diff options
-rw-r--r-- | .SRCINFO | 214 | ||||
-rw-r--r-- | 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch | 210 | ||||
-rw-r--r-- | 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch | 47 | ||||
-rw-r--r-- | 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch | 42 | ||||
-rw-r--r-- | 0001-modesetting-Fix-software-cursor-fallback.patch | 42 | ||||
-rw-r--r-- | 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch | 51 | ||||
-rw-r--r-- | 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch | 134 | ||||
-rw-r--r-- | PKGBUILD | 312 | ||||
-rw-r--r-- | fix-CVE-2015-3164.patch | 311 | ||||
-rw-r--r-- | nvidia-drm-outputclass.conf | 6 | ||||
-rw-r--r-- | os-access-fix-regression-in-server-interpreted-auth.patch | 30 | ||||
-rw-r--r-- | systemd-logind-dont-second-guess-D-Bus-default-tim.patch | 446 | ||||
-rw-r--r-- | systemd-logind-filter-out-non-signal-messages-from.patch | 90 | ||||
-rw-r--r-- | v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch | 23 | ||||
-rw-r--r-- | xorg-server-dev.install | 18 | ||||
-rwxr-xr-x | xvfb-run | 180 | ||||
-rw-r--r-- | xvfb-run.1 | 282 |
17 files changed, 2438 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..868cf970c3c8 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,214 @@ +pkgbase = xorg-server-dev + pkgver = 1.17.1 + pkgrel = 7 + url = http://xorg.freedesktop.org + arch = i686 + arch = x86_64 + license = custom + makedepends = pixman + makedepends = libx11 + makedepends = mesa + makedepends = libgl + makedepends = xf86driproto + makedepends = xcmiscproto + makedepends = xtrans + makedepends = bigreqsproto + makedepends = randrproto + makedepends = inputproto + makedepends = fontsproto + makedepends = videoproto + makedepends = presentproto + makedepends = compositeproto + makedepends = recordproto + makedepends = scrnsaverproto + makedepends = resourceproto + makedepends = xineramaproto + makedepends = libxkbfile + makedepends = libxfont + makedepends = renderproto + makedepends = libpciaccess + makedepends = libxv + makedepends = xf86dgaproto + makedepends = libxmu + makedepends = libxrender + makedepends = libxi + makedepends = dmxproto + makedepends = libxaw + makedepends = libdmx + makedepends = libxtst + makedepends = libxres + makedepends = xorg-xkbcomp + makedepends = xorg-util-macros + makedepends = xorg-font-util + makedepends = glproto + makedepends = dri2proto + makedepends = libgcrypt + makedepends = libepoxy + makedepends = xcb-util + makedepends = xcb-util-image + makedepends = xcb-util-renderutil + makedepends = xcb-util-wm + makedepends = xcb-util-keysyms + makedepends = dri3proto + makedepends = libxshmfence + makedepends = libunwind + source = http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.17.1.tar.bz2 + source = http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.17.1.tar.bz2.sig + source = nvidia-drm-outputclass.conf + source = xvfb-run + source = xvfb-run.1 + source = os-access-fix-regression-in-server-interpreted-auth.patch + source = v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + source = 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + source = 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + source = 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + source = 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + source = 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + source = fix-CVE-2015-3164.patch + source = systemd-logind-dont-second-guess-D-Bus-default-tim.patch + source = systemd-logind-filter-out-non-signal-messages-from.patch + source = 0001-modesetting-Fix-software-cursor-fallback.patch + sha256sums = 2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab + sha256sums = SKIP + sha256sums = af1c3d2ea5de7f6a6b5f7c60951a189a4749d1495e5462f3157ae7ac8fe1dc56 + sha256sums = ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9 + sha256sums = 2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776 + sha256sums = 8a9d76eecf8795ca645fb1ce261733965578e953f6606153ce001a0e15d036e8 + sha256sums = a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9 + sha256sums = 2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071 + sha256sums = ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90 + sha256sums = b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa + sha256sums = 3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7 + sha256sums = 416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96 + sha256sums = bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28 + sha256sums = a8b9670844d784e9a0d6880f5689bbc107e071518acdbaa8c3ce5debca6b663b + sha256sums = 97e4d5a6cfcf916889c493e232aec6f16d9447eb641bafb6e0afa9b27cfdc47e + sha256sums = a0c0dbf5fe27994d52d5892c9c7cecf72792c5fa35db57b112ee7b17980faa75 + +pkgname = xorg-server-dev + pkgdesc = Xorg X server - Bleeding edge version + install = xorg-server-dev.install + groups = xorg + depends = libepoxy + depends = libxdmcp + depends = libxfont + depends = libpciaccess + depends = libdrm + depends = pixman + depends = libgcrypt + depends = libxau + depends = xorg-server-common-dev + depends = xf86-input-evdev + depends = libxshmfence + depends = libgl + provides = X-ABI-VIDEODRV_VERSION= + provides = X-ABI-XINPUT_VERSION=21.1 + provides = X-ABI-EXTENSION_VERSION= + provides = x-server + provides = xorg-server + conflicts = nvidia-utils<=331.20 + conflicts = glamor-egl + conflicts = xf86-video-modesetting + conflicts = xorg-server + replaces = glamor-egl + replaces = xf86-video-modesetting + +pkgname = xorg-server-xephyr-dev + pkgdesc = A nested X server that runs as an X application - Bleeding edge version + depends = libxfont + depends = libgl + depends = libepoxy + depends = libgcrypt + depends = libxv + depends = pixman + depends = xorg-server-common + depends = xcb-util-image + depends = xcb-util-renderutil + depends = xcb-util-wm + depends = xcb-util-keysyms + provides = xorg-server-xephyr + conflicts = xorg-server-xephyr + +pkgname = xorg-server-xdmx-dev + pkgdesc = Distributed Multihead X Server and utilities - Bleeding edge version + depends = libxfont + depends = libxi + depends = libgcrypt + depends = libxaw + depends = libxrender + depends = libdmx + depends = libxfixes + depends = pixman + depends = xorg-server-common-dev + provides = xorg-server-xdmx + conflicts = xorg-server-xdmx + +pkgname = xorg-server-xvfb-dev + pkgdesc = Virtual framebuffer X server - Bleeding edge version + depends = libxfont + depends = libxdmcp + depends = libxau + depends = libgcrypt + depends = pixman + depends = xorg-server-common-dev + depends = xorg-xauth + depends = libgl + provides = xorg-server-xvfb + conflicts = xorg-server-xvfb + +pkgname = xorg-server-xnest-dev + pkgdesc = A nested X server that runs as an X application - Bleeding edge version + depends = libxfont + depends = libxext + depends = libgcrypt + depends = pixman + depends = xorg-server-common-dev + depends = libsystemd + provides = xorg-server-xnest + conflicts = xorg-server-xnest + +pkgname = xorg-server-xwayland-dev + pkgdesc = Run X clients under Wayland - Bleeding edge version + depends = libxfont + depends = libepoxy + depends = libgl + depends = pixman + depends = xorg-server-common-dev + provides = xorg-server-xwayland + conflicts = xorg-server-xwayland + +pkgname = xorg-server-common-dev + pkgdesc = Xorg server common files - Bleeding edge version + depends = xkeyboard-config + depends = xorg-xkbcomp + depends = xorg-setxkbmap + depends = xorg-fonts-misc + depends = libunwind + provides = xorg-server-common + conflicts = xorg-server-common + +pkgname = xorg-server-devel-dev + pkgdesc = Development files for the X.Org X server - Bleeding edge version + depends = xproto + depends = randrproto + depends = renderproto + depends = xextproto + depends = inputproto + depends = kbproto + depends = fontsproto + depends = pixman + depends = videoproto + depends = xf86driproto + depends = glproto + depends = mesa + depends = dri2proto + depends = dri3proto + depends = xineramaproto + depends = libpciaccess + depends = resourceproto + depends = scrnsaverproto + depends = presentproto + depends = xorg-util-macros + provides = xorg-server-devel + conflicts = xorg-server-devel + diff --git a/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch new file mode 100644 index 000000000000..86744f1402ea --- /dev/null +++ b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch @@ -0,0 +1,210 @@ +From e1a7f4bb5333b0271d29f785eb55f1c3273e626a Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 5 May 2015 14:18:54 +1000 +Subject: [PATCH] dix: Add unaccelerated valuators to the ValuatorMask + +Allows a mask to carry both accelerated and unaccelerated motion at the same +time. + +This is required for xf86-input-libinput where the pointer acceleration +happens in libinput already, but parts of the server, specifically raw events +and DGA rely on device-specific unaccelerated data. + +To ease integration add this as a second set to the ValuatorMask rather than +extending all APIs to carry a second, possibly NULL set of valuators. + +Note that a valuator mask should only be used in either accel/unaccel or +standard mode at any time. Switching requires either a valuator_mask_zero() +call or unsetting all valuators one-by-one. Trying to mix the two will produce +a warning. + +The server has a shortcut for changing a mask with the +valuator_mask_drop_unaccelerated() call. This saves us from having to loop +through all valuators on every event, we can just drop the bits we know we +don't want. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +--- + dix/inpututils.c | 82 +++++++++++++++++++++++++++++++++++++++--- + hw/xfree86/common/xf86Module.h | 2 +- + include/input.h | 15 ++++++++ + include/inpututils.h | 2 ++ + 4 files changed, 95 insertions(+), 6 deletions(-) + +diff --git a/dix/inpututils.c b/dix/inpututils.c +index 5c2a32d..1363988 100644 +--- a/dix/inpututils.c ++++ b/dix/inpututils.c +@@ -505,11 +505,8 @@ valuator_mask_isset(const ValuatorMask *mask, int valuator) + return mask->last_bit >= valuator && BitIsOn(mask->mask, valuator); + } + +-/** +- * Set the valuator to the given floating-point data. +- */ +-void +-valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) ++static inline void ++_valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) + { + mask->last_bit = max(valuator, mask->last_bit); + SetBit(mask->mask, valuator); +@@ -517,6 +514,17 @@ valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) + } + + /** ++ * Set the valuator to the given floating-point data. ++ */ ++void ++valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) ++{ ++ BUG_WARN_MSG(mask->has_unaccelerated, ++ "Do not mix valuator types, zero mask first\n"); ++ _valuator_mask_set_double(mask, valuator, data); ++} ++ ++/** + * Set the valuator to the given integer data. + */ + void +@@ -594,11 +602,15 @@ valuator_mask_unset(ValuatorMask *mask, int valuator) + + ClearBit(mask->mask, valuator); + mask->valuators[valuator] = 0.0; ++ mask->unaccelerated[valuator] = 0.0; + + for (i = 0; i <= mask->last_bit; i++) + if (valuator_mask_isset(mask, i)) + lastbit = max(lastbit, i); + mask->last_bit = lastbit; ++ ++ if (mask->last_bit == -1) ++ mask->has_unaccelerated = FALSE; + } + } + +@@ -611,6 +623,66 @@ valuator_mask_copy(ValuatorMask *dest, const ValuatorMask *src) + valuator_mask_zero(dest); + } + ++Bool ++valuator_mask_has_unaccelerated(const ValuatorMask *mask) ++{ ++ return mask->has_unaccelerated; ++} ++ ++void ++valuator_mask_drop_unaccelerated(ValuatorMask *mask) ++{ ++ memset(mask->unaccelerated, 0, sizeof(mask->unaccelerated)); ++ mask->has_unaccelerated = FALSE; ++} ++ ++/** ++ * Set both accelerated and unaccelerated value for this mask. ++ */ ++void ++valuator_mask_set_unaccelerated(ValuatorMask *mask, ++ int valuator, ++ double accel, ++ double unaccel) ++{ ++ BUG_WARN_MSG(mask->last_bit != -1 && !mask->has_unaccelerated, ++ "Do not mix valuator types, zero mask first\n"); ++ _valuator_mask_set_double(mask, valuator, accel); ++ mask->has_unaccelerated = TRUE; ++ mask->unaccelerated[valuator] = unaccel; ++} ++ ++double ++valuator_mask_get_accelerated(const ValuatorMask *mask, ++ int valuator) ++{ ++ return valuator_mask_get_double(mask, valuator); ++} ++ ++double ++valuator_mask_get_unaccelerated(const ValuatorMask *mask, ++ int valuator) ++{ ++ return mask->unaccelerated[valuator]; ++} ++ ++Bool ++valuator_mask_fetch_unaccelerated(const ValuatorMask *mask, ++ int valuator, ++ double *accel, ++ double *unaccel) ++{ ++ if (valuator_mask_isset(mask, valuator)) { ++ if (accel) ++ *accel = valuator_mask_get_accelerated(mask, valuator); ++ if (unaccel) ++ *unaccel = valuator_mask_get_unaccelerated(mask, valuator); ++ return TRUE; ++ } ++ else ++ return FALSE; ++} ++ + int + CountBits(const uint8_t * mask, int len) + { +diff --git a/hw/xfree86/common/xf86Module.h b/hw/xfree86/common/xf86Module.h +index e68fe9c..6133641 100644 +--- a/hw/xfree86/common/xf86Module.h ++++ b/hw/xfree86/common/xf86Module.h +@@ -81,7 +81,7 @@ typedef enum { + */ + #define ABI_ANSIC_VERSION SET_ABI_VERSION(0, 4) + #define ABI_VIDEODRV_VERSION SET_ABI_VERSION(19, 0) +-#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 0) ++#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 1) + #define ABI_EXTENSION_VERSION SET_ABI_VERSION(9, 0) + #define ABI_FONT_VERSION SET_ABI_VERSION(0, 6) + +diff --git a/include/input.h b/include/input.h +index bf22dc7..0a4c4f7 100644 +--- a/include/input.h ++++ b/include/input.h +@@ -674,6 +674,21 @@ extern _X_EXPORT Bool valuator_mask_fetch(const ValuatorMask *mask, + extern _X_EXPORT Bool valuator_mask_fetch_double(const ValuatorMask *mask, + int valnum, double *val); + ++extern _X_EXPORT Bool valuator_mask_has_unaccelerated(const ValuatorMask *mask); ++extern _X_EXPORT void valuator_mask_set_unaccelerated(ValuatorMask *mask, ++ int valuator, ++ double accel, ++ double unaccel); ++extern _X_EXPORT double valuator_mask_get_accelerated(const ValuatorMask *mask, ++ int valuator); ++extern _X_EXPORT double valuator_mask_get_unaccelerated(const ValuatorMask *mask, ++ int valuator); ++extern _X_EXPORT Bool valuator_mask_fetch_unaccelerated(const ValuatorMask *mask, ++ int valuator, ++ double *accel, ++ double *unaccel); ++extern _X_HIDDEN void valuator_mask_drop_unaccelerated(ValuatorMask *mask); ++ + /* InputOption handling interface */ + extern _X_EXPORT InputOption *input_option_new(InputOption *list, + const char *key, +diff --git a/include/inpututils.h b/include/inpututils.h +index 53c96ba..4e90815 100644 +--- a/include/inpututils.h ++++ b/include/inpututils.h +@@ -36,8 +36,10 @@ extern Mask event_filters[MAXDEVICES][MAXEVENTS]; + + struct _ValuatorMask { + int8_t last_bit; /* highest bit set in mask */ ++ int8_t has_unaccelerated; + uint8_t mask[(MAX_VALUATORS + 7) / 8]; + double valuators[MAX_VALUATORS]; /* valuator data */ ++ double unaccelerated[MAX_VALUATORS]; /* valuator data */ + }; + + extern void verify_internal_event(const InternalEvent *ev); +-- +2.4.1 + diff --git a/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch b/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch new file mode 100644 index 000000000000..75e5bb92f8ef --- /dev/null +++ b/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch @@ -0,0 +1,47 @@ +From 0a78b599b34cc8b5fe6fe82f90e90234e8ab7a56 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=BCrg=20Billeter?= <j@bitron.ch> +Date: Sat, 7 Feb 2015 18:13:21 +0100 +Subject: [PATCH] int10: Fix error check for pci_device_map_legacy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pci_device_map_legacy returns 0 on success. + +Signed-off-by: Jürg Billeter <j@bitron.ch> +Reviewed-by: Adam Jackson <ajax@redhat.com> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + hw/xfree86/int10/generic.c | 2 +- + hw/xfree86/os-support/linux/int10/linux.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c +index 012d194..8d5c4da 100644 +--- a/hw/xfree86/int10/generic.c ++++ b/hw/xfree86/int10/generic.c +@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len) + { + void *map; + +- if (!pci_device_map_legacy(dev, 0, len, 0, &map)) ++ if (pci_device_map_legacy(dev, 0, len, 0, &map)) + return FALSE; + + memcpy(buf, map, len); +diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c +index 79b9a88..6ca118f 100644 +--- a/hw/xfree86/os-support/linux/int10/linux.c ++++ b/hw/xfree86/os-support/linux/int10/linux.c +@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int base, int len) + { + void *map; + +- if (!pci_device_map_legacy(dev, base, len, 0, &map)) ++ if (pci_device_map_legacy(dev, base, len, 0, &map)) + return FALSE; + + memcpy(buf, map, len); +-- +2.3.2 + diff --git a/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch b/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch new file mode 100644 index 000000000000..668ae21ba31b --- /dev/null +++ b/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch @@ -0,0 +1,42 @@ +From 41932dfbc841a1adc6512d41085ea3f8ebecb42c Mon Sep 17 00:00:00 2001 +From: Keith Packard <keithp@keithp.com> +Date: Wed, 8 Apr 2015 07:45:28 -0700 +Subject: [PATCH] mi: Partial pie-slice filled arcs may need more space for + spans + +The mi filled arc code estimates that a filled arc will produce no +more spans than the arc is tall. This is true for most arcs except +for pie-slice arcs strictly between 180 and 360 degrees where the missing +portion of the arc faces up or down such that we get two spans on some +scanlines. + +For those, we need to reserve room for another height/2 spans. This +patch just does it for all partial pie-sliced arcs to make the test +easier to understand; it's just over-allocating a bit of memory, so +that's safe. + +Signed-off-by: Keith Packard <keithp@keithp.com> +Reviewed-by: Adam Jackson <ajax@redhat.com> +--- + mi/mifillarc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/mi/mifillarc.c b/mi/mifillarc.c +index 246d70f..888519e 100644 +--- a/mi/mifillarc.c ++++ b/mi/mifillarc.c +@@ -660,6 +660,11 @@ miPolyFillArc(DrawablePtr pDraw, GCPtr pGC, int narcs_all, xArc * parcs) + if (narcs && nspans + arc->height > MAX_SPANS_PER_LOOP) + break; + nspans += arc->height; ++ ++ /* A pie-slice arc may add another pile of spans */ ++ if (pGC->arcMode == ArcPieSlice && ++ (-FULLCIRCLE < arc->angle2 && arc->angle2 < FULLCIRCLE)) ++ nspans += (arc->height + 1) >> 1; + } + + pts = points = malloc (sizeof (DDXPointRec) * nspans + +-- +2.3.5 + diff --git a/0001-modesetting-Fix-software-cursor-fallback.patch b/0001-modesetting-Fix-software-cursor-fallback.patch new file mode 100644 index 000000000000..ffb08756cf06 --- /dev/null +++ b/0001-modesetting-Fix-software-cursor-fallback.patch @@ -0,0 +1,42 @@ +From 63e4f22d5fe3d4247cb48c969b5f7f2690665d78 Mon Sep 17 00:00:00 2001 +From: Adel Gadllah <adel.gadllah@gmail.com> +Date: Fri, 1 May 2015 17:21:12 +0200 +Subject: [PATCH] modesetting: Fix software cursor fallback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The code in drmmode_set_cursor does not properly handle the case where +drmModeSetCursor2 returns any other error than EINVAL and silently fails to set +a cursor. + +So only return when the drmModeSetCursor2 succeeds (i.e returns 0) and disable +the cursor2 usage on EINVAL. + +References: https://bugzilla.redhat.com/show_bug.cgi?id=1205725 +Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com> +Reviewed-by: Michel Dänzer <michel@daenzer.net> +--- + hw/xfree86/drivers/modesetting/drmmode_display.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c +index 824500b..912abda 100644 +--- a/hw/xfree86/drivers/modesetting/drmmode_display.c ++++ b/hw/xfree86/drivers/modesetting/drmmode_display.c +@@ -396,10 +396,10 @@ drmmode_set_cursor(xf86CrtcPtr crtc) + drmModeSetCursor2(drmmode->fd, drmmode_crtc->mode_crtc->crtc_id, + handle, ms->cursor_width, ms->cursor_height, + cursor->bits->xhot, cursor->bits->yhot); ++ if (!ret) ++ return; + if (ret == -EINVAL) + use_set_cursor2 = FALSE; +- else +- return; + } + + ret = drmModeSetCursor(drmmode->fd, drmmode_crtc->mode_crtc->crtc_id, handle, +-- +2.1.0 + diff --git a/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch new file mode 100644 index 000000000000..0e0b20df6fc9 --- /dev/null +++ b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch @@ -0,0 +1,51 @@ +From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001 +From: Hans de Goede <hdegoede@redhat.com> +Date: Wed, 11 Feb 2015 16:26:40 +0100 +Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5. + +gcc5's cpp inserts patterns like this: + +extern + __attribute__((visibility("default"))) + int WaitForSomething(int * + ); + +This patch make sdksyms.sh work with this. Note my awk skills are weak, so +there likely is a better way to deal with this. + +Signed-off-by: Hans de Goede <hdegoede@redhat.com> +--- + hw/xfree86/sdksyms.sh | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh +index 2305073..99b0cae 100755 +--- a/hw/xfree86/sdksyms.sh ++++ b/hw/xfree86/sdksyms.sh +@@ -350,6 +350,23 @@ BEGIN { + if (sdk) { + n = 3; + ++ # detect the following gcc5 cpp pattern and skip it: ++ # extern ++ # # 320 "../../include/os.h" 3 4 ++ # __attribute__((visibility("default"))) ++ # # 320 "../../include/os.h" ++ # Note in this case the "extern " or "extern void " always has ++ # a trailing space ++ if ($0 ~ "^extern.* $") { ++ getline; ++ getline; ++ getline; ++ getline; ++ n = 1; ++ while ($n == " ") ++ n++; ++ } ++ + # skip attribute, if any + while ($n ~ /^(__attribute__|__global)/ || + # skip modifiers, if any +-- +2.1.0 + diff --git a/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch new file mode 100644 index 000000000000..6b8b1e5b5d73 --- /dev/null +++ b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch @@ -0,0 +1,134 @@ +From 7504fbd2239257f1a00a1a15d02862eea81f167c Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 5 May 2015 14:48:41 +1000 +Subject: [PATCH] dix: hook up the unaccelerated valuator masks + +If present, access the unaccelerated valuator mask values for DGA and XI2 raw +events. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +--- + dix/getevents.c | 31 ++++++++++++++++++++++--------- + hw/xfree86/common/xf86Xinput.c | 4 ++++ + 2 files changed, 26 insertions(+), 9 deletions(-) + +diff --git a/dix/getevents.c b/dix/getevents.c +index 6fb12c5..64bf76e 100644 +--- a/dix/getevents.c ++++ b/dix/getevents.c +@@ -213,14 +213,25 @@ init_raw(DeviceIntPtr dev, RawDeviceEvent *event, Time ms, int type, int detail) + } + + static void +-set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, double *data) ++set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, ++ BOOL use_unaccel, double *data) + { + int i; + ++ use_unaccel = use_unaccel && valuator_mask_has_unaccelerated(mask); ++ + for (i = 0; i < valuator_mask_size(mask); i++) { + if (valuator_mask_isset(mask, i)) { ++ double v; ++ + SetBit(event->valuators.mask, i); +- data[i] = valuator_mask_get_double(mask, i); ++ ++ if (use_unaccel) ++ v = valuator_mask_get_unaccelerated(mask, i); ++ else ++ v = valuator_mask_get_double(mask, i); ++ ++ data[i] = v; + } + } + } +@@ -1138,11 +1149,11 @@ GetKeyboardEvents(InternalEvent *events, DeviceIntPtr pDev, int type, + valuator_mask_copy(&mask, mask_in); + + init_raw(pDev, raw, ms, type, key_code); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + + clipValuators(pDev, &mask); + +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + event = &events->device_event; + init_device_event(event, pDev, ms); +@@ -1423,9 +1434,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + num_events++; + + init_raw(pDev, raw, ms, type, buttons); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + } + ++ valuator_mask_drop_unaccelerated(&mask); ++ + /* valuators are in driver-native format (rel or abs) */ + + if (flags & POINTER_ABSOLUTE) { +@@ -1438,7 +1451,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + transformAbsolute(pDev, &mask); + clipAbsolute(pDev, &mask); + if ((flags & POINTER_NORAW) == 0 && raw) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + } + else { + transformRelative(pDev, &mask); +@@ -1446,7 +1459,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + if (flags & POINTER_ACCELERATE) + accelPointer(pDev, &mask, ms); + if ((flags & POINTER_NORAW) == 0 && raw) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + moveRelative(pDev, flags, &mask); + } +@@ -1951,7 +1964,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid, + events++; + num_events++; + init_raw(dev, raw, ms, type, client_id); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + } + + event = &events->device_event; +@@ -2013,7 +2026,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid, + screeny = dev->spriteInfo->sprite->hotPhys.y; + } + if (need_rawevent) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + /* Indirect device touch coordinates are not used for cursor positioning. + * They are merely informational, and are provided in device coordinates. +diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c +index 1fb5b16..5ce4c71 100644 +--- a/hw/xfree86/common/xf86Xinput.c ++++ b/hw/xfree86/common/xf86Xinput.c +@@ -1137,12 +1137,16 @@ xf86CheckMotionEvent4DGA(DeviceIntPtr device, int is_absolute, + dx = valuator_mask_get(mask, 0); + if (is_absolute) + dx -= device->last.valuators[0]; ++ else if (valuator_mask_has_unaccelerated(mask)) ++ dx = valuator_mask_get_unaccelerated(mask, 0); + } + + if (valuator_mask_isset(mask, 1)) { + dy = valuator_mask_get(mask, 1); + if (is_absolute) + dy -= device->last.valuators[1]; ++ else if (valuator_mask_has_unaccelerated(mask)) ++ dy = valuator_mask_get_unaccelerated(mask, 1); + } + + if (DGAStealMotionEvent(device, idx, dx, dy)) +-- +2.4.1 + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..01e7f3e8bc86 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,312 @@ +# Maintainer: Det <nimetonmaili g-mail> +# Based on [testing]'s xorg-server + +_pkgbase=xorg-server +pkgname=('xorg-server-dev' 'xorg-server-xephyr-dev' 'xorg-server-xdmx-dev' 'xorg-server-xvfb-dev' 'xorg-server-xnest-dev' 'xorg-server-xwayland-dev' 'xorg-server-common-dev' 'xorg-server-devel-dev') +pkgver=1.17.1 # http://lists.x.org/archives/xorg/2015-February/057159.html +pkgrel=7 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild +arch=('i686' 'x86_64') +license=('custom') +url="http://xorg.freedesktop.org" +makedepends=('pixman' 'libx11' 'mesa' 'libgl' 'xf86driproto' 'xcmiscproto' 'xtrans' 'bigreqsproto' 'randrproto' + 'inputproto' 'fontsproto' 'videoproto' 'presentproto' 'compositeproto' 'recordproto' 'scrnsaverproto' + 'resourceproto' 'xineramaproto' 'libxkbfile' 'libxfont' 'renderproto' 'libpciaccess' 'libxv' + 'xf86dgaproto' 'libxmu' 'libxrender' 'libxi' 'dmxproto' 'libxaw' 'libdmx' 'libxtst' 'libxres' + 'xorg-xkbcomp' 'xorg-util-macros' 'xorg-font-util' 'glproto' 'dri2proto' 'libgcrypt' 'libepoxy' + 'xcb-util' 'xcb-util-image' 'xcb-util-renderutil' 'xcb-util-wm' 'xcb-util-keysyms' 'dri3proto' + 'libxshmfence' 'libunwind') +source=(${url}/releases/individual/xserver/${_pkgbase}-${pkgver}.tar.bz2{,.sig} + nvidia-drm-outputclass.conf + xvfb-run + xvfb-run.1 + os-access-fix-regression-in-server-interpreted-auth.patch + v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + fix-CVE-2015-3164.patch + systemd-logind-dont-second-guess-D-Bus-default-tim.patch + systemd-logind-filter-out-non-signal-messages-from.patch + 0001-modesetting-Fix-software-cursor-fallback.patch) +validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C' + 'C383B778255613DFDB409D91DB221A6900000011') +sha256sums=('2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab' + 'SKIP' + 'af1c3d2ea5de7f6a6b5f7c60951a189a4749d1495e5462f3157ae7ac8fe1dc56' + 'ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9' + '2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776' + '8a9d76eecf8795ca645fb1ce261733965578e953f6606153ce001a0e15d036e8' + 'a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9' + '2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071' + 'ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90' + 'b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa' + '3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7' + '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96' + 'bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28' + 'a8b9670844d784e9a0d6880f5689bbc107e071518acdbaa8c3ce5debca6b663b' + '97e4d5a6cfcf916889c493e232aec6f16d9447eb641bafb6e0afa9b27cfdc47e' + 'a0c0dbf5fe27994d52d5892c9c7cecf72792c5fa35db57b112ee7b17980faa75') + +prepare() { + cd "${_pkgbase}-${pkgver}" + + msg2 "fix FS#43884, merged upstream" + patch -Np1 -i ../os-access-fix-regression-in-server-interpreted-auth.patch + + msg2 "partially fix FS#43867, merged upstream" + patch -Np1 -i ../v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + + msg2 "fix FS#43924, merged upstream" + patch -Np1 -i ../0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + + msg2 "fix FS#43937, merged upstream" + patch -Np1 -i ../0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + + msg2 "fix FS#45245, merged upstream" + patch -Np1 -i ../0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + + msg2 "fix FS#45229, merged upstream" + patch -Np1 -i ../0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + patch -Np1 -i ../0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + + msg2 "fix CVE-2015-3164, merged upstream" + patch -Np1 -i ../fix-CVE-2015-3164.patch + + msg2 "fix FS#44304, merged upstream" + patch -Np1 -i ../systemd-logind-filter-out-non-signal-messages-from.patch + patch -Np1 -i ../systemd-logind-dont-second-guess-D-Bus-default-tim.patch + + msg2 "fix software cursor fallback (possible fix for FS#44602)" + patch -Np1 -i ../0001-modesetting-Fix-software-cursor-fallback.patch +} + +build() { + cd "${_pkgbase}-${pkgver}" + + msg2 "Starting autoreconf..." + autoreconf -fi + + msg2 "Starting ./configure..." + ./configure --prefix=/usr \ + --enable-ipv6 \ + --enable-dri \ + --enable-dmx \ + --enable-xvfb \ + --enable-xnest \ + --enable-composite \ + --enable-xcsecurity \ + --enable-libunwind \ + --enable-xorg \ + --enable-xephyr \ + --enable-glamor \ + --enable-xwayland \ + --enable-glx-tls \ + --enable-kdrive \ + --enable-kdrive-evdev \ + --enable-kdrive-kbd \ + --enable-kdrive-mouse \ + --enable-config-udev \ + --enable-systemd-logind \ + --enable-suid-wrapper \ + --disable-install-setuid \ + --enable-record \ + --disable-xfbdev \ + --disable-xfake \ + --disable-static \ + --libexecdir=/usr/lib/xorg-server \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --with-xkb-path=/usr/share/X11/xkb \ + --with-xkb-output=/var/lib/xkb \ + --with-fontrootdir=/usr/share/fonts \ + --with-sha1=libgcrypt + +# --without-dtrace \ +# --disable-linux-acpi --disable-linux-apm \ + + msg2 "Starting make..." + make + + # Disable subdirs for make install rule to make splitting easier + sed -e 's/^DMX_SUBDIRS =.*/DMX_SUBDIRS =/' \ + -e 's/^XVFB_SUBDIRS =.*/XVFB_SUBDIRS =/' \ + -e 's/^XNEST_SUBDIRS =.*/XNEST_SUBDIRS = /' \ + -e 's/^KDRIVE_SUBDIRS =.*/KDRIVE_SUBDIRS =/' \ + -e 's/^XWAYLAND_SUBDIRS =.*/XWAYLAND_SUBDIRS =/' \ + -i hw/Makefile +} + +package_xorg-server-common-dev() { + pkgdesc="Xorg server common files - Bleeding edge version" + depends=('xkeyboard-config' 'xorg-xkbcomp' 'xorg-setxkbmap' 'xorg-fonts-misc' + 'libunwind') + provides=('xorg-server-common') + conflicts=('xorg-server-common') + + cd "${_pkgbase}-${pkgver}" + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-common" + install -m644 COPYING "${pkgdir}/usr/share/licenses/xorg-server-common" + + msg2 "Starting make install-data..." + make -C xkb DESTDIR="${pkgdir}" install-data + + install -m755 -d "${pkgdir}/usr/share/man/man1" + install -m644 man/Xserver.1 "${pkgdir}/usr/share/man/man1/" + + install -m755 -d "${pkgdir}/usr/lib/xorg" + install -m644 dix/protocol.txt "${pkgdir}/usr/lib/xorg/" +} + +package_xorg-server-dev() { + pkgdesc="Xorg X server - Bleeding edge version" + depends=(libepoxy libxdmcp libxfont libpciaccess libdrm pixman libgcrypt libxau xorg-server-common-dev xf86-input-evdev libxshmfence libgl) + # see src/xorg-server-*/hw/xfree86/common/xf86Module.h for ABI versions - we provide major numbers that drivers can depend on + # and /usr/lib/pkgconfig/xorg-server.pc in xorg-server-devel-dev pkg + _ABI_VIDEODRV="$(grep -Po "VIDEODRV_V.*\(\K[^)]*" ${_pkgbase}-${pkgver}/hw/xfree86/common/xf86Module.h | sed "s/, /./")" + _ABI_XINPUT="$(grep -Po "XINPUT_V.*\(\K[^)]*" ${_pkgbase}-${pkgver}/hw/xfree86/common/xf86Module.h | sed "s/, /./")" + _ABI_EXTENSION="$(grep -Po "EXTENSION_V.*\(\K[^)]*" ${_pkgbase}-${pkgver}/hw/xfree86/common/xf86Module.h | sed "s/, /./")" + provides=("X-ABI-VIDEODRV_VERSION=$_ABI_VIDEODRV" + #"X-ABI-XINPUT_VERSION=$_ABI_XINPUT" + 'X-ABI-XINPUT_VERSION=21.1' + "X-ABI-EXTENSION_VERSION=$_ABI_EXTENSION" + 'x-server' 'xorg-server') + groups=('xorg') + conflicts=('nvidia-utils<=331.20' 'glamor-egl' 'xf86-video-modesetting' 'xorg-server') + replaces=('glamor-egl' 'xf86-video-modesetting') + install=xorg-server-dev.install + + cd "${_pkgbase}-${pkgver}" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + # distro specific files must be installed in /usr/share/X11/xorg.conf.d + install -m755 -d "${pkgdir}/etc/X11/xorg.conf.d" + install -m644 "${srcdir}/nvidia-drm-outputclass.conf" "${pkgdir}/usr/share/X11/xorg.conf.d/" + + # Needed for non-mesa drivers, libgl will restore it + mv "${pkgdir}/usr/lib/xorg/modules/extensions/libglx.so" \ + "${pkgdir}/usr/lib/xorg/modules/extensions/libglx.xorg" + + rm -rf "${pkgdir}/var" + + rm -f "${pkgdir}/usr/share/man/man1/Xserver.1" + rm -f "${pkgdir}/usr/lib/xorg/protocol.txt" + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server/COPYING" + + rm -rf "${pkgdir}/usr/lib/pkgconfig" + rm -rf "${pkgdir}/usr/include" + rm -rf "${pkgdir}/usr/share/aclocal" +} + +package_xorg-server-xephyr-dev() { + pkgdesc="A nested X server that runs as an X application - Bleeding edge version" + depends=(libxfont libgl libepoxy libgcrypt libxv pixman xorg-server-common 'xcb-util-image' + 'xcb-util-renderutil' 'xcb-util-wm' 'xcb-util-keysyms') + provides=(xorg-server-xephyr) + conflicts=(xorg-server-xephyr) + + cd "${_pkgbase}-${pkgver}/hw/kdrive" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-xephyr" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server-xephyr/COPYING" +} + +package_xorg-server-xvfb-dev() { + pkgdesc="Virtual framebuffer X server - Bleeding edge version" + depends=(libxfont libxdmcp libxau libgcrypt pixman xorg-server-common-dev xorg-xauth libgl) + provides=(xorg-server-xvfb) + conflicts=(xorg-server-xvfb) + + cd "${_pkgbase}-${pkgver}/hw/vfb" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + install -m755 "${srcdir}/xvfb-run" "${pkgdir}/usr/bin/" + install -m644 "${srcdir}/xvfb-run.1" "${pkgdir}/usr/share/man/man1/" + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-xvfb" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server-xvfb/COPYING" +} + +package_xorg-server-xnest-dev() { + pkgdesc="A nested X server that runs as an X application - Bleeding edge version" + depends=(libxfont libxext libgcrypt pixman xorg-server-common-dev libsystemd) + provides=(xorg-server-xnest) + conflicts=(xorg-server-xnest) + + cd "${_pkgbase}-${pkgver}/hw/xnest" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-xnest" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server-xnest/COPYING" +} + +package_xorg-server-xdmx-dev() { + pkgdesc="Distributed Multihead X Server and utilities - Bleeding edge version" + depends=(libxfont libxi libgcrypt libxaw libxrender libdmx libxfixes pixman xorg-server-common-dev) + provides=(xorg-server-xdmx) + conflicts=(xorg-server-xdmx) + + cd "${_pkgbase}-${pkgver}/hw/dmx" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-xdmx" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server-xdmx/COPYING" +} + +package_xorg-server-xwayland-dev() { + pkgdesc="Run X clients under Wayland - Bleeding edge version" + depends=(libxfont libepoxy libgl pixman xorg-server-common-dev) + provides=(xorg-server-xwayland) + conflicts=(xorg-server-xwayland) + + cd "${_pkgbase}-${pkgver}/hw/xwayland" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-xwayland" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server-xwayland/COPYING" +} + +package_xorg-server-devel-dev() { + pkgdesc="Development files for the X.Org X server - Bleeding edge version" + depends=(# see pkgdir/usr/lib/pkgconfig/xorg-server.pc + xproto randrproto renderproto xextproto inputproto kbproto + fontsproto pixman videoproto xf86driproto glproto + mesa dri2proto dri3proto xineramaproto libpciaccess + resourceproto scrnsaverproto presentproto + # not technically required but almost every Xorg pkg needs it to build + xorg-util-macros) + provides=(xorg-server-devel) + conflicts=(xorg-server-devel) + + cd "${_pkgbase}-${pkgver}" + + msg2 "Starting make install..." + make DESTDIR="${pkgdir}" install + + rm -rf "${pkgdir}/usr/bin" + rm -rf "${pkgdir}/usr/share/man" + rm -rf "${pkgdir}/usr/share/doc" + rm -rf "${pkgdir}/usr/share/X11" + rm -rf "${pkgdir}/usr/lib/xorg" + rm -rf "${pkgdir}/usr/lib/xorg-server" + rm -rf "${pkgdir}/var" + + install -m755 -d "${pkgdir}/usr/share/licenses/xorg-server-devel-dev" + ln -sf ../xorg-server-common/COPYING "${pkgdir}/usr/share/licenses/xorg-server-devel-dev/COPYING" +} diff --git a/fix-CVE-2015-3164.patch b/fix-CVE-2015-3164.patch new file mode 100644 index 000000000000..e2ee1297323d --- /dev/null +++ b/fix-CVE-2015-3164.patch @@ -0,0 +1,311 @@ +From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:42 -0400 +Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] + +Xwayland currently allows wide-open access to the X sockets +it listens on, ignoring Xauth access control. + +This commit makes sure to enable access control on the sockets, +so one user can't snoop on another user's X-over-wayland +applications. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index 7e8d667..c5bee77 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) + int i; + + for (i = 0; i < xwl_screen->listen_fd_count; i++) +- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); ++ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); + } + + static void +-- +cgit v0.10.2 +From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:43 -0400 +Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] + +If the X server is started without a '-auth' argument, then +it gets started wide open to all local users on the system. + +This isn't a great default access model, but changing it in +Xorg at this point would break backward compatibility. + +Xwayland, on the other hand is new, and much more targeted +in scope. It could, in theory, be changed to allow the much +more secure default of a "user who started X server can connect +clients to that server." + +This commit paves the way for that change, by adding a mechanism +for DDXs to opt-in to that behavior. They merely need to call + +LocalAccessScopeUser() + +in their init functions. + +A subsequent commit will add that call for Xwayland. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/include/os.h b/include/os.h +index 6638c84..b2b96c8 100644 +--- a/include/os.h ++++ b/include/os.h +@@ -431,11 +431,28 @@ extern _X_EXPORT void + ResetHosts(const char *display); + + extern _X_EXPORT void ++EnableLocalAccess(void); ++ ++extern _X_EXPORT void ++DisableLocalAccess(void); ++ ++extern _X_EXPORT void + EnableLocalHost(void); + + extern _X_EXPORT void + DisableLocalHost(void); + ++#ifndef NO_LOCAL_CLIENT_CRED ++extern _X_EXPORT void ++EnableLocalUser(void); ++ ++extern _X_EXPORT void ++DisableLocalUser(void); ++ ++extern _X_EXPORT void ++LocalAccessScopeUser(void); ++#endif ++ + extern _X_EXPORT void + AccessUsingXdmcp(void); + +diff --git a/os/access.c b/os/access.c +index 8fa028e..75e7a69 100644 +--- a/os/access.c ++++ b/os/access.c +@@ -102,6 +102,10 @@ SOFTWARE. + #include <sys/ioctl.h> + #include <ctype.h> + ++#ifndef NO_LOCAL_CLIENT_CRED ++#include <pwd.h> ++#endif ++ + #if defined(TCPCONN) || defined(STREAMSCONN) + #include <netinet/in.h> + #endif /* TCPCONN || STREAMSCONN */ +@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; + static int LocalHostRequested = FALSE; + static int UsingXdmcp = FALSE; + ++static enum { ++ LOCAL_ACCESS_SCOPE_HOST = 0, ++#ifndef NO_LOCAL_CLIENT_CRED ++ LOCAL_ACCESS_SCOPE_USER, ++#endif ++} LocalAccessScope; ++ + /* FamilyServerInterpreted implementation */ + static Bool siAddrMatch(int family, void *addr, int len, HOST * host, + ClientPtr client); +@@ -237,6 +248,21 @@ static void siTypesInitialize(void); + */ + + void ++EnableLocalAccess(void) ++{ ++ switch (LocalAccessScope) { ++ case LOCAL_ACCESS_SCOPE_HOST: ++ EnableLocalHost(); ++ break; ++#ifndef NO_LOCAL_CLIENT_CRED ++ case LOCAL_ACCESS_SCOPE_USER: ++ EnableLocalUser(); ++ break; ++#endif ++ } ++} ++ ++void + EnableLocalHost(void) + { + if (!UsingXdmcp) { +@@ -249,6 +275,21 @@ EnableLocalHost(void) + * called when authorization is enabled to keep us secure + */ + void ++DisableLocalAccess(void) ++{ ++ switch (LocalAccessScope) { ++ case LOCAL_ACCESS_SCOPE_HOST: ++ DisableLocalHost(); ++ break; ++#ifndef NO_LOCAL_CLIENT_CRED ++ case LOCAL_ACCESS_SCOPE_USER: ++ DisableLocalUser(); ++ break; ++#endif ++ } ++} ++ ++void + DisableLocalHost(void) + { + HOST *self; +@@ -262,6 +303,74 @@ DisableLocalHost(void) + } + } + ++#ifndef NO_LOCAL_CLIENT_CRED ++static int GetLocalUserAddr(char **addr) ++{ ++ static const char *type = "localuser"; ++ static const char delimiter = '\0'; ++ static const char *value; ++ struct passwd *pw; ++ int length = -1; ++ ++ pw = getpwuid(getuid()); ++ ++ if (pw == NULL || pw->pw_name == NULL) ++ goto out; ++ ++ value = pw->pw_name; ++ ++ length = asprintf(addr, "%s%c%s", type, delimiter, value); ++ ++ if (length == -1) { ++ goto out; ++ } ++ ++ /* Trailing NUL */ ++ length++; ++ ++out: ++ return length; ++} ++ ++void ++EnableLocalUser(void) ++{ ++ char *addr = NULL; ++ int length = -1; ++ ++ length = GetLocalUserAddr(&addr); ++ ++ if (length == -1) ++ return; ++ ++ NewHost(FamilyServerInterpreted, addr, length, TRUE); ++ ++ free(addr); ++} ++ ++void ++DisableLocalUser(void) ++{ ++ char *addr = NULL; ++ int length = -1; ++ ++ length = GetLocalUserAddr(&addr); ++ ++ if (length == -1) ++ return; ++ ++ RemoveHost(NULL, FamilyServerInterpreted, length, addr); ++ ++ free(addr); ++} ++ ++void ++LocalAccessScopeUser(void) ++{ ++ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER; ++} ++#endif ++ + /* + * called at init time when XDMCP will be used; xdmcp always + * adds local hosts manually when needed +diff --git a/os/auth.c b/os/auth.c +index 5fcb538..7da6fc6 100644 +--- a/os/auth.c ++++ b/os/auth.c +@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, + + /* + * If the authorization file has at least one entry for this server, +- * disable local host access. (loadauth > 0) ++ * disable local access. (loadauth > 0) + * + * If there are zero entries (either initially or when the + * authorization file is later reloaded), or if a valid +- * authorization file was never loaded, enable local host access. ++ * authorization file was never loaded, enable local access. + * (loadauth == 0 || !loaded) + * + * If the authorization file was loaded initially (with valid +@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, + */ + + if (loadauth > 0) { +- DisableLocalHost(); /* got at least one */ ++ DisableLocalAccess(); /* got at least one */ + loaded = TRUE; + } + else if (loadauth == 0 || !loaded) +- EnableLocalHost(); ++ EnableLocalAccess(); + } + if (name_length) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { +-- +cgit v0.10.2 +From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:44 -0400 +Subject: xwayland: default to local user if no xauth file given. + [CVE-2015-3164 3/3] + +Right now if "-auth" isn't passed on the command line, we let +any user on the system connect to the Xwayland server. + +That's clearly suboptimal, given Xwayland is generally designed +to be used by one user at a time. + +This commit changes the behavior, so only the user who started the +X server can connect clients to it. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index c5bee77..bc92beb 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) + if (AddScreen(xwl_screen_init, argc, argv) == -1) { + FatalError("Couldn't add screen\n"); + } ++ ++ LocalAccessScopeUser(); + } +-- +cgit v0.10.2 + diff --git a/nvidia-drm-outputclass.conf b/nvidia-drm-outputclass.conf new file mode 100644 index 000000000000..40c1e08b5f41 --- /dev/null +++ b/nvidia-drm-outputclass.conf @@ -0,0 +1,6 @@ +Section "OutputClass" + Identifier "nvidia" + MatchDriver "nvidia-drm" + Driver "nvidia" +EndSection + diff --git a/os-access-fix-regression-in-server-interpreted-auth.patch b/os-access-fix-regression-in-server-interpreted-auth.patch new file mode 100644 index 000000000000..b96bb7a31743 --- /dev/null +++ b/os-access-fix-regression-in-server-interpreted-auth.patch @@ -0,0 +1,30 @@ +diff --git a/os/access.c b/os/access.c +index 28f2d32..fe6e831 100644 +--- a/os/access.c ++++ b/os/access.c +@@ -1390,14 +1390,23 @@ InvalidHost(register struct sockaddr *saddr, int len, ClientPtr client) + else + return 0; + } ++ ++ /* An empty address requires both a NULL addr *and* a zero length ++ * as the address comparison functions call memcmp with both ++ * parameters. Make sure they agree here ++ */ ++ if (addr == NULL) ++ len = 0; ++ if (len == 0) ++ addr = NULL; + for (host = validhosts; host; host = host->next) { + if (host->family == FamilyServerInterpreted) { +- if (addr && siAddrMatch(family, addr, len, host, client)) { ++ if (siAddrMatch(family, addr, len, host, client)) { + return 0; + } + } + else { +- if (addr && addrEqual(family, addr, len, host)) ++ if (addrEqual(family, addr, len, host)) + return 0; + } + diff --git a/systemd-logind-dont-second-guess-D-Bus-default-tim.patch b/systemd-logind-dont-second-guess-D-Bus-default-tim.patch new file mode 100644 index 000000000000..0245211ad198 --- /dev/null +++ b/systemd-logind-dont-second-guess-D-Bus-default-tim.patch @@ -0,0 +1,446 @@ +From 89250c82a01062775f8f840737a757125138fbce Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Fri, 10 Apr 2015 14:19:50 -0400 +Subject: [PATCH] systemd-logind: don't second guess D-Bus default timeout + +At the moment, the X server uses a non-default timeout for D-Bus +messages to systemd-logind. The only timeouts normally used with +D-Bus are: + +1) Infinite +2) Default + +Anything else is just as arbitrary as Default, and so rarely makes +sense to use instead of Default. + +Put another way, there's little reason to be fault tolerant against +a local root running daemon (logind), that in some configurations, the +X server already depends on for proper functionality. + +This commit changes systemd-logind to just use the default timeouts. + +https://bugzilla.redhat.com/show_bug.cgi?id=1209347 +--- + hw/xfree86/os-support/linux/systemd-logind.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c +index 57c87c0..4ad41a3 100644 +--- a/hw/xfree86/os-support/linux/systemd-logind.c ++++ b/hw/xfree86/os-support/linux/systemd-logind.c +@@ -13,62 +13,60 @@ + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + * Author: Hans de Goede <hdegoede@redhat.com> + */ + + #ifdef HAVE_XORG_CONFIG_H + #include <xorg-config.h> + #endif + + #include <dbus/dbus.h> + #include <string.h> + #include <sys/types.h> + #include <unistd.h> + + #include "os.h" + #include "dbus-core.h" + #include "xf86.h" + #include "xf86platformBus.h" + #include "xf86Xinput.h" + + #include "systemd-logind.h" + +-#define DBUS_TIMEOUT 500 /* Wait max 0.5 seconds */ +- + struct systemd_logind_info { + DBusConnection *conn; + char *session; + Bool active; + Bool vt_active; + }; + + static struct systemd_logind_info logind_info; + + static InputInfoPtr + systemd_logind_find_info_ptr_by_devnum(InputInfoPtr start, + int major, int minor) + { + InputInfoPtr pInfo; + + for (pInfo = start; pInfo; pInfo = pInfo->next) + if (pInfo->major == major && pInfo->minor == minor && + (pInfo->flags & XI86_SERVER_FD)) + return pInfo; + + return NULL; + } + + static void + systemd_logind_set_input_fd_for_all_devs(int major, int minor, int fd, + Bool enable) + { + InputInfoPtr pInfo; + + pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor); +@@ -103,61 +101,61 @@ systemd_logind_take_fd(int _major, int _minor, const char *path, + if (strstr(path, "mouse")) + return -1; + + /* Check if we already have an InputInfo entry with this major, minor + * (shared device-nodes happen ie with Wacom tablets). */ + pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor); + if (pInfo) { + LogMessage(X_INFO, "systemd-logind: returning pre-existing fd for %s %u:%u\n", + path, major, minor); + *paused_ret = FALSE; + return pInfo->fd; + } + + dbus_error_init(&error); + + msg = dbus_message_new_method_call("org.freedesktop.login1", info->session, + "org.freedesktop.login1.Session", "TakeDevice"); + if (!msg) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major, + DBUS_TYPE_UINT32, &minor, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(info->conn, msg, +- DBUS_TIMEOUT, &error); ++ DBUS_TIMEOUT_USE_DEFAULT, &error); + if (!reply) { + LogMessage(X_ERROR, "systemd-logind: failed to take device %s: %s\n", + path, error.message); + goto cleanup; + } + + if (!dbus_message_get_args(reply, &error, + DBUS_TYPE_UNIX_FD, &fd, + DBUS_TYPE_BOOLEAN, &paused, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: TakeDevice %s: %s\n", + path, error.message); + goto cleanup; + } + + *paused_ret = paused; + + LogMessage(X_INFO, "systemd-logind: got fd for %s %u:%u fd %d paused %d\n", + path, major, minor, fd, paused); + + cleanup: + if (msg) + dbus_message_unref(msg); + if (reply) + dbus_message_unref(reply); + dbus_error_free(&error); + + return fd; + } + +@@ -180,61 +178,61 @@ systemd_logind_release_fd(int _major, int _minor, int fd) + * and minor, otherwise other InputInfo's are still referencing the fd. */ + pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor); + while (pInfo) { + matches++; + pInfo = systemd_logind_find_info_ptr_by_devnum(pInfo->next, major, minor); + } + if (matches > 1) { + LogMessage(X_INFO, "systemd-logind: not releasing fd for %u:%u, still in use\n", major, minor); + return; + } + + LogMessage(X_INFO, "systemd-logind: releasing fd for %u:%u\n", major, minor); + + dbus_error_init(&error); + + msg = dbus_message_new_method_call("org.freedesktop.login1", info->session, + "org.freedesktop.login1.Session", "ReleaseDevice"); + if (!msg) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major, + DBUS_TYPE_UINT32, &minor, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(info->conn, msg, +- DBUS_TIMEOUT, &error); ++ DBUS_TIMEOUT_USE_DEFAULT, &error); + if (!reply) + LogMessage(X_ERROR, "systemd-logind: failed to release device: %s\n", + error.message); + + cleanup: + if (msg) + dbus_message_unref(msg); + if (reply) + dbus_message_unref(reply); + dbus_error_free(&error); + close: + if (fd != -1) + close(fd); + } + + int + systemd_logind_controls_session(void) + { + return logind_info.session ? 1 : 0; + } + + void + systemd_logind_vtenter(void) + { + struct systemd_logind_info *info = &logind_info; + InputInfoPtr pInfo; + int i; + + if (!info->session) + return; /* Not using systemd-logind */ +@@ -262,61 +260,61 @@ systemd_logind_vtenter(void) + + /* Do delayed input probing, this must be done after the above enabling */ + xf86InputEnableVTProbe(); + } + + static void + systemd_logind_ack_pause(struct systemd_logind_info *info, + dbus_int32_t minor, dbus_int32_t major) + { + DBusError error; + DBusMessage *msg = NULL; + DBusMessage *reply = NULL; + + dbus_error_init(&error); + + msg = dbus_message_new_method_call("org.freedesktop.login1", info->session, + "org.freedesktop.login1.Session", "PauseDeviceComplete"); + if (!msg) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major, + DBUS_TYPE_UINT32, &minor, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(info->conn, msg, +- DBUS_TIMEOUT, &error); ++ DBUS_TIMEOUT_USE_DEFAULT, &error); + if (!reply) + LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n", + error.message); + + cleanup: + if (msg) + dbus_message_unref(msg); + if (reply) + dbus_message_unref(reply); + dbus_error_free(&error); + } + + static DBusHandlerResult + message_filter(DBusConnection * connection, DBusMessage * message, void *data) + { + struct systemd_logind_info *info = data; + struct xf86_platform_device *pdev = NULL; + InputInfoPtr pInfo = NULL; + int ack = 0, pause = 0, fd = -1; + DBusError error; + dbus_int32_t major, minor; + char *pause_str; + + if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL) + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + + dbus_error_init(&error); + + if (dbus_message_is_signal(message, + "org.freedesktop.DBus", "NameOwnerChanged")) { +@@ -430,96 +428,96 @@ message_filter(DBusConnection * connection, DBusMessage * message, void *data) + } + + static void + connect_hook(DBusConnection *connection, void *data) + { + struct systemd_logind_info *info = data; + DBusError error; + DBusMessage *msg = NULL; + DBusMessage *reply = NULL; + dbus_int32_t arg; + char *session = NULL; + + dbus_error_init(&error); + + msg = dbus_message_new_method_call("org.freedesktop.login1", + "/org/freedesktop/login1", "org.freedesktop.login1.Manager", + "GetSessionByPID"); + if (!msg) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + arg = getpid(); + if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &arg, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(connection, msg, +- DBUS_TIMEOUT, &error); ++ DBUS_TIMEOUT_USE_DEFAULT, &error); + if (!reply) { + LogMessage(X_ERROR, "systemd-logind: failed to get session: %s\n", + error.message); + goto cleanup; + } + dbus_message_unref(msg); + + if (!dbus_message_get_args(reply, &error, DBUS_TYPE_OBJECT_PATH, &session, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: GetSessionByPID: %s\n", + error.message); + goto cleanup; + } + session = XNFstrdup(session); + + dbus_message_unref(reply); + reply = NULL; + + + msg = dbus_message_new_method_call("org.freedesktop.login1", + session, "org.freedesktop.login1.Session", "TakeControl"); + if (!msg) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + arg = FALSE; /* Don't forcibly take over over the session */ + if (!dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &arg, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(connection, msg, +- DBUS_TIMEOUT, &error); ++ DBUS_TIMEOUT_USE_DEFAULT, &error); + if (!reply) { + LogMessage(X_ERROR, "systemd-logind: TakeControl failed: %s\n", + error.message); + goto cleanup; + } + + dbus_bus_add_match(connection, + "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus'", + &error); + if (dbus_error_is_set(&error)) { + LogMessage(X_ERROR, "systemd-logind: could not add match: %s\n", + error.message); + goto cleanup; + } + + /* + * HdG: This is not useful with systemd <= 208 since the signal only + * contains invalidated property names there, rather than property, val + * pairs as it should. Instead we just use the first resume / pause now. + */ + #if 0 + snprintf(match, sizeof(match), + "type='signal',sender='org.freedesktop.login1',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged',path='%s'", + session); + dbus_bus_add_match(connection, match, &error); + if (dbus_error_is_set(&error)) { + LogMessage(X_ERROR, "systemd-logind: could not add match: %s\n", + error.message); + goto cleanup; + } +@@ -537,61 +535,61 @@ connect_hook(DBusConnection *connection, void *data) + info->session = session; + info->vt_active = info->active = TRUE; /* The server owns the vt during init */ + session = NULL; + + cleanup: + free(session); + if (msg) + dbus_message_unref(msg); + if (reply) + dbus_message_unref(reply); + dbus_error_free(&error); + } + + static void + systemd_logind_release_control(struct systemd_logind_info *info) + { + DBusError error; + DBusMessage *msg = NULL; + DBusMessage *reply = NULL; + + dbus_error_init(&error); + + msg = dbus_message_new_method_call("org.freedesktop.login1", + info->session, "org.freedesktop.login1.Session", "ReleaseControl"); + if (!msg) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(info->conn, msg, +- DBUS_TIMEOUT, &error); ++ DBUS_TIMEOUT_USE_DEFAULT, &error); + if (!reply) { + LogMessage(X_ERROR, "systemd-logind: ReleaseControl failed: %s\n", + error.message); + goto cleanup; + } + + cleanup: + if (msg) + dbus_message_unref(msg); + if (reply) + dbus_message_unref(reply); + dbus_error_free(&error); + } + + static void + disconnect_hook(void *data) + { + struct systemd_logind_info *info = data; + + free(info->session); + info->session = NULL; + info->conn = NULL; + } + + static struct dbus_core_hook core_hook = { + .connect = connect_hook, + .disconnect = disconnect_hook, + .data = &logind_info, + }; + +-- +2.3.3
\ No newline at end of file diff --git a/systemd-logind-filter-out-non-signal-messages-from.patch b/systemd-logind-filter-out-non-signal-messages-from.patch new file mode 100644 index 000000000000..af319c599ba3 --- /dev/null +++ b/systemd-logind-filter-out-non-signal-messages-from.patch @@ -0,0 +1,90 @@ +From e90798c142dedc4fd296936b69fe34a40d0aa35a Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Fri, 10 Apr 2015 14:19:50 -0400 +Subject: [PATCH] systemd-logind: filter out non-signal messages from message + filter + +It's possible to receive a message reply in the message filter if a +previous message call timed out locally before the reply arrived. + +The message_filter function only handles signals, at the moment, and +does not properly handle message replies. + +This commit changes the message_filter function to filter out all +non-signal messages, including spurious message replies. + +https://bugzilla.redhat.com/show_bug.cgi?id=1209347 +--- + hw/xfree86/os-support/linux/systemd-logind.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c +index 49758f4..57c87c0 100644 +--- a/hw/xfree86/os-support/linux/systemd-logind.c ++++ b/hw/xfree86/os-support/linux/systemd-logind.c +@@ -286,60 +286,63 @@ systemd_logind_ack_pause(struct systemd_logind_info *info, + DBUS_TYPE_INVALID)) { + LogMessage(X_ERROR, "systemd-logind: out of memory\n"); + goto cleanup; + } + + reply = dbus_connection_send_with_reply_and_block(info->conn, msg, + DBUS_TIMEOUT, &error); + if (!reply) + LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n", + error.message); + + cleanup: + if (msg) + dbus_message_unref(msg); + if (reply) + dbus_message_unref(reply); + dbus_error_free(&error); + } + + static DBusHandlerResult + message_filter(DBusConnection * connection, DBusMessage * message, void *data) + { + struct systemd_logind_info *info = data; + struct xf86_platform_device *pdev = NULL; + InputInfoPtr pInfo = NULL; + int ack = 0, pause = 0, fd = -1; + DBusError error; + dbus_int32_t major, minor; + char *pause_str; + ++ if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL) ++ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; ++ + dbus_error_init(&error); + + if (dbus_message_is_signal(message, + "org.freedesktop.DBus", "NameOwnerChanged")) { + char *name, *old_owner, *new_owner; + + dbus_message_get_args(message, &error, + DBUS_TYPE_STRING, &name, + DBUS_TYPE_STRING, &old_owner, + DBUS_TYPE_STRING, &new_owner, DBUS_TYPE_INVALID); + if (dbus_error_is_set(&error)) { + LogMessage(X_ERROR, "systemd-logind: NameOwnerChanged: %s\n", + error.message); + dbus_error_free(&error); + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + } + + if (name && strcmp(name, "org.freedesktop.login1") == 0) + FatalError("systemd-logind disappeared (stopped/restarted?)\n"); + + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + } + + if (strcmp(dbus_message_get_path(message), info->session) != 0) + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + + if (dbus_message_is_signal(message, "org.freedesktop.login1.Session", + "PauseDevice")) { + if (!dbus_message_get_args(message, &error, + DBUS_TYPE_UINT32, &major, +-- +2.3.3
\ No newline at end of file diff --git a/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch b/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch new file mode 100644 index 000000000000..02dbaf22f93f --- /dev/null +++ b/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch @@ -0,0 +1,23 @@ +diff --git a/os/xdmcp.c b/os/xdmcp.c +index b6e97c9..0e9e625 100644 +--- a/os/xdmcp.c ++++ b/os/xdmcp.c +@@ -1409,8 +1409,16 @@ recv_alive_msg(unsigned length) + static void + XdmcpFatal(const char *type, ARRAY8Ptr status) + { +- FatalError("XDMCP fatal error: %s %*.*s\n", type, +- status->length, status->length, status->data); ++ char *error_message; ++ ++ /* error_message is leaked, but that's fine, we're aborting */ ++ error_message = malloc (status->length + 1); ++ if (!error_message) ++ FatalError("XDMCP fatal error: %s", type); ++ ++ memcpy(error_message, status->data, status->length); ++ error_message[status->length] = '\0'; ++ FatalError("XDMCP fatal error: %s %s\n", type, error_message); + } + + static void diff --git a/xorg-server-dev.install b/xorg-server-dev.install new file mode 100644 index 000000000000..46bf5a90ae8a --- /dev/null +++ b/xorg-server-dev.install @@ -0,0 +1,18 @@ +post_upgrade() { + if (( $(vercmp $2 1.16.0-3) < 0 )); then + post_install + fi +} + +post_install() { + cat <<MSG +>>> xorg-server has now the ability to run without root rights with + the help of systemd-logind. xserver will fail to run if not launched + from the same virtual terminal as was used to log in. + Without root rights, log files will be in ~/.local/share/xorg/ directory. + + Old behavior can be restored through Xorg.wrap config file. + See Xorg.wrap man page (man xorg.wrap). +MSG +} + diff --git a/xvfb-run b/xvfb-run new file mode 100755 index 000000000000..4c2f4e0d3a4d --- /dev/null +++ b/xvfb-run @@ -0,0 +1,180 @@ +#!/bin/sh + +# $Id: xvfb-run 2027 2004-11-16 14:54:16Z branden $ + +# This script starts an instance of Xvfb, the "fake" X server, runs a command +# with that server available, and kills the X server when done. The return +# value of the command becomes the return value of this script. +# +# If anyone is using this to build a Debian package, make sure the package +# Build-Depends on xvfb, xbase-clients, and xfonts-base. + +set -e + +PROGNAME=xvfb-run +SERVERNUM=99 +AUTHFILE= +ERRORFILE=/dev/null +STARTWAIT=3 +XVFBARGS="-screen 0 640x480x8" +LISTENTCP="-nolisten tcp" +XAUTHPROTO=. + +# Query the terminal to establish a default number of columns to use for +# displaying messages to the user. This is used only as a fallback in the event +# the COLUMNS variable is not set. ($COLUMNS can react to SIGWINCH while the +# script is running, and this cannot, only being calculated once.) +DEFCOLUMNS=$(stty size 2>/dev/null | awk '{print $2}') || true +if ! expr "$DEFCOLUMNS" : "[[:digit:]]\+$" >/dev/null 2>&1; then + DEFCOLUMNS=80 +fi + +# Display a message, wrapping lines at the terminal width. +message () { + echo "$PROGNAME: $*" | fmt -t -w ${COLUMNS:-$DEFCOLUMNS} +} + +# Display an error message. +error () { + message "error: $*" >&2 +} + +# Display a usage message. +usage () { + if [ -n "$*" ]; then + message "usage error: $*" + fi + cat <<EOF +Usage: $PROGNAME [OPTION ...] COMMAND +Run COMMAND (usually an X client) in a virtual X server environment. +Options: +-a --auto-servernum try to get a free server number, starting at + --server-num +-e FILE --error-file=FILE file used to store xauth errors and Xvfb + output (default: $ERRORFILE) +-f FILE --auth-file=FILE file used to store auth cookie + (default: ./.Xauthority) +-h --help display this usage message and exit +-n NUM --server-num=NUM server number to use (default: $SERVERNUM) +-l --listen-tcp enable TCP port listening in the X server +-p PROTO --xauth-protocol=PROTO X authority protocol name to use + (default: xauth command's default) +-s ARGS --server-args=ARGS arguments (other than server number and + "-nolisten tcp") to pass to the Xvfb server + (default: "$XVFBARGS") +-w DELAY --wait=DELAY delay in seconds to wait for Xvfb to start + before running COMMAND (default: $STARTWAIT) +EOF +} + +# Find a free server number by looking at .X*-lock files in /tmp. +find_free_servernum() { + # Sadly, the "local" keyword is not POSIX. Leave the next line commented in + # the hope Debian Policy eventually changes to allow it in /bin/sh scripts + # anyway. + #local i + + i=$SERVERNUM + while [ -f /tmp/.X$i-lock ]; do + i=$(($i + 1)) + done + echo $i +} + +# Clean up files +clean_up() { + if [ -e "$AUTHFILE" ]; then + XAUTHORITY=$AUTHFILE xauth remove ":$SERVERNUM" >>"$ERRORFILE" 2>&1 + fi + if [ -n "$XVFB_RUN_TMPDIR" ]; then + if ! rm -r "$XVFB_RUN_TMPDIR"; then + error "problem while cleaning up temporary directory" + exit 5 + fi + fi +} + +# Parse the command line. +ARGS=$(getopt --options +ae:f:hn:lp:s:w: \ + --long auto-servernum,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait: \ + --name "$PROGNAME" -- "$@") +GETOPT_STATUS=$? + +if [ $GETOPT_STATUS -ne 0 ]; then + error "internal error; getopt exited with status $GETOPT_STATUS" + exit 6 +fi + +eval set -- "$ARGS" + +while :; do + case "$1" in + -a|--auto-servernum) SERVERNUM=$(find_free_servernum) ;; + -e|--error-file) ERRORFILE="$2"; shift ;; + -f|--auth-file) AUTHFILE="$2"; shift ;; + -h|--help) SHOWHELP="yes" ;; + -n|--server-num) SERVERNUM="$2"; shift ;; + -l|--listen-tcp) LISTENTCP="" ;; + -p|--xauth-protocol) XAUTHPROTO="$2"; shift ;; + -s|--server-args) XVFBARGS="$2"; shift ;; + -w|--wait) STARTWAIT="$2"; shift ;; + --) shift; break ;; + *) error "internal error; getopt permitted \"$1\" unexpectedly" + exit 6 + ;; + esac + shift +done + +if [ "$SHOWHELP" ]; then + usage + exit 0 +fi + +if [ -z "$*" ]; then + usage "need a command to run" >&2 + exit 2 +fi + +if ! which xauth >/dev/null; then + error "xauth command not found" + exit 3 +fi + +# tidy up after ourselves +trap clean_up EXIT + +# If the user did not specify an X authorization file to use, set up a temporary +# directory to house one. +if [ -z "$AUTHFILE" ]; then + XVFB_RUN_TMPDIR="$(mktemp -d -t $PROGNAME.XXXXXX)" + AUTHFILE="$XVFB_RUN_TMPDIR/Xauthority" +fi + +# Start Xvfb. +MCOOKIE=$(mcookie) +XAUTHORITY=$AUTHFILE xauth source - << EOF >>"$ERRORFILE" 2>&1 +add :$SERVERNUM $XAUTHPROTO $MCOOKIE +EOF +XAUTHORITY=$AUTHFILE Xvfb ":$SERVERNUM" $XVFBARGS $LISTENTCP >>"$ERRORFILE" \ + 2>&1 & +XVFBPID=$! +sleep "$STARTWAIT" +if ! kill -0 $XVFBPID 2>/dev/null; then + echo "Xvfb failed to start" >&2 + exit 1 +fi + +# Start the command and save its exit status. +set +e +DISPLAY=:$SERVERNUM XAUTHORITY=$AUTHFILE "$@" 2>&1 +RETVAL=$? +set -e + +# Kill Xvfb now that the command has exited. +kill $XVFBPID + +# Return the executed command's exit status. +exit $RETVAL + +# vim:set ai et sts=4 sw=4 tw=80: diff --git a/xvfb-run.1 b/xvfb-run.1 new file mode 100644 index 000000000000..137d3a1967e5 --- /dev/null +++ b/xvfb-run.1 @@ -0,0 +1,282 @@ +.\" $Id: xvfb-run.1 2138 2005-01-17 23:40:27Z branden $ +.\" +.\" Copyright 1998-2004 Branden Robinson <branden@debian.org>. +.\" +.\" This is free software; you may redistribute it and/or modify +.\" it under the terms of the GNU General Public License as +.\" published by the Free Software Foundation; either version 2, +.\" or (at your option) any later version. +.\" +.\" This is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License with +.\" the Debian operating system, in /usr/share/common-licenses/GPL; if +.\" not, write to the Free Software Foundation, Inc., 59 Temple Place, +.\" Suite 330, Boston, MA 02111-1307 USA +.\" +.\" We need the URL macro from groff's www macro package, but also want +.\" things to work all right for people who don't have it. So we define +.\" our own URL macro and let the www macro package override it if it's +.\" available. +.de URL +\\$2 \(laURL: \\$1 \(ra\\$3 +.. +.if \n[.g] .mso www.tmac +.TH xvfb\-run 1 "2004\-11\-12" "Debian Project" +.SH NAME +xvfb\-run \- run specified X client or command in a virtual X server environment +.SH SYNOPSIS +.B xvfb\-run +[ +.I options +] +.I command +.SH DESCRIPTION +.B xvfb\-run +is a wrapper for the +.BR Xvfb (1x) +command which simplifies the task of running commands (typically an X +client, or a script containing a list of clients to be run) within a virtual +X server environment. +.PP +.B xvfb\-run +sets up an X authority file (or uses an existing user\-specified one), +writes a cookie to it (see +.BR xauth (1x)) +and then starts the +.B Xvfb +X server as a background process. +The process ID of +.B Xvfb +is stored for later use. +The specified +.I command +is then run using the X display corresponding to the +.B Xvfb +server +just started and the X authority file created earlier. +.PP +When the +.I command +exits, its status is saved, the +.B Xvfb +server is killed (using the process ID stored earlier), the X authority +cookie removed, and the authority file deleted (if the user did not specify +one to use). +.B xvfb\-run +then exits with the exit status of +.IR command . +.PP +.B xvfb\-run +requires the +.B xauth +command to function. +.SH OPTIONS +.TP +.B \-a\fR,\fB \-\-auto\-servernum +Try to get a free server number, starting at 99, or the argument to +.BR \-\-server\-num . +.TP +.BI \-e\ file \fR,\fB\ \-\-error\-file= file +Store output from +.B xauth +and +.B Xvfb +in +.IR file . +The default is +.IR /dev/null . +.TP +.BI \-f\ file \fR,\fB\ \-\-auth\-file= file +Store X authentication data in +.IR file . +By default, a temporary directory called +.IR xvfb\-run. PID +(where PID is the process ID of +.B xvfb\-run +itself) is created in the directory specified by the environment variable +.B TMPDIR +(or +.I /tmp +if that variable is null or unset), and the +.BR tempfile (1) +command is used to create a file in that temporary directory called +.IR Xauthority . +.TP +.B \-h\fR,\fB \-\-help +Display a usage message and exit. +.TP +.BI \-n\ servernumber \fR,\fB\ \-\-server\-num= servernumber +Use +.I servernumber +as the server number (but see the +.B \-a\fR,\fB \-\-auto\-servernum +option above). +The default is 99. +.TP +.B \-l\fR,\fB \-\-listen\-tcp +Enable TCP port listening in the X server. +For security reasons (to avoid denial\-of\-service attacks or exploits), +TCP port listening is disabled by default. +.TP +.BI \-p\ protocolname \fR,\fB\ \-\-xauth\-protocol= protocolname +Use +.I protocolname +as the X authority protocol to use. +The default is \(oq.\(cq, which +.B xauth +interprets as its own default protocol, which is MIT\-MAGIC\-COOKIE\-1. +.TP +.BI \-s\ arguments \fR,\fB\ \-\-server\-args= arguments +Pass +.I arguments +to the +.B Xvfb +server. +Be careful to quote any whitespace characters that may occur within +.I arguments +to prevent them from regarded as separators for +.BR xvfb\-run 's +own arguments. +Also, note that specification of \(oq\-nolisten tcp\(cq in +.I arguments +may override the function of +.BR xvfb\-run 's +own +.B \-l\fR,\fB \-\-listen\-tcp +option, and that specification of the server number (e.g., \(oq:1\(cq) may +be ignored because of the way the X server parses its argument list. +Use the +.B xvfb\-run +option +.BI \-n\ servernumber \fR,\fB\ \-\-server\-num= servernumber +to achieve the latter function. +The default is \(oq\-screen 0 640x480x8\(cq. +.TP +.BI \-w\ delay \fR,\fB\ \-\-wait= delay +Wait +.I delay +seconds after launching +.B Xvfb +before attempting to start the specified command. +The default is 3. +.SH ENVIRONMENT +.TP +.B COLUMNS +indicates the width of the terminal device in character cells. +This value is used for formatting diagnostic messages. +If not set, the terminal is queried using +.BR stty (1) +to determine its width. +If that fails, a value of \(oq80\(cq is assumed. +.TP +.B TMPDIR +specifies the directory in which to place +.BR xvfb\-run 's +temporary directory for storage of the X authority file; only used if the +.B \-f +or +.B \-\-auth\-file +options are not specified. +.SH "OUTPUT FILES" +.PP +Unless the +.B \-f +or +.B \-\-auth\-file +options are specified, a temporary +directory and file within it are created (and deleted) to store the X +authority cookies used by the +.B Xvfb +server and client(s) run under it. +See +.BR tempfile (1). +If \-f or \-\-auth\-file are used, then the specified X authority file is +only written to, not created or deleted (though +.B xauth +creates an authority file itself if told to use use that does not already +exist). +.PP +An error file with a user\-specified name is also created if the +.B \-e +or +.B \-\-error\-file +options are specifed; see above. +.SH "EXIT STATUS" +.B xvfb\-run +uses its exit status as well as output to standard error to communicate +diagnostics. +The exit status of \(oq1\(cq is not used, and should be interpreted as failure +of the specified command. +.TP +0 +.B xvfb\-run +only uses this exit status if the +.B \-h\fR,\fB \-\-help +option is given. +In all other situations, this may be interpreted as success of the specified +command. +.TP +2 +No command to run was specified. +.TP +3 +The +.B xauth +command is not available. +.TP +4 +The temporary directory that was going to be used already exists; since +.B xvfb\-run +produces a uniquely named directory, this may indicate an attempt by another +process on the system to exploit a temporary file race condition. +.TP +5 +A problem was encountered while cleaning up the temporary directory. +.TP +6 +A problem was encountered while using +.BR getopt (1) +to parse the command\-line arguments. +.SH EXAMPLES +.TP +.B xvfb\-run \-\-auto\-servernum \-\-server\-num=1 xlogo +runs the +.BR xlogo (1x) +demonstration client inside the +.B Xvfb +X server on the first available server number greater than or equal to 1. +.TP +.B xvfb\-run \-\-server\-args="\-screen 0 1024x768x24" ico \-faces +runs the +.BR ico (1x) +demonstration client (and passes it the +.B \-faces +argument) inside the +.B Xvfb +X server, configured with a root window of 1024 by 768 pixels and a color +depth of 24 bits. +.PP +Note that the demo X clients used in the above examples will not exit on +their own, so they will have to be killed before +.B xvfb\-run +will exit. +.SH BUGS +See +.URL "http://bugs.debian.org/xvfb" "the Debian Bug Tracking System" . +If you wish to report a bug in +.BR xvfb\-run , +please use the +.BR reportbug (1) +command. +.SH AUTHOR +.B xfvb\-run +was written by Branden Robinson and Jeff Licquia with sponsorship from +Progeny Linux Systems. +.SH "SEE ALSO" +.BR Xvfb (1x), +.BR xauth (1x) +.\" vim:set et tw=80: |