diff options
-rw-r--r-- | .SRCINFO | 44 | ||||
-rw-r--r-- | 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch | 210 | ||||
-rw-r--r-- | 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch | 47 | ||||
-rw-r--r-- | 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch | 42 | ||||
-rw-r--r-- | 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch | 51 | ||||
-rw-r--r-- | 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch | 134 | ||||
-rw-r--r-- | PKGBUILD | 81 | ||||
-rw-r--r-- | autoconfig-sis.patch | 21 | ||||
-rw-r--r-- | fix-CVE-2015-3164.patch | 311 | ||||
-rw-r--r-- | os-access-fix-regression-in-server-interpreted-auth.patch | 30 | ||||
-rw-r--r-- | v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch | 23 |
11 files changed, 937 insertions, 57 deletions
@@ -1,7 +1,5 @@ -# Generated by makepkg 4.2.0 -# Thu Jan 1 20:00:58 UTC 2015 pkgbase = xorg-server-mir - pkgver = 1.16.3 + pkgver = 1.17.1 pkgrel = 1 url = http://xorg.freedesktop.org arch = i686 @@ -48,23 +46,41 @@ pkgbase = xorg-server-mir makedepends = libepoxy makedepends = xcb-util makedepends = xcb-util-image + makedepends = xcb-util-renderutil makedepends = xcb-util-wm makedepends = xcb-util-keysyms makedepends = dri3proto makedepends = libxshmfence + makedepends = libunwind makedepends = mir - source = http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.16.3.tar.bz2 - source = https://launchpad.net/ubuntu/+archive/primary/+files/xorg-server_1.16.2.901-1ubuntu3.diff.gz - source = autoconfig-sis.patch + source = http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.17.1.tar.bz2 + source = http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-1.17.1.tar.bz2.sig + source = https://launchpad.net/ubuntu/+archive/primary/+files/xorg-server_1.17.1-0ubuntu4.diff.gz source = nvidia-drm-outputclass.conf source = xvfb-run source = xvfb-run.1 - sha512sums = c0459ed95a6682b2094340b6b8fc7b59fcda5227ee2f13e87f68eb5c29b91cd3f05c5fc2126e33d6303beb3ad04d19466951ef4eb53f2e9918684cdaf3692c5a - sha512sums = 87c1211c1e01fa489f80edd07d67791212df2fc76362a60967ac8528e2980321d6d946a2fda789918d2a3bb771178c394d9f0c432d29cd56811ce04980f46a96 - sha512sums = 3211dbc6d8a84f3f6a77230a8e5fe13355b441768d864c2b3037b893be39f7b8d581c2a5db1e04f399ce19c4ced973b64eaad563d970ee9c7b8a93cb23a0aa18 + source = os-access-fix-regression-in-server-interpreted-auth.patch + source = v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + source = 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + source = 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + source = 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + source = 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + source = 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + source = fix-CVE-2015-3164.patch + sha512sums = 195a0e0a6bd9c7655e62dd40dfbd7dea77d10f1143d4fd6154e8bdbb463d3729f81ecd1e379d66f68e828d4f4583782c15ce260de24444802076844aec552c4f + sha512sums = SKIP + sha512sums = 280ef30b05c8d2bb876d4af04b47359fd7cf937a2d49f513f033797327e8350ef010c040bac3f67bc1b7c9fbe4b1b4322ccf70a5403d3401b0c6324e51ab1e3c sha512sums = 06c649df3b02c6ccf5491fecd06f4c979656aaba2bb366e6197e96bb0eecd8d0a46245e69628d507ddc8c5fc6d5f1cac694f036bc45ba51f82a092ebd6097bf5 sha512sums = ca1cda27016f7c269cbdecc45da36255afeef5c1973cc484544f9dfbf56ed1868365c93a4c7f93e3a23e5322f084ec0cdd137e15b43872aae7f0c03040028ce6 sha512sums = de5e2cb3c6825e6cf1f07ca0d52423e17f34d70ec7935e9dd24be5fb9883bf1e03b50ff584931bd3b41095c510ab2aa44d2573fd5feaebdcb59363b65607ff22 + sha512sums = 976c0b93b7eb0a1ff05dacd8ebb9644db4211ec38bcd172fa2c3a8c4611ad2b8e47d8445f90b2f3d498c55fa76a53522cf6e210dcc5b9b56a19409d933874fd4 + sha512sums = 2e1fa43d2ecfd0387ca43cbfa99838f92d2cf5a4dcac2de98ba2d72eef28a15ab5cceee39919462ab9c175a9faa5dbd8b37492ff534110e434d434df6260ae9d + sha512sums = 46cbc1abb3b12b49345d73f21bf8c5302b6d1b74eb615c291a12177701f6c20c8c777f4f3b427188d1fc7f5cc7116104f1285c6e28fa038810b09c940e4f1b76 + sha512sums = ecabb18ac448e2c528f9dd7648679514c4240570e3b3471d603d9249e577c824a4ecd89d88a4f67bb23ea3e567503aa1f31fd70dc2dcb1e0ea7a28d00514a689 + sha512sums = 890727bd21074f4990495cea74dcae1929b3fd56504b8ab599974eb2371ba26bc84c36b32ac9fee22c3b6092bb3a728927d70b9c2f731415b99d7ea0fa63caa1 + sha512sums = c442f566c861c746e92bde992cc736399c74df71a4a3b0e3abe43e7998ba97f2e6550b1fd1da21d9ba960314974dd95e8f3d6aab0b3fbe4c5a6af1a2a8c92495 + sha512sums = 51bf1ac1135512e8f2621f4dd211d4b80d3072e9ee6896a0d9c7ae569ca693a664cc1e5adf4f7c95da8d6626816ea17ef3bf0f488c121cb3c3b317884d3f3bfc + sha512sums = b8b5a9a9bbf3c6b511196c919694c54b5c67090e7f535f65b61be0d33569b6f32180250637fd5cf0aef8e4fd33689a600553f61abcc43fa7e564bff04f0f3e3c pkgname = xorg-server-mir pkgdesc = Xorg X server @@ -82,13 +98,15 @@ pkgname = xorg-server-mir depends = xf86-input-evdev depends = libxshmfence depends = libgl - provides = X-ABI-VIDEODRV_VERSION=18 - provides = X-ABI-XINPUT_VERSION=21 - provides = X-ABI-EXTENSION_VERSION=8.0 + provides = X-ABI-VIDEODRV_VERSION=19 + provides = X-ABI-XINPUT_VERSION=21.1 + provides = X-ABI-EXTENSION_VERSION=9.0 provides = x-server conflicts = nvidia-utils<=331.20 conflicts = glamor-egl + conflicts = xf86-video-modesetting replaces = glamor-egl + replaces = xf86-video-modesetting pkgname = xorg-server-xephyr-mir pkgdesc = A nested X server that runs as an X application @@ -100,6 +118,7 @@ pkgname = xorg-server-xephyr-mir depends = pixman depends = xorg-server-common-mir depends = xcb-util-image + depends = xcb-util-renderutil depends = xcb-util-wm depends = xcb-util-keysyms @@ -149,6 +168,7 @@ pkgname = xorg-server-common-mir depends = xorg-xkbcomp depends = xorg-setxkbmap depends = xorg-fonts-misc + depends = libunwind pkgname = xorg-server-devel-mir pkgdesc = Development files for the X.Org X server diff --git a/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch new file mode 100644 index 000000000000..86744f1402ea --- /dev/null +++ b/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch @@ -0,0 +1,210 @@ +From e1a7f4bb5333b0271d29f785eb55f1c3273e626a Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 5 May 2015 14:18:54 +1000 +Subject: [PATCH] dix: Add unaccelerated valuators to the ValuatorMask + +Allows a mask to carry both accelerated and unaccelerated motion at the same +time. + +This is required for xf86-input-libinput where the pointer acceleration +happens in libinput already, but parts of the server, specifically raw events +and DGA rely on device-specific unaccelerated data. + +To ease integration add this as a second set to the ValuatorMask rather than +extending all APIs to carry a second, possibly NULL set of valuators. + +Note that a valuator mask should only be used in either accel/unaccel or +standard mode at any time. Switching requires either a valuator_mask_zero() +call or unsetting all valuators one-by-one. Trying to mix the two will produce +a warning. + +The server has a shortcut for changing a mask with the +valuator_mask_drop_unaccelerated() call. This saves us from having to loop +through all valuators on every event, we can just drop the bits we know we +don't want. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +--- + dix/inpututils.c | 82 +++++++++++++++++++++++++++++++++++++++--- + hw/xfree86/common/xf86Module.h | 2 +- + include/input.h | 15 ++++++++ + include/inpututils.h | 2 ++ + 4 files changed, 95 insertions(+), 6 deletions(-) + +diff --git a/dix/inpututils.c b/dix/inpututils.c +index 5c2a32d..1363988 100644 +--- a/dix/inpututils.c ++++ b/dix/inpututils.c +@@ -505,11 +505,8 @@ valuator_mask_isset(const ValuatorMask *mask, int valuator) + return mask->last_bit >= valuator && BitIsOn(mask->mask, valuator); + } + +-/** +- * Set the valuator to the given floating-point data. +- */ +-void +-valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) ++static inline void ++_valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) + { + mask->last_bit = max(valuator, mask->last_bit); + SetBit(mask->mask, valuator); +@@ -517,6 +514,17 @@ valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) + } + + /** ++ * Set the valuator to the given floating-point data. ++ */ ++void ++valuator_mask_set_double(ValuatorMask *mask, int valuator, double data) ++{ ++ BUG_WARN_MSG(mask->has_unaccelerated, ++ "Do not mix valuator types, zero mask first\n"); ++ _valuator_mask_set_double(mask, valuator, data); ++} ++ ++/** + * Set the valuator to the given integer data. + */ + void +@@ -594,11 +602,15 @@ valuator_mask_unset(ValuatorMask *mask, int valuator) + + ClearBit(mask->mask, valuator); + mask->valuators[valuator] = 0.0; ++ mask->unaccelerated[valuator] = 0.0; + + for (i = 0; i <= mask->last_bit; i++) + if (valuator_mask_isset(mask, i)) + lastbit = max(lastbit, i); + mask->last_bit = lastbit; ++ ++ if (mask->last_bit == -1) ++ mask->has_unaccelerated = FALSE; + } + } + +@@ -611,6 +623,66 @@ valuator_mask_copy(ValuatorMask *dest, const ValuatorMask *src) + valuator_mask_zero(dest); + } + ++Bool ++valuator_mask_has_unaccelerated(const ValuatorMask *mask) ++{ ++ return mask->has_unaccelerated; ++} ++ ++void ++valuator_mask_drop_unaccelerated(ValuatorMask *mask) ++{ ++ memset(mask->unaccelerated, 0, sizeof(mask->unaccelerated)); ++ mask->has_unaccelerated = FALSE; ++} ++ ++/** ++ * Set both accelerated and unaccelerated value for this mask. ++ */ ++void ++valuator_mask_set_unaccelerated(ValuatorMask *mask, ++ int valuator, ++ double accel, ++ double unaccel) ++{ ++ BUG_WARN_MSG(mask->last_bit != -1 && !mask->has_unaccelerated, ++ "Do not mix valuator types, zero mask first\n"); ++ _valuator_mask_set_double(mask, valuator, accel); ++ mask->has_unaccelerated = TRUE; ++ mask->unaccelerated[valuator] = unaccel; ++} ++ ++double ++valuator_mask_get_accelerated(const ValuatorMask *mask, ++ int valuator) ++{ ++ return valuator_mask_get_double(mask, valuator); ++} ++ ++double ++valuator_mask_get_unaccelerated(const ValuatorMask *mask, ++ int valuator) ++{ ++ return mask->unaccelerated[valuator]; ++} ++ ++Bool ++valuator_mask_fetch_unaccelerated(const ValuatorMask *mask, ++ int valuator, ++ double *accel, ++ double *unaccel) ++{ ++ if (valuator_mask_isset(mask, valuator)) { ++ if (accel) ++ *accel = valuator_mask_get_accelerated(mask, valuator); ++ if (unaccel) ++ *unaccel = valuator_mask_get_unaccelerated(mask, valuator); ++ return TRUE; ++ } ++ else ++ return FALSE; ++} ++ + int + CountBits(const uint8_t * mask, int len) + { +diff --git a/hw/xfree86/common/xf86Module.h b/hw/xfree86/common/xf86Module.h +index e68fe9c..6133641 100644 +--- a/hw/xfree86/common/xf86Module.h ++++ b/hw/xfree86/common/xf86Module.h +@@ -81,7 +81,7 @@ typedef enum { + */ + #define ABI_ANSIC_VERSION SET_ABI_VERSION(0, 4) + #define ABI_VIDEODRV_VERSION SET_ABI_VERSION(19, 0) +-#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 0) ++#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 1) + #define ABI_EXTENSION_VERSION SET_ABI_VERSION(9, 0) + #define ABI_FONT_VERSION SET_ABI_VERSION(0, 6) + +diff --git a/include/input.h b/include/input.h +index bf22dc7..0a4c4f7 100644 +--- a/include/input.h ++++ b/include/input.h +@@ -674,6 +674,21 @@ extern _X_EXPORT Bool valuator_mask_fetch(const ValuatorMask *mask, + extern _X_EXPORT Bool valuator_mask_fetch_double(const ValuatorMask *mask, + int valnum, double *val); + ++extern _X_EXPORT Bool valuator_mask_has_unaccelerated(const ValuatorMask *mask); ++extern _X_EXPORT void valuator_mask_set_unaccelerated(ValuatorMask *mask, ++ int valuator, ++ double accel, ++ double unaccel); ++extern _X_EXPORT double valuator_mask_get_accelerated(const ValuatorMask *mask, ++ int valuator); ++extern _X_EXPORT double valuator_mask_get_unaccelerated(const ValuatorMask *mask, ++ int valuator); ++extern _X_EXPORT Bool valuator_mask_fetch_unaccelerated(const ValuatorMask *mask, ++ int valuator, ++ double *accel, ++ double *unaccel); ++extern _X_HIDDEN void valuator_mask_drop_unaccelerated(ValuatorMask *mask); ++ + /* InputOption handling interface */ + extern _X_EXPORT InputOption *input_option_new(InputOption *list, + const char *key, +diff --git a/include/inpututils.h b/include/inpututils.h +index 53c96ba..4e90815 100644 +--- a/include/inpututils.h ++++ b/include/inpututils.h +@@ -36,8 +36,10 @@ extern Mask event_filters[MAXDEVICES][MAXEVENTS]; + + struct _ValuatorMask { + int8_t last_bit; /* highest bit set in mask */ ++ int8_t has_unaccelerated; + uint8_t mask[(MAX_VALUATORS + 7) / 8]; + double valuators[MAX_VALUATORS]; /* valuator data */ ++ double unaccelerated[MAX_VALUATORS]; /* valuator data */ + }; + + extern void verify_internal_event(const InternalEvent *ev); +-- +2.4.1 + diff --git a/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch b/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch new file mode 100644 index 000000000000..75e5bb92f8ef --- /dev/null +++ b/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch @@ -0,0 +1,47 @@ +From 0a78b599b34cc8b5fe6fe82f90e90234e8ab7a56 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=BCrg=20Billeter?= <j@bitron.ch> +Date: Sat, 7 Feb 2015 18:13:21 +0100 +Subject: [PATCH] int10: Fix error check for pci_device_map_legacy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pci_device_map_legacy returns 0 on success. + +Signed-off-by: Jürg Billeter <j@bitron.ch> +Reviewed-by: Adam Jackson <ajax@redhat.com> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + hw/xfree86/int10/generic.c | 2 +- + hw/xfree86/os-support/linux/int10/linux.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c +index 012d194..8d5c4da 100644 +--- a/hw/xfree86/int10/generic.c ++++ b/hw/xfree86/int10/generic.c +@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len) + { + void *map; + +- if (!pci_device_map_legacy(dev, 0, len, 0, &map)) ++ if (pci_device_map_legacy(dev, 0, len, 0, &map)) + return FALSE; + + memcpy(buf, map, len); +diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c +index 79b9a88..6ca118f 100644 +--- a/hw/xfree86/os-support/linux/int10/linux.c ++++ b/hw/xfree86/os-support/linux/int10/linux.c +@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int base, int len) + { + void *map; + +- if (!pci_device_map_legacy(dev, base, len, 0, &map)) ++ if (pci_device_map_legacy(dev, base, len, 0, &map)) + return FALSE; + + memcpy(buf, map, len); +-- +2.3.2 + diff --git a/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch b/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch new file mode 100644 index 000000000000..668ae21ba31b --- /dev/null +++ b/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch @@ -0,0 +1,42 @@ +From 41932dfbc841a1adc6512d41085ea3f8ebecb42c Mon Sep 17 00:00:00 2001 +From: Keith Packard <keithp@keithp.com> +Date: Wed, 8 Apr 2015 07:45:28 -0700 +Subject: [PATCH] mi: Partial pie-slice filled arcs may need more space for + spans + +The mi filled arc code estimates that a filled arc will produce no +more spans than the arc is tall. This is true for most arcs except +for pie-slice arcs strictly between 180 and 360 degrees where the missing +portion of the arc faces up or down such that we get two spans on some +scanlines. + +For those, we need to reserve room for another height/2 spans. This +patch just does it for all partial pie-sliced arcs to make the test +easier to understand; it's just over-allocating a bit of memory, so +that's safe. + +Signed-off-by: Keith Packard <keithp@keithp.com> +Reviewed-by: Adam Jackson <ajax@redhat.com> +--- + mi/mifillarc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/mi/mifillarc.c b/mi/mifillarc.c +index 246d70f..888519e 100644 +--- a/mi/mifillarc.c ++++ b/mi/mifillarc.c +@@ -660,6 +660,11 @@ miPolyFillArc(DrawablePtr pDraw, GCPtr pGC, int narcs_all, xArc * parcs) + if (narcs && nspans + arc->height > MAX_SPANS_PER_LOOP) + break; + nspans += arc->height; ++ ++ /* A pie-slice arc may add another pile of spans */ ++ if (pGC->arcMode == ArcPieSlice && ++ (-FULLCIRCLE < arc->angle2 && arc->angle2 < FULLCIRCLE)) ++ nspans += (arc->height + 1) >> 1; + } + + pts = points = malloc (sizeof (DDXPointRec) * nspans + +-- +2.3.5 + diff --git a/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch new file mode 100644 index 000000000000..0e0b20df6fc9 --- /dev/null +++ b/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch @@ -0,0 +1,51 @@ +From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001 +From: Hans de Goede <hdegoede@redhat.com> +Date: Wed, 11 Feb 2015 16:26:40 +0100 +Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5. + +gcc5's cpp inserts patterns like this: + +extern + __attribute__((visibility("default"))) + int WaitForSomething(int * + ); + +This patch make sdksyms.sh work with this. Note my awk skills are weak, so +there likely is a better way to deal with this. + +Signed-off-by: Hans de Goede <hdegoede@redhat.com> +--- + hw/xfree86/sdksyms.sh | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh +index 2305073..99b0cae 100755 +--- a/hw/xfree86/sdksyms.sh ++++ b/hw/xfree86/sdksyms.sh +@@ -350,6 +350,23 @@ BEGIN { + if (sdk) { + n = 3; + ++ # detect the following gcc5 cpp pattern and skip it: ++ # extern ++ # # 320 "../../include/os.h" 3 4 ++ # __attribute__((visibility("default"))) ++ # # 320 "../../include/os.h" ++ # Note in this case the "extern " or "extern void " always has ++ # a trailing space ++ if ($0 ~ "^extern.* $") { ++ getline; ++ getline; ++ getline; ++ getline; ++ n = 1; ++ while ($n == " ") ++ n++; ++ } ++ + # skip attribute, if any + while ($n ~ /^(__attribute__|__global)/ || + # skip modifiers, if any +-- +2.1.0 + diff --git a/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch new file mode 100644 index 000000000000..6b8b1e5b5d73 --- /dev/null +++ b/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch @@ -0,0 +1,134 @@ +From 7504fbd2239257f1a00a1a15d02862eea81f167c Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Tue, 5 May 2015 14:48:41 +1000 +Subject: [PATCH] dix: hook up the unaccelerated valuator masks + +If present, access the unaccelerated valuator mask values for DGA and XI2 raw +events. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +--- + dix/getevents.c | 31 ++++++++++++++++++++++--------- + hw/xfree86/common/xf86Xinput.c | 4 ++++ + 2 files changed, 26 insertions(+), 9 deletions(-) + +diff --git a/dix/getevents.c b/dix/getevents.c +index 6fb12c5..64bf76e 100644 +--- a/dix/getevents.c ++++ b/dix/getevents.c +@@ -213,14 +213,25 @@ init_raw(DeviceIntPtr dev, RawDeviceEvent *event, Time ms, int type, int detail) + } + + static void +-set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, double *data) ++set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, ++ BOOL use_unaccel, double *data) + { + int i; + ++ use_unaccel = use_unaccel && valuator_mask_has_unaccelerated(mask); ++ + for (i = 0; i < valuator_mask_size(mask); i++) { + if (valuator_mask_isset(mask, i)) { ++ double v; ++ + SetBit(event->valuators.mask, i); +- data[i] = valuator_mask_get_double(mask, i); ++ ++ if (use_unaccel) ++ v = valuator_mask_get_unaccelerated(mask, i); ++ else ++ v = valuator_mask_get_double(mask, i); ++ ++ data[i] = v; + } + } + } +@@ -1138,11 +1149,11 @@ GetKeyboardEvents(InternalEvent *events, DeviceIntPtr pDev, int type, + valuator_mask_copy(&mask, mask_in); + + init_raw(pDev, raw, ms, type, key_code); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + + clipValuators(pDev, &mask); + +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + event = &events->device_event; + init_device_event(event, pDev, ms); +@@ -1423,9 +1434,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + num_events++; + + init_raw(pDev, raw, ms, type, buttons); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + } + ++ valuator_mask_drop_unaccelerated(&mask); ++ + /* valuators are in driver-native format (rel or abs) */ + + if (flags & POINTER_ABSOLUTE) { +@@ -1438,7 +1451,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + transformAbsolute(pDev, &mask); + clipAbsolute(pDev, &mask); + if ((flags & POINTER_NORAW) == 0 && raw) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + } + else { + transformRelative(pDev, &mask); +@@ -1446,7 +1459,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, + if (flags & POINTER_ACCELERATE) + accelPointer(pDev, &mask, ms); + if ((flags & POINTER_NORAW) == 0 && raw) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + moveRelative(pDev, flags, &mask); + } +@@ -1951,7 +1964,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid, + events++; + num_events++; + init_raw(dev, raw, ms, type, client_id); +- set_raw_valuators(raw, &mask, raw->valuators.data_raw); ++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw); + } + + event = &events->device_event; +@@ -2013,7 +2026,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid, + screeny = dev->spriteInfo->sprite->hotPhys.y; + } + if (need_rawevent) +- set_raw_valuators(raw, &mask, raw->valuators.data); ++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data); + + /* Indirect device touch coordinates are not used for cursor positioning. + * They are merely informational, and are provided in device coordinates. +diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c +index 1fb5b16..5ce4c71 100644 +--- a/hw/xfree86/common/xf86Xinput.c ++++ b/hw/xfree86/common/xf86Xinput.c +@@ -1137,12 +1137,16 @@ xf86CheckMotionEvent4DGA(DeviceIntPtr device, int is_absolute, + dx = valuator_mask_get(mask, 0); + if (is_absolute) + dx -= device->last.valuators[0]; ++ else if (valuator_mask_has_unaccelerated(mask)) ++ dx = valuator_mask_get_unaccelerated(mask, 0); + } + + if (valuator_mask_isset(mask, 1)) { + dy = valuator_mask_get(mask, 1); + if (is_absolute) + dy -= device->last.valuators[1]; ++ else if (valuator_mask_has_unaccelerated(mask)) ++ dy = valuator_mask_get_unaccelerated(mask, 1); + } + + if (DGAStealMotionEvent(device, idx, dx, dy)) +-- +2.4.1 + @@ -2,15 +2,14 @@ # Original Maintainer: AndyRTR <andyrtr@archlinux.org> # Original Maintainer: Jan de Groot <jgc@archlinux.org> -# Based on Arch Linux commit 0ac3af529bbd3d73bbf3f76b822978da6ce9064e +# Based on Arch Linux commit 1dff94b27b2b8d9e312dd194a50b60852c33bb13 pkgbase=xorg-server-mir pkgname=(xorg-server-mir xorg-server-xephyr-mir xorg-server-xdmx-mir xorg-server-xvfb-mir xorg-server-xnest-mir xorg-server-xwayland-mir xorg-server-common-mir xorg-server-devel-mir) -pkgver=1.16.3 -_ubuntu_ver=1.16.2.901 -_ubuntu_rel=1ubuntu3 +_ubuntu_rel=0ubuntu4 +pkgver=1.17.1 pkgrel=1 arch=(i686 x86_64) license=(custom) @@ -22,23 +21,40 @@ makedepends=(pixman libx11 mesa mesa-libgl xf86driproto xcmiscproto xtrans libpciaccess libxv xf86dgaproto libxmu libxrender libxi dmxproto libxaw libdmx libxtst libxres xorg-xkbcomp xorg-util-macros xorg-font-util glproto dri2proto libgcrypt libepoxy xcb-util - xcb-util-image xcb-util-wm xcb-util-keysyms dri3proto libxshmfence) + xcb-util-image xcb-util-renderutil xcb-util-wm xcb-util-keysyms + dri3proto libxshmfence libunwind) makedepends+=(mir) -source=(${url}/releases/individual/xserver/xorg-server-${pkgver}.tar.bz2 #{,.sig} +validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C' + 'C383B778255613DFDB409D91DB221A6900000011') +source=(${url}/releases/individual/xserver/xorg-server-${pkgver}.tar.bz2{,.sig} https://launchpad.net/ubuntu/+archive/primary/+files/xorg-server_${_ubuntu_ver:-${pkgver}}-${_ubuntu_rel}.diff.gz - autoconfig-sis.patch nvidia-drm-outputclass.conf xvfb-run - xvfb-run.1) -sha512sums=('c0459ed95a6682b2094340b6b8fc7b59fcda5227ee2f13e87f68eb5c29b91cd3f05c5fc2126e33d6303beb3ad04d19466951ef4eb53f2e9918684cdaf3692c5a' -# 'SKIP' - '87c1211c1e01fa489f80edd07d67791212df2fc76362a60967ac8528e2980321d6d946a2fda789918d2a3bb771178c394d9f0c432d29cd56811ce04980f46a96' - '3211dbc6d8a84f3f6a77230a8e5fe13355b441768d864c2b3037b893be39f7b8d581c2a5db1e04f399ce19c4ced973b64eaad563d970ee9c7b8a93cb23a0aa18' + xvfb-run.1 + os-access-fix-regression-in-server-interpreted-auth.patch + v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + fix-CVE-2015-3164.patch) +sha512sums=('195a0e0a6bd9c7655e62dd40dfbd7dea77d10f1143d4fd6154e8bdbb463d3729f81ecd1e379d66f68e828d4f4583782c15ce260de24444802076844aec552c4f' + 'SKIP' + '280ef30b05c8d2bb876d4af04b47359fd7cf937a2d49f513f033797327e8350ef010c040bac3f67bc1b7c9fbe4b1b4322ccf70a5403d3401b0c6324e51ab1e3c' '06c649df3b02c6ccf5491fecd06f4c979656aaba2bb366e6197e96bb0eecd8d0a46245e69628d507ddc8c5fc6d5f1cac694f036bc45ba51f82a092ebd6097bf5' 'ca1cda27016f7c269cbdecc45da36255afeef5c1973cc484544f9dfbf56ed1868365c93a4c7f93e3a23e5322f084ec0cdd137e15b43872aae7f0c03040028ce6' - 'de5e2cb3c6825e6cf1f07ca0d52423e17f34d70ec7935e9dd24be5fb9883bf1e03b50ff584931bd3b41095c510ab2aa44d2573fd5feaebdcb59363b65607ff22') + 'de5e2cb3c6825e6cf1f07ca0d52423e17f34d70ec7935e9dd24be5fb9883bf1e03b50ff584931bd3b41095c510ab2aa44d2573fd5feaebdcb59363b65607ff22' + '976c0b93b7eb0a1ff05dacd8ebb9644db4211ec38bcd172fa2c3a8c4611ad2b8e47d8445f90b2f3d498c55fa76a53522cf6e210dcc5b9b56a19409d933874fd4' + '2e1fa43d2ecfd0387ca43cbfa99838f92d2cf5a4dcac2de98ba2d72eef28a15ab5cceee39919462ab9c175a9faa5dbd8b37492ff534110e434d434df6260ae9d' + '46cbc1abb3b12b49345d73f21bf8c5302b6d1b74eb615c291a12177701f6c20c8c777f4f3b427188d1fc7f5cc7116104f1285c6e28fa038810b09c940e4f1b76' + 'ecabb18ac448e2c528f9dd7648679514c4240570e3b3471d603d9249e577c824a4ecd89d88a4f67bb23ea3e567503aa1f31fd70dc2dcb1e0ea7a28d00514a689' + '890727bd21074f4990495cea74dcae1929b3fd56504b8ab599974eb2371ba26bc84c36b32ac9fee22c3b6092bb3a728927d70b9c2f731415b99d7ea0fa63caa1' + 'c442f566c861c746e92bde992cc736399c74df71a4a3b0e3abe43e7998ba97f2e6550b1fd1da21d9ba960314974dd95e8f3d6aab0b3fbe4c5a6af1a2a8c92495' + '51bf1ac1135512e8f2621f4dd211d4b80d3072e9ee6896a0d9c7ae569ca693a664cc1e5adf4f7c95da8d6626816ea17ef3bf0f488c121cb3c3b317884d3f3bfc' + 'b8b5a9a9bbf3c6b511196c919694c54b5c67090e7f535f65b61be0d33569b6f32180250637fd5cf0aef8e4fd33689a600553f61abcc43fa7e564bff04f0f3e3c') prepare() { cd "xorg-server-${pkgver}" @@ -47,16 +63,29 @@ prepare() { patch -p1 -i "../xorg-server_${_ubuntu_ver:-${pkgver}}-${_ubuntu_rel}.diff" # Disable patches - sed -i '/03_static-nettle.diff/d' debian/patches/series - sed -i '/ppc64el-endian-fix.patch/d' debian/patches/series + sed -i '/03_static-nettle.diff/d' debian/patches/series + sed -i '/ppc64el-endian-fix.patch/d' debian/patches/series for i in $(grep -v '#' debian/patches/series); do msg "Applying ${i} ..." patch -p1 -i "debian/patches/${i}" done - # Use unofficial imedia SiS driver for supported SiS devices - patch -p0 -i ../autoconfig-sis.patch + # fix FS#43884, merged upstream + patch -p1 -i ../os-access-fix-regression-in-server-interpreted-auth.patch + # partially fix FS#43867, merged upstream + patch -p1 -i ../v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch + # fix FS#43924, merged upstream + #patch -p1 -i ../0001-int10-Fix-error-check-for-pci_device_map_legacy.patch + # fix FS#43937, merged upstream + patch -p1 -i ../0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch + # fix FS#45245, merged upstream + patch -p1 -i ../0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch + # fix FS#45229, merged upstream + patch -p1 -i ../0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch + patch -p1 -i ../0002-dix-hook-up-the-unaccelerated-valuator-masks.patch + # fix CVE-2015-3164, merged upstream + patch -p1 -i ../fix-CVE-2015-3164.patch } build() { @@ -74,6 +103,7 @@ build() { --enable-xnest \ --enable-composite \ --enable-xcsecurity \ + --enable-libunwind \ --enable-xorg \ --enable-xephyr \ --enable-glamor \ @@ -91,7 +121,7 @@ build() { --disable-xfbdev \ --disable-xfake \ --disable-static \ - --libexecdir=/usr/bin \ + --libexecdir=/usr/lib/xorg-server \ --sysconfdir=/etc \ --localstatedir=/var \ --with-xkb-path=/usr/share/X11/xkb \ @@ -130,7 +160,8 @@ install_license() { package_xorg-server-common-mir() { pkgdesc="Xorg server common files" - depends=(xkeyboard-config xorg-xkbcomp xorg-setxkbmap xorg-fonts-misc) + depends=(xkeyboard-config xorg-xkbcomp xorg-setxkbmap xorg-fonts-misc + libunwind) replace_orig xorg-server-common install_license xorg-server-common-mir @@ -153,11 +184,11 @@ package_xorg-server-mir() { # see xorg-server-*/hw/xfree86/common/xf86Module.h for ABI versions - we # provide major numbers that drivers can depend on # and /usr/lib/pkgconfig/xorg-server.pc in xorg-server-devel pkg - provides=('X-ABI-VIDEODRV_VERSION=18' 'X-ABI-XINPUT_VERSION=21' - 'X-ABI-EXTENSION_VERSION=8.0' x-server) + provides=('X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21.1' + 'X-ABI-EXTENSION_VERSION=9.0' x-server) groups=(xorg) - conflicts=('nvidia-utils<=331.20' glamor-egl) - replaces=(glamor-egl) + conflicts=('nvidia-utils<=331.20' glamor-egl xf86-video-modesetting) + replaces=(glamor-egl xf86-video-modesetting) install=xorg-server.install replace_orig xorg-server @@ -188,7 +219,8 @@ package_xorg-server-mir() { package_xorg-server-xephyr-mir() { pkgdesc="A nested X server that runs as an X application" depends=(libxfont libgl libepoxy libgcrypt libxv pixman - xorg-server-common-mir xcb-util-image xcb-util-wm xcb-util-keysyms) + xorg-server-common-mir xcb-util-image xcb-util-renderutil + xcb-util-wm xcb-util-keysyms) replace_orig xorg-server-xephyr install_license xorg-server-xephyr-mir @@ -269,5 +301,6 @@ package_xorg-server-devel-mir() { rm -rf "${pkgdir}"/usr/share/doc/ rm -rf "${pkgdir}"/usr/share/X11/ rm -rf "${pkgdir}"/usr/lib/xorg/ + rm -rf "${pkgdir}"/usr/lib/xorg-server/ rm -rf "${pkgdir}"/var/ } diff --git a/autoconfig-sis.patch b/autoconfig-sis.patch deleted file mode 100644 index 0b50049db553..000000000000 --- a/autoconfig-sis.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- hw/xfree86/common/xf86pciBus.c.orig 2011-09-24 10:53:45.421697668 +0000 -+++ hw/xfree86/common/xf86pciBus.c 2011-09-24 10:55:56.416250708 +0000 -@@ -1200,9 +1200,15 @@ - break; - } - break; -- case 0x1039: -- driverList[0] = "sis"; -- break; -+ case 0x1039: -+ switch (dev->device_id) -+ { -+ case 0x6350: case 0x6351: -+ driverList[0] = "sisimedia"; driverList[1] = "sis"; break; -+ default: -+ driverList[0] = "sis"; break; -+ } -+ break; - case 0x126f: - driverList[0] = "siliconmotion"; - break; diff --git a/fix-CVE-2015-3164.patch b/fix-CVE-2015-3164.patch new file mode 100644 index 000000000000..e2ee1297323d --- /dev/null +++ b/fix-CVE-2015-3164.patch @@ -0,0 +1,311 @@ +From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:42 -0400 +Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] + +Xwayland currently allows wide-open access to the X sockets +it listens on, ignoring Xauth access control. + +This commit makes sure to enable access control on the sockets, +so one user can't snoop on another user's X-over-wayland +applications. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index 7e8d667..c5bee77 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) + int i; + + for (i = 0; i < xwl_screen->listen_fd_count; i++) +- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); ++ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); + } + + static void +-- +cgit v0.10.2 +From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:43 -0400 +Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] + +If the X server is started without a '-auth' argument, then +it gets started wide open to all local users on the system. + +This isn't a great default access model, but changing it in +Xorg at this point would break backward compatibility. + +Xwayland, on the other hand is new, and much more targeted +in scope. It could, in theory, be changed to allow the much +more secure default of a "user who started X server can connect +clients to that server." + +This commit paves the way for that change, by adding a mechanism +for DDXs to opt-in to that behavior. They merely need to call + +LocalAccessScopeUser() + +in their init functions. + +A subsequent commit will add that call for Xwayland. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/include/os.h b/include/os.h +index 6638c84..b2b96c8 100644 +--- a/include/os.h ++++ b/include/os.h +@@ -431,11 +431,28 @@ extern _X_EXPORT void + ResetHosts(const char *display); + + extern _X_EXPORT void ++EnableLocalAccess(void); ++ ++extern _X_EXPORT void ++DisableLocalAccess(void); ++ ++extern _X_EXPORT void + EnableLocalHost(void); + + extern _X_EXPORT void + DisableLocalHost(void); + ++#ifndef NO_LOCAL_CLIENT_CRED ++extern _X_EXPORT void ++EnableLocalUser(void); ++ ++extern _X_EXPORT void ++DisableLocalUser(void); ++ ++extern _X_EXPORT void ++LocalAccessScopeUser(void); ++#endif ++ + extern _X_EXPORT void + AccessUsingXdmcp(void); + +diff --git a/os/access.c b/os/access.c +index 8fa028e..75e7a69 100644 +--- a/os/access.c ++++ b/os/access.c +@@ -102,6 +102,10 @@ SOFTWARE. + #include <sys/ioctl.h> + #include <ctype.h> + ++#ifndef NO_LOCAL_CLIENT_CRED ++#include <pwd.h> ++#endif ++ + #if defined(TCPCONN) || defined(STREAMSCONN) + #include <netinet/in.h> + #endif /* TCPCONN || STREAMSCONN */ +@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; + static int LocalHostRequested = FALSE; + static int UsingXdmcp = FALSE; + ++static enum { ++ LOCAL_ACCESS_SCOPE_HOST = 0, ++#ifndef NO_LOCAL_CLIENT_CRED ++ LOCAL_ACCESS_SCOPE_USER, ++#endif ++} LocalAccessScope; ++ + /* FamilyServerInterpreted implementation */ + static Bool siAddrMatch(int family, void *addr, int len, HOST * host, + ClientPtr client); +@@ -237,6 +248,21 @@ static void siTypesInitialize(void); + */ + + void ++EnableLocalAccess(void) ++{ ++ switch (LocalAccessScope) { ++ case LOCAL_ACCESS_SCOPE_HOST: ++ EnableLocalHost(); ++ break; ++#ifndef NO_LOCAL_CLIENT_CRED ++ case LOCAL_ACCESS_SCOPE_USER: ++ EnableLocalUser(); ++ break; ++#endif ++ } ++} ++ ++void + EnableLocalHost(void) + { + if (!UsingXdmcp) { +@@ -249,6 +275,21 @@ EnableLocalHost(void) + * called when authorization is enabled to keep us secure + */ + void ++DisableLocalAccess(void) ++{ ++ switch (LocalAccessScope) { ++ case LOCAL_ACCESS_SCOPE_HOST: ++ DisableLocalHost(); ++ break; ++#ifndef NO_LOCAL_CLIENT_CRED ++ case LOCAL_ACCESS_SCOPE_USER: ++ DisableLocalUser(); ++ break; ++#endif ++ } ++} ++ ++void + DisableLocalHost(void) + { + HOST *self; +@@ -262,6 +303,74 @@ DisableLocalHost(void) + } + } + ++#ifndef NO_LOCAL_CLIENT_CRED ++static int GetLocalUserAddr(char **addr) ++{ ++ static const char *type = "localuser"; ++ static const char delimiter = '\0'; ++ static const char *value; ++ struct passwd *pw; ++ int length = -1; ++ ++ pw = getpwuid(getuid()); ++ ++ if (pw == NULL || pw->pw_name == NULL) ++ goto out; ++ ++ value = pw->pw_name; ++ ++ length = asprintf(addr, "%s%c%s", type, delimiter, value); ++ ++ if (length == -1) { ++ goto out; ++ } ++ ++ /* Trailing NUL */ ++ length++; ++ ++out: ++ return length; ++} ++ ++void ++EnableLocalUser(void) ++{ ++ char *addr = NULL; ++ int length = -1; ++ ++ length = GetLocalUserAddr(&addr); ++ ++ if (length == -1) ++ return; ++ ++ NewHost(FamilyServerInterpreted, addr, length, TRUE); ++ ++ free(addr); ++} ++ ++void ++DisableLocalUser(void) ++{ ++ char *addr = NULL; ++ int length = -1; ++ ++ length = GetLocalUserAddr(&addr); ++ ++ if (length == -1) ++ return; ++ ++ RemoveHost(NULL, FamilyServerInterpreted, length, addr); ++ ++ free(addr); ++} ++ ++void ++LocalAccessScopeUser(void) ++{ ++ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER; ++} ++#endif ++ + /* + * called at init time when XDMCP will be used; xdmcp always + * adds local hosts manually when needed +diff --git a/os/auth.c b/os/auth.c +index 5fcb538..7da6fc6 100644 +--- a/os/auth.c ++++ b/os/auth.c +@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, + + /* + * If the authorization file has at least one entry for this server, +- * disable local host access. (loadauth > 0) ++ * disable local access. (loadauth > 0) + * + * If there are zero entries (either initially or when the + * authorization file is later reloaded), or if a valid +- * authorization file was never loaded, enable local host access. ++ * authorization file was never loaded, enable local access. + * (loadauth == 0 || !loaded) + * + * If the authorization file was loaded initially (with valid +@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, + */ + + if (loadauth > 0) { +- DisableLocalHost(); /* got at least one */ ++ DisableLocalAccess(); /* got at least one */ + loaded = TRUE; + } + else if (loadauth == 0 || !loaded) +- EnableLocalHost(); ++ EnableLocalAccess(); + } + if (name_length) { + for (i = 0; i < NUM_AUTHORIZATION; i++) { +-- +cgit v0.10.2 +From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Tue, 5 May 2015 16:43:44 -0400 +Subject: xwayland: default to local user if no xauth file given. + [CVE-2015-3164 3/3] + +Right now if "-auth" isn't passed on the command line, we let +any user on the system connect to the Xwayland server. + +That's clearly suboptimal, given Xwayland is generally designed +to be used by one user at a time. + +This commit changes the behavior, so only the user who started the +X server can connect clients to it. + +Signed-off-by: Ray Strode <rstrode@redhat.com> +Reviewed-by: Daniel Stone <daniels@collabora.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c +index c5bee77..bc92beb 100644 +--- a/hw/xwayland/xwayland.c ++++ b/hw/xwayland/xwayland.c +@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) + if (AddScreen(xwl_screen_init, argc, argv) == -1) { + FatalError("Couldn't add screen\n"); + } ++ ++ LocalAccessScopeUser(); + } +-- +cgit v0.10.2 + diff --git a/os-access-fix-regression-in-server-interpreted-auth.patch b/os-access-fix-regression-in-server-interpreted-auth.patch new file mode 100644 index 000000000000..b96bb7a31743 --- /dev/null +++ b/os-access-fix-regression-in-server-interpreted-auth.patch @@ -0,0 +1,30 @@ +diff --git a/os/access.c b/os/access.c +index 28f2d32..fe6e831 100644 +--- a/os/access.c ++++ b/os/access.c +@@ -1390,14 +1390,23 @@ InvalidHost(register struct sockaddr *saddr, int len, ClientPtr client) + else + return 0; + } ++ ++ /* An empty address requires both a NULL addr *and* a zero length ++ * as the address comparison functions call memcmp with both ++ * parameters. Make sure they agree here ++ */ ++ if (addr == NULL) ++ len = 0; ++ if (len == 0) ++ addr = NULL; + for (host = validhosts; host; host = host->next) { + if (host->family == FamilyServerInterpreted) { +- if (addr && siAddrMatch(family, addr, len, host, client)) { ++ if (siAddrMatch(family, addr, len, host, client)) { + return 0; + } + } + else { +- if (addr && addrEqual(family, addr, len, host)) ++ if (addrEqual(family, addr, len, host)) + return 0; + } + diff --git a/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch b/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch new file mode 100644 index 000000000000..02dbaf22f93f --- /dev/null +++ b/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch @@ -0,0 +1,23 @@ +diff --git a/os/xdmcp.c b/os/xdmcp.c +index b6e97c9..0e9e625 100644 +--- a/os/xdmcp.c ++++ b/os/xdmcp.c +@@ -1409,8 +1409,16 @@ recv_alive_msg(unsigned length) + static void + XdmcpFatal(const char *type, ARRAY8Ptr status) + { +- FatalError("XDMCP fatal error: %s %*.*s\n", type, +- status->length, status->length, status->data); ++ char *error_message; ++ ++ /* error_message is leaked, but that's fine, we're aborting */ ++ error_message = malloc (status->length + 1); ++ if (!error_message) ++ FatalError("XDMCP fatal error: %s", type); ++ ++ memcpy(error_message, status->data, status->length); ++ error_message[status->length] = '\0'; ++ FatalError("XDMCP fatal error: %s %s\n", type, error_message); + } + + static void |