diff --git a/U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch b/U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch new file mode 100644 index 0000000..7d2f56f --- /dev/null +++ b/U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch @@ -0,0 +1,31 @@ +From e50c85f4ebf559a3bac4817b41074c43d4691779 Mon Sep 17 00:00:00 2001 +From: Eric Anholt +Date: Fri, 26 Oct 2018 17:47:30 -0700 +Subject: [PATCH] Fix segfault on probing a non-PCI platform device on a system + with PCI. + +Some Broadcom set-top-box boards have PCI busses, but the GPU is still +probed through DT. We would dereference a null busid here in that +case. + +Signed-off-by: Eric Anholt +--- + hw/xfree86/common/xf86platformBus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/xfree86/common/xf86platformBus.c b/hw/xfree86/common/xf86platformBus.c +index cef47da03..dadbac6c8 100644 +--- a/hw/xfree86/common/xf86platformBus.c ++++ b/hw/xfree86/common/xf86platformBus.c +@@ -289,7 +289,7 @@ xf86platformProbe(void) + for (i = 0; i < xf86_num_platform_devices; i++) { + char *busid = xf86_platform_odev_attributes(i)->busid; + +- if (pci && (strncmp(busid, "pci:", 4) == 0)) { ++ if (pci && busid && (strncmp(busid, "pci:", 4) == 0)) { + platform_find_pci_info(&xf86_platform_devices[i], busid); + } + +-- +2.16.4 + diff --git a/U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch b/U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch new file mode 100644 index 0000000..30fac1b --- /dev/null +++ b/U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch @@ -0,0 +1,40 @@ +From 39cb95e959fab97a7e255dda1a1599b096fb0f7e Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Tue, 8 Sep 2020 10:03:11 +0200 +Subject: [PATCH] Revert "linux: Fix platform device PCI detection for complex + bus topologies" + +This reverts commit 5c96eb5f44e62a4cfe835023cde304eb5795b8fd. + +https://gitlab.freedesktop.org/xorg/xserver/-/issues/1068 +--- + config/udev.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/config/udev.c b/config/udev.c +index 14409549b..8c6c4b666 100644 +--- a/config/udev.c ++++ b/config/udev.c +@@ -470,7 +470,7 @@ config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path + config_odev_probe_proc_ptr probe_callback) + { + struct OdevAttributes *attribs = config_odev_allocate_attributes(); +- const char *value, *str; ++ const char *value; + + attribs->path = XNFstrdup(path); + attribs->syspath = XNFstrdup(syspath); +@@ -478,8 +478,8 @@ config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path + attribs->minor = minor; + + value = udev_device_get_property_value(udev_device, "ID_PATH"); +- if (value && (str = strstr(value, "pci-"))) { +- attribs->busid = XNFstrdup(str); ++ if (value && !strncmp(value, "pci-", 4)) { ++ attribs->busid = XNFstrdup(value); + attribs->busid[3] = ':'; + } + +-- +2.16.4 + diff --git a/U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch b/U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch new file mode 100644 index 0000000..62a510d --- /dev/null +++ b/U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch @@ -0,0 +1,60 @@ +From 4b6fce5975c2f931a0478cf4deeec97529b05eb6 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Tue, 8 Sep 2020 10:01:55 +0200 +Subject: [PATCH] Revert "linux: Fix platform device probe for DT-based PCI" + +This reverts commit 249a12c54a9316b089bd22683c011519348496df. + +https://gitlab.freedesktop.org/xorg/xserver/-/issues/1068 +--- + config/udev.c | 27 +-------------------------- + 1 file changed, 1 insertion(+), 26 deletions(-) + +diff --git a/config/udev.c b/config/udev.c +index b00d90237..14409549b 100644 +--- a/config/udev.c ++++ b/config/udev.c +@@ -464,31 +464,6 @@ config_udev_fini(void) + + #ifdef CONFIG_UDEV_KMS + +-/* Find the last occurrence of the needle in haystack */ +-static char *strrstr(const char *haystack, const char *needle) +-{ +- char *prev, *last, *tmp; +- +- prev = strstr(haystack, needle); +- if (!prev) +- return NULL; +- +- last = prev; +- tmp = prev + 1; +- +- while (tmp) { +- last = strstr(tmp, needle); +- if (!last) +- return prev; +- else { +- prev = last; +- tmp = prev + 1; +- } +- } +- +- return last; +-} +- + static void + config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path, const char *syspath, + int major, int minor, +@@ -503,7 +478,7 @@ config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path + attribs->minor = minor; + + value = udev_device_get_property_value(udev_device, "ID_PATH"); +- if (value && (str = strrstr(value, "pci-"))) { ++ if (value && (str = strstr(value, "pci-"))) { + attribs->busid = XNFstrdup(str); + attribs->busid[3] = ':'; + } +-- +2.16.4 + diff --git a/U_Revert-linux-Make-platform-device-probe-less-fragile.patch b/U_Revert-linux-Make-platform-device-probe-less-fragile.patch new file mode 100644 index 0000000..4e9e791 --- /dev/null +++ b/U_Revert-linux-Make-platform-device-probe-less-fragile.patch @@ -0,0 +1,132 @@ +From af4c84ce8855e84c0ad89b929bc972e884f0b8e3 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Tue, 8 Sep 2020 10:03:33 +0200 +Subject: [PATCH] Revert "linux: Make platform device probe less fragile" + +This reverts commit 74b7427c41b4e4104af7abf70a996c086d3d7628. + +https://gitlab.freedesktop.org/xorg/xserver/-/issues/1068 +--- + config/udev.c | 17 +++++------------ + hw/xfree86/os-support/linux/lnx_platform.c | 20 ++++++++++++++++++-- + 2 files changed, 23 insertions(+), 14 deletions(-) + +diff --git a/config/udev.c b/config/udev.c +index 8c6c4b666..3a73189e2 100644 +--- a/config/udev.c ++++ b/config/udev.c +@@ -56,7 +56,7 @@ static struct udev_monitor *udev_monitor; + + #ifdef CONFIG_UDEV_KMS + static void +-config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path, const char *syspath, ++config_udev_odev_setup_attribs(const char *path, const char *syspath, + int major, int minor, + config_odev_probe_proc_ptr probe_callback); + #endif +@@ -128,7 +128,7 @@ device_added(struct udev_device *udev_device) + + LogMessage(X_INFO, "config/udev: Adding drm device (%s)\n", path); + +- config_udev_odev_setup_attribs(udev_device, path, syspath, major(devnum), ++ config_udev_odev_setup_attribs(path, syspath, major(devnum), + minor(devnum), NewGPUDeviceRequest); + return; + } +@@ -322,7 +322,7 @@ device_removed(struct udev_device *device) + + LogMessage(X_INFO, "config/udev: removing GPU device %s %s\n", + syspath, path); +- config_udev_odev_setup_attribs(device, path, syspath, major(devnum), ++ config_udev_odev_setup_attribs(path, syspath, major(devnum), + minor(devnum), DeleteGPUDeviceRequest); + /* Retry vtenter after a drm node removal */ + systemd_logind_vtenter(); +@@ -465,24 +465,17 @@ config_udev_fini(void) + #ifdef CONFIG_UDEV_KMS + + static void +-config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path, const char *syspath, ++config_udev_odev_setup_attribs(const char *path, const char *syspath, + int major, int minor, + config_odev_probe_proc_ptr probe_callback) + { + struct OdevAttributes *attribs = config_odev_allocate_attributes(); +- const char *value; + + attribs->path = XNFstrdup(path); + attribs->syspath = XNFstrdup(syspath); + attribs->major = major; + attribs->minor = minor; + +- value = udev_device_get_property_value(udev_device, "ID_PATH"); +- if (value && !strncmp(value, "pci-", 4)) { +- attribs->busid = XNFstrdup(value); +- attribs->busid[3] = ':'; +- } +- + /* ownership of attribs is passed to probe layer */ + probe_callback(attribs); + } +@@ -523,7 +516,7 @@ config_udev_odev_probe(config_odev_probe_proc_ptr probe_callback) + else if (!check_seat(udev_device)) + goto no_probe; + +- config_udev_odev_setup_attribs(udev_device, path, syspath, major(devnum), ++ config_udev_odev_setup_attribs(path, syspath, major(devnum), + minor(devnum), probe_callback); + no_probe: + udev_device_unref(udev_device); +diff --git a/hw/xfree86/os-support/linux/lnx_platform.c b/hw/xfree86/os-support/linux/lnx_platform.c +index e62306219..70374ace8 100644 +--- a/hw/xfree86/os-support/linux/lnx_platform.c ++++ b/hw/xfree86/os-support/linux/lnx_platform.c +@@ -23,13 +23,13 @@ + static Bool + get_drm_info(struct OdevAttributes *attribs, char *path, int delayed_index) + { ++ drmSetVersion sv; + drmVersionPtr v; ++ char *buf; + int fd; + int err = 0; + Bool paused, server_fd = FALSE; + +- LogMessage(X_INFO, "Platform probe for %s\n", attribs->syspath); +- + fd = systemd_logind_take_fd(attribs->major, attribs->minor, path, &paused); + if (fd != -1) { + if (paused) { +@@ -48,6 +48,18 @@ get_drm_info(struct OdevAttributes *attribs, char *path, int delayed_index) + if (fd == -1) + return FALSE; + ++ sv.drm_di_major = 1; ++ sv.drm_di_minor = 4; ++ sv.drm_dd_major = -1; /* Don't care */ ++ sv.drm_dd_minor = -1; /* Don't care */ ++ ++ err = drmSetInterfaceVersion(fd, &sv); ++ if (err) { ++ xf86Msg(X_ERROR, "%s: failed to set DRM interface version 1.4: %s\n", ++ path, strerror(-err)); ++ goto out; ++ } ++ + /* for a delayed probe we've already added the device */ + if (delayed_index == -1) { + xf86_add_platform_device(attribs, FALSE); +@@ -57,6 +69,10 @@ get_drm_info(struct OdevAttributes *attribs, char *path, int delayed_index) + if (server_fd) + xf86_platform_devices[delayed_index].flags |= XF86_PDEV_SERVER_FD; + ++ buf = drmGetBusid(fd); ++ xf86_platform_odev_attributes(delayed_index)->busid = XNFstrdup(buf); ++ drmFreeBusid(buf); ++ + v = drmGetVersion(fd); + if (!v) { + xf86Msg(X_ERROR, "%s: failed to query DRM version\n", path); +-- +2.16.4 + diff --git a/n_xorg-wrapper-anybody.patch b/n_xorg-wrapper-anybody.patch new file mode 100644 index 0000000..552762e --- /dev/null +++ b/n_xorg-wrapper-anybody.patch @@ -0,0 +1,11 @@ +--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c.old 2020-09-30 12:25:12.757532000 +0200 ++++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-30 12:27:12.809554000 +0200 +@@ -254,7 +254,7 @@ int main(int argc, char *argv[]) + int i, r, fd; + int kms_cards = 0; + int total_cards = 0; +- int allowed = CONSOLE_ONLY; ++ int allowed = ANYBODY; + int needs_root_rights = -1; + char *const empty_envp[1] = { NULL, }; + diff --git a/n_xorg-wrapper-rename-Xorg.patch b/n_xorg-wrapper-rename-Xorg.patch new file mode 100644 index 0000000..4563665 --- /dev/null +++ b/n_xorg-wrapper-rename-Xorg.patch @@ -0,0 +1,20 @@ +--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c.old 2020-09-24 03:16:27.270885000 +0200 ++++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-24 03:18:42.047597000 +0200 +@@ -375,7 +375,7 @@ int main(int argc, char *argv[]) + } + } + +- snprintf(buf, sizeof(buf), "%s/Xorg", SUID_WRAPPER_DIR); ++ snprintf(buf, sizeof(buf), "%s/Xorg.bin", SUID_WRAPPER_DIR); + + /* Check if the server is executable by our real uid */ + if (access(buf, X_OK) != 0) { +--- xserver-1.20.9/hw/xfree86/Xorg.sh.in.orig 2020-09-24 03:36:20.690412000 +0200 ++++ xserver-1.20.9/hw/xfree86/Xorg.sh.in 2020-09-24 03:36:37.594497000 +0200 +@@ -7,5 +7,5 @@ + if [ -x "$basedir"/Xorg.wrap ]; then + exec "$basedir"/Xorg.wrap "$@" + else +- exec "$basedir"/Xorg "$@" ++ exec "$basedir"/Xorg.bin "$@" + fi diff --git a/u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch b/u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch new file mode 100644 index 0000000..6fb7b47 --- /dev/null +++ b/u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch @@ -0,0 +1,96 @@ +--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c ++++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-29 12:52:59.256970275 +0200 +@@ -191,6 +191,60 @@ + return 0; + } + ++static int check_vt_range(long int vt) ++{ ++ if (vt >= 2 && vt <= 7 ) { ++ return 1; ++ } ++ ++ return 0; ++} ++ ++/* Xserver option whitelist filter (boo#1175867) */ ++static int option_filter(int argc, char* argv[]){ ++ ++ for(int pos=1; pos + +- n_xorg-wrapper-anybody.patch + * replace default config /etc/X11/Xwrapper, which allows + anybody to use the wrapper, by a patch for the code, i.e. + # rootonly, console, anybody + allowed_users=anybody + # yes, no, auto + needs_root_rights=auto + is now the default without any Xwrapper config + (needs_root_rights=auto was already the default before) + +------------------------------------------------------------------- +Tue Sep 29 14:47:48 UTC 2020 - Stefan Dirsch + +- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch + * replaced by improved version written by Matthias Gerstner of + our security team + + simplified the option parsing code a bit + + changed the "ignore forbidden argument" logic into an "abort + on forbidden argument" logic. This is safer and avoids + surprises on the user's end that could occur if the desired + command line arguments aren't effective but the Xorg server is + still started. + + tried to adjust to the coding style present in the file + (mostly the function name) + + added some logic to apply the option filtering only to + non-root users when Xorg is actually started as root. This + should allow for full flexibility if root calls the wrapper or + if the Xorg server only runs with user privileges. + +------------------------------------------------------------------- +Mon Sep 28 10:29:23 UTC 2020 - Stefan Dirsch + +- U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch, + U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch, + U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch, + U_Revert-linux-Make-platform-device-probe-less-fragile.patch + * fix Xserver startup on Raspberry Pi 3 (boo#1176203) + +------------------------------------------------------------------- +Thu Sep 24 01:40:17 UTC 2020 - Stefan Dirsch + +- n_xorg-wrapper-rename-Xorg.patch + * moved Xorg to Xorg.bin and Xorg.sh to Xorg (boo#1175867) +- change default for needs_root_rights to auto in Xwrapper.config + (boo#1175867) + +------------------------------------------------------------------- +Wed Sep 16 10:54:32 UTC 2020 - Stefan Dirsch + +- reenabled SUID wrapper for TW (boo#1175867) +- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch + * Xserver option whitelist filter (boo#1175867) + ------------------------------------------------------------------- Wed Sep 9 18:50:37 UTC 2020 - Michael Gorse diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index c176aa3..c8bb9dd 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -26,19 +26,18 @@ %define have_wayland 1 %endif -%define build_suid_wrapper 0 - -%if 0%{!?build_suid_wrapper:1} -%ifarch s390 s390x -%define build_suid_wrapper 0 -%else -%if 0%{?suse_version} >= 1330 %define build_suid_wrapper 1 -%define suid_wrapper_dir %{_libexecdir} -%else -%define build_suid_wrapper 0 -%endif -%endif + +%if 0%{?build_suid_wrapper:1} + %ifarch s390 s390x + %define build_suid_wrapper 0 + %else + %if 0%{?suse_version} >= 1550 + %define suid_wrapper_dir %{_bindir} + %else + %define build_suid_wrapper 0 + %endif + %endif %endif Name: xorg-x11-server @@ -213,6 +212,9 @@ Patch6: N_fix-dpi-values.diff Patch7: N_Install-Avoid-failure-on-wrapper-installation.patch Patch8: u_xorg-wrapper-Drop-supplemental-group-IDs.patch Patch9: u_xorg-wrapper-build-Build-position-independent-code.patch +Patch10: u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch +Patch11: n_xorg-wrapper-rename-Xorg.patch +Patch12: n_xorg-wrapper-anybody.patch Patch100: u_01-Improved-ConfineToShape.patch Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch # PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions @@ -251,6 +253,11 @@ Patch1505: U_xwayland-Allow-passing-a-fd.patch Patch1600: U_glamor_egl-Reject-OpenGL-2.1-early-on.patch Patch1700: U_xfree86_take_second_ref_for_xcursor.patch +Patch1801: U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch +Patch1802: U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch +Patch1803: U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch +Patch1804: U_Revert-linux-Make-platform-device-probe-less-fragile.patch + %description This package contains the X.Org Server. @@ -300,8 +307,6 @@ Summary: Xserver SUID Wrapper Group: System/X11/Servers/XF86_4 PreReq: permissions Requires: xorg-x11-server == %{version} -Provides: xorg-x11-server-wayland = 7.6_%{version} -Obsoletes: xorg-x11-server-wayland < 7.6_%{version} %description wrapper This package contains an SUID wrapper for the Xserver. @@ -372,6 +377,9 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 # %patch100 -p1 #%patch101 -p1 @@ -400,6 +408,10 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch1505 -p1 %patch1600 -p1 %patch1700 -p1 +%patch1801 -p1 +%patch1802 -p1 +%patch1803 -p1 +%patch1804 -p1 %build %define _lto_cflags %{nil} @@ -484,6 +496,12 @@ chmod u-s %{buildroot}%{_bindir}/Xorg %__mkdir_p %{buildroot}%{pci_ids_dir} install -m 644 %{S:6} %{buildroot}%{pci_ids_dir} %endif +%if 0%{?build_suid_wrapper} == 1 +mv %{buildroot}%{_bindir}/Xorg \ + %{buildroot}%{_bindir}/Xorg.bin +mv %{buildroot}%{_bindir}/Xorg.sh \ + %{buildroot}%{_bindir}/Xorg +%endif ln -snf Xorg %{buildroot}%{_bindir}/X %if 0%{?suse_version} > 1120 %{__install} -m 644 %{S:5} %{buildroot}%{_datadir}/X11/xorg.conf.d @@ -607,7 +625,7 @@ fi %ifnarch s390 s390x %{_bindir}/Xorg %if 0%{?build_suid_wrapper} == 1 -%{suid_wrapper_dir}/Xorg +%{_bindir}/Xorg.bin %endif %{_bindir}/X