvidia-drm" + Driver "nvidia" +EndSection + diff --git a/os-access-fix-regression-in-server-interpreted-auth.patch b/os-access-fix-regression-in-server-interpreted-auth.patch new file mode 100644 index 000000000000..b96bb7a31743 --- /dev/null +++ b/os-access-fix-regression-in-server-interpreted-auth.patch @@ -0,0 +1,30 @@ +diff --git a/os/access.c b/os/access.c +index 28f2d32..fe6e831 100644 +--- a/os/access.c ++++ b/os/access.c +@@ -1390,14 +1390,23 @@ InvalidHost(register struct sockaddr *saddr, int len, ClientPtr client) + else + return 0; + } ++ ++ /* An empty address requires both a NULL addr *and* a zero length ++ * as the address comparison functions call memcmp with both ++ * parameters. Make sure they agree here ++ */ ++ if (addr == NULL) ++ len = 0; ++ if (len == 0) ++ addr = NULL; + for (host = validhosts; host; host = host->next) { + if (host->family == FamilyServerInterpreted) { +- if (addr && siAddrMatch(family, addr, len, host, client)) { ++ if (siAddrMatch(family, addr, len, host, client)) { + return 0; + } + } + else { +- if (addr && addrEqual(family, addr, len, host)) ++ if (addrEqual(family, addr, len, host)) + return 0; + } + diff --git a/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch b/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch new file mode 100644 index 000000000000..02dbaf22f93f --- /dev/null +++ b/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch @@ -0,0 +1,23 @@ +diff --git a/os/xdmcp.c b/os/xdmcp.c +index b6e97c9..0e9e625 100644 +--- a/os/xdmcp.c ++++ b/os/xdmcp.c +@@ -1409,8 +1409,16 @@ recv_alive_msg(unsigned length) + static void + XdmcpFatal(const char *type, ARRAY8Ptr status) + { +- FatalError("XDMCP fatal error: %s %*.*s\n", type, +- status->length, status->length, status->data); ++ char *error_message; ++ ++ /* error_message is leaked, but that's fine, we're aborting */ ++ error_message = malloc (status->length + 1); ++ if (!error_message) ++ FatalError("XDMCP fatal error: %s", type); ++ ++ memcpy(error_message, status->data, status->length); ++ error_message[status->length] = '\0'; ++ FatalError("XDMCP fatal error: %s %s\n", type, error_message); + } + + static void diff --git a/xvfb-run b/xvfb-run new file mode 100644 index 000000000000..4c2f4e0d3a4d --- /dev/null +++ b/xvfb-run @@ -0,0 +1,180 @@ +#!/bin/sh + +# $Id: xvfb-run 2027 2004-11-16 14:54:16Z branden $ + +# This script starts an instance of Xvfb, the "fake" X server, runs a command +# with that server available, and kills the X server when done. The return +# value of the command becomes the return value of this script. +# +# If anyone is using this to build a Debian package, make sure the package +# Build-Depends on xvfb, xbase-clients, and xfonts-base. + +set -e + +PROGNAME=xvfb-run +SERVERNUM=99 +AUTHFILE= +ERRORFILE=/dev/null +STARTWAIT=3 +XVFBARGS="-screen 0 640x480x8" +LISTENTCP="-nolisten tcp" +XAUTHPROTO=. + +# Query the terminal to establish a default number of columns to use for +# displaying messages to the user. This is used only as a fallback in the event +# the COLUMNS variable is not set. ($COLUMNS can react to SIGWINCH while the +# script is running, and this cannot, only being calculated once.) +DEFCOLUMNS=$(stty size 2>/dev/null | awk '{print $2}') || true +if ! expr "$DEFCOLUMNS" : "[[:digit:]]\+$" >/dev/null 2>&1; then + DEFCOLUMNS=80 +fi + +# Display a message, wrapping lines at the terminal width. +message () { + echo "$PROGNAME: $*" | fmt -t -w ${COLUMNS:-$DEFCOLUMNS} +} + +# Display an error message. +error () { + message "error: $*" >&2 +} + +# Display a usage message. +usage () { + if [ -n "$*" ]; then + message "usage error: $*" + fi + cat <<EOF +Usage: $PROGNAME [OPTION ...] COMMAND +Run COMMAND (usually an X client) in a virtual X server environment. +Options: +-a --auto-servernum try to get a free server number, starting at + --server-num +-e FILE --error-file=FILE file used to store xauth errors and Xvfb + output (default: $ERRORFILE) +-f FILE --auth-file=FILE file used to store auth cookie + (default: ./.Xauthority) +-h --help display this usage message and exit +-n NUM --server-num=NUM server number to use (default: $SERVERNUM) +-l --listen-tcp enable TCP port listening in the X server +-p PROTO --xauth-protocol=PROTO X authority protocol name to use + (default: xauth command's default) +-s ARGS --server-args=ARGS arguments (other than server number and + "-nolisten tcp") to pass to the Xvfb server + (default: "$XVFBARGS") +-w DELAY --wait=DELAY delay in seconds to wait for Xvfb to start + before running COMMAND (default: $STARTWAIT) +EOF +} + +# Find a free server number by looking at .X*-lock files in /tmp. +find_free_servernum() { + # Sadly, the "local" keyword is not POSIX. Leave the next line commented in + # the hope Debian Policy eventually changes to allow it in /bin/sh scripts + # anyway. + #local i + + i=$SERVERNUM + while [ -f /tmp/.X$i-lock ]; do + i=$(($i + 1)) + done + echo $i +} + +# Clean up files +clean_up() { + if [ -e "$AUTHFILE" ]; then + XAUTHORITY=$AUTHFILE xauth remove ":$SERVERNUM" >>"$ERRORFILE" 2>&1 + fi + if [ -n "$XVFB_RUN_TMPDIR" ]; then + if ! rm -r "$XVFB_RUN_TMPDIR"; then + error "problem while cleaning up temporary directory" + exit 5 + fi + fi +} + +# Parse the command line. +ARGS=$(getopt --options +ae:f:hn:lp:s:w: \ + --long auto-servernum,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait: \ + --name "$PROGNAME" -- "$@") +GETOPT_STATUS=$? + +if [ $GETOPT_STATUS -ne 0 ]; then + error "internal error; getopt exited with status $GETOPT_STATUS" + exit 6 +fi + +eval set -- "$ARGS" + +while :; do + case "$1" in + -a|--auto-servernum) SERVERNUM=$(find_free_servernum) ;; + -e|--error-file) ERRORFILE="$2"; shift ;; + -f|--auth-file) AUTHFILE="$2"; shift ;; + -h|--help) SHOWHELP="yes" ;; + -n|--server-num) SERVERNUM="$2"; shift ;; + -l|--listen-tcp) LISTENTCP="" ;; + -p|--xauth-protocol) XAUTHPROTO="$2"; shift ;; + -s|--server-args) XVFBARGS="$2"; shift ;; + -w|--wait) STARTWAIT="$2"; shift ;; + --) shift; break ;; + *) error "internal error; getopt permitted \"$1\" unexpectedly" + exit 6 + ;; + esac + shift +done + +if [ "$SHOWHELP" ]; then + usage + exit 0 +fi + +if [ -z "$*" ]; then + usage "need a command to run" >&2 + exit 2 +fi + +if ! which xauth >/dev/null; then + error "xauth command not found" + exit 3 +fi + +# tidy up after ourselves +trap clean_up EXIT + +# If the user did not specify an X authorization file to use, set up a temporary +# directory to house one. +if [ -z "$AUTHFILE" ]; then + XVFB_RUN_TMPDIR="$(mktemp -d -t $PROGNAME.XXXXXX)" + AUTHFILE="$XVFB_RUN_TMPDIR/Xauthority" +fi + +# Start Xvfb. +MCOOKIE=$(mcookie) +XAUTHORITY=$AUTHFILE xauth source - << EOF >>"$ERRORFILE" 2>&1 +add :$SERVERNUM $XAUTHPROTO $MCOOKIE +EOF +XAUTHORITY=$AUTHFILE Xvfb ":$SERVERNUM" $XVFBARGS $LISTENTCP >>"$ERRORFILE" \ + 2>&1 & +XVFBPID=$! +sleep "$STARTWAIT" +if ! kill -0 $XVFBPID 2>/dev/null; then + echo "Xvfb failed to start" >&2 + exit 1 +fi + +# Start the command and save its exit status. +set +e +DISPLAY=:$SERVERNUM XAUTHORITY=$AUTHFILE "$@" 2>&1 +RETVAL=$? +set -e + +# Kill Xvfb now that the command has exited. +kill $XVFBPID + +# Return the executed command's exit status. +exit $RETVAL + +# vim:set ai et sts=4 sw=4 tw=80: diff --git a/xvfb-run.1 b/xvfb-run.1 new file mode 100644 index 000000000000..137d3a1967e5 --- /dev/null +++ b/xvfb-run.1 @@ -0,0 +1,282 @@ +.\" $Id: xvfb-run.1 2138 2005-01-17 23:40:27Z branden $ +.\" +.\" Copyright 1998-2004 Branden Robinson <branden@debian.org>. +.\" +.\" This is free software; you may redistribute it and/or modify +.\" it under the terms of the GNU General Public License as +.\" published by the Free Software Foundation; either version 2, +.\" or (at your option) any later version. +.\" +.\" This is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License with +.\" the Debian operating system, in /usr/share/common-licenses/GPL; if +.\" not, write to the Free Software Foundation, Inc., 59 Temple Place, +.\" Suite 330, Boston, MA 02111-1307 USA +.\" +.\" We need the URL macro from groff's www macro package, but also want +.\" things to work all right for people who don't have it. So we define +.\" our own URL macro and let the www macro package override it if it's +.\" available. +.de URL +\\$2 \(laURL: \\$1 \(ra\\$3 +.. +.if \n[.g] .mso www.tmac +.TH xvfb\-run 1 "2004\-11\-12" "Debian Project" +.SH NAME +xvfb\-run \- run specified X client or command in a virtual X server environment +.SH SYNOPSIS +.B xvfb\-run +[ +.I options +] +.I command +.SH DESCRIPTION +.B xvfb\-run +is a wrapper for the +.BR Xvfb (1x) +command which simplifies the task of running commands (typically an X +client, or a script containing a list of clients to be run) within a virtual +X server environment. +.PP +.B xvfb\-run +sets up an X authority file (or uses an existing user\-specified one), +writes a cookie to it (see +.BR xauth (1x)) +and then starts the +.B Xvfb +X server as a background process. +The process ID of +.B Xvfb +is stored for later use. +The specified +.I command +is then run using the X display corresponding to the +.B Xvfb +server +just started and the X authority file created earlier. +.PP +When the +.I command +exits, its status is saved, the +.B Xvfb +server is killed (using the process ID stored earlier), the X authority +cookie removed, and the authority file deleted (if the user did not specify +one to use). +.B xvfb\-run +then exits with the exit status of +.IR command . +.PP +.B xvfb\-run +requires the +.B xauth +command to function. +.SH OPTIONS +.TP +.B \-a\fR,\fB \-\-auto\-servernum +Try to get a free server number, starting at 99, or the argument to +.BR \-\-server\-num . +.TP +.BI \-e\ file \fR,\fB\ \-\-error\-file= file +Store output from +.B xauth +and +.B Xvfb +in +.IR file . +The default is +.IR /dev/null . +.TP +.BI \-f\ file \fR,\fB\ \-\-auth\-file= file +Store X authentication data in +.IR file . +By default, a temporary directory called +.IR xvfb\-run. PID +(where PID is the process ID of +.B xvfb\-run +itself) is created in the directory specified by the environment variable +.B TMPDIR +(or +.I /tmp +if that variable is null or unset), and the +.BR tempfile (1) +command is used to create a file in that temporary directory called +.IR Xauthority . +.TP +.B \-h\fR,\fB \-\-help +Display a usage message and exit. +.TP +.BI \-n\ servernumber \fR,\fB\ \-\-server\-num= servernumber +Use +.I servernumber +as the server number (but see the +.B \-a\fR,\fB \-\-auto\-servernum +option above). +The default is 99. +.TP +.B \-l\fR,\fB \-\-listen\-tcp +Enable TCP port listening in the X server. +For security reasons (to avoid denial\-of\-service attacks or exploits), +TCP port listening is disabled by default. +.TP +.BI \-p\ protocolname \fR,\fB\ \-\-xauth\-protocol= protocolname +Use +.I protocolname +as the X authority protocol to use. +The default is \(oq.\(cq, which +.B xauth +interprets as its own default protocol, which is MIT\-MAGIC\-COOKIE\-1. +.TP +.BI \-s\ arguments \fR,\fB\ \-\-server\-args= arguments +Pass +.I arguments +to the +.B Xvfb +server. +Be careful to quote any whitespace characters that may occur within +.I arguments +to prevent them from regarded as separators for +.BR xvfb\-run 's +own arguments. +Also, note that specification of \(oq\-nolisten tcp\(cq in +.I arguments +may override the function of +.BR xvfb\-run 's +own +.B \-l\fR,\fB \-\-listen\-tcp +option, and that specification of the server number (e.g., \(oq:1\(cq) may +be ignored because of the way the X server parses its argument list. +Use the +.B xvfb\-run +option +.BI \-n\ servernumber \fR,\fB\ \-\-server\-num= servernumber +to achieve the latter function. +The default is \(oq\-screen 0 640x480x8\(cq. +.TP +.BI \-w\ delay \fR,\fB\ \-\-wait= delay +Wait +.I delay +seconds after launching +.B Xvfb +before attempting to start the specified command. +The default is 3. +.SH ENVIRONMENT +.TP +.B COLUMNS +indicates the width of the terminal device in character cells. +This value is used for formatting diagnostic messages. +If not set, the terminal is queried using +.BR stty (1) +to determine its width. +If that fails, a value of \(oq80\(cq is assumed. +.TP +.B TMPDIR +specifies the directory in which to place +.BR xvfb\-run 's +temporary directory for storage of the X authority file; only used if the +.B \-f +or +.B \-\-auth\-file +options are not specified. +.SH "OUTPUT FILES" +.PP +Unless the +.B \-f +or +.B \-\-auth\-file +options are specified, a temporary +directory and file within it are created (and deleted) to store the X +authority cookies used by the +.B Xvfb +server and client(s) run under it. +See +.BR tempfile (1). +If \-f or \-\-auth\-file are used, then the specified X authority file is +only written to, not created or deleted (though +.B xauth +creates an authority file itself if told to use use that does not already +exist). +.PP +An error file with a user\-specified name is also created if the +.B \-e +or +.B \-\-error\-file +options are specifed; see above. +.SH "EXIT STATUS" +.B xvfb\-run +uses its exit status as well as output to standard error to communicate +diagnostics. +The exit status of \(oq1\(cq is not used, and should be interpreted as failure +of the specified command. +.TP +0 +.B xvfb\-run +only uses this exit status if the +.B \-h\fR,\fB \-\-help +option is given. +In all other situations, this may be interpreted as success of the specified +command. +.TP +2 +No command to run was specified. +.TP +3 +The +.B xauth +command is not available. +.TP +4 +The temporary directory that was going to be used already exists; since +.B xvfb\-run +produces a uniquely named directory, this may indicate an attempt by another +process on the system to exploit a temporary file race condition. +.TP +5 +A problem was encountered while cleaning up the temporary directory. +.TP +6 +A problem was encountered while using +.BR getopt (1) +to parse the command\-line arguments. +.SH EXAMPLES +.TP +.B xvfb\-run \-\-auto\-servernum \-\-server\-num=1 xlogo +runs the +.BR xlogo (1x) +demonstration client inside the +.B Xvfb +X server on the first available server number greater than or equal to 1. +.TP +.B xvfb\-run \-\-server\-args="\-screen 0 1024x768x24" ico \-faces +runs the +.BR ico (1x) +demonstration client (and passes it the +.B \-faces +argument) inside the +.B Xvfb +X server, configured with a root window of 1024 by 768 pixels and a color +depth of 24 bits. +.PP +Note that the demo X clients used in the above examples will not exit on +their own, so they will have to be killed before +.B xvfb\-run +will exit. +.SH BUGS +See +.URL "http://bugs.debian.org/xvfb" "the Debian Bug Tracking System" . +If you wish to report a bug in +.BR xvfb\-run , +please use the +.BR reportbug (1) +command. +.SH AUTHOR +.B xfvb\-run +was written by Branden Robinson and Jeff Licquia with sponsorship from +Progeny Linux Systems. +.SH "SEE ALSO" +.BR Xvfb (1x), +.BR xauth (1x) +.\" vim:set et tw=80: |