From e567a3ebf272f90f445661f3a0cff120f8d4fb5a666a976c408a9f73a7dbeb56 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Fri, 3 Mar 2017 15:47:39 +0000 Subject: [PATCH] Accepting request 476752 from home:tobijk:X11:XOrg - Update to version 1.19.2: A collection of stability fixes here across glamor, Xwayland, input, and Prime support. Also a security fix for CVE-2017-2624, a timing attack which can brute-force MIT-MAGIC-COOKIE authentication. - Remove upstream patches: + U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch + U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch + U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch OBS-URL: https://build.opensuse.org/request/show/476752 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=658 --- ...the-input-lock-for-xf86RecolorCursor.patch | 76 ------------------- ...put-lock-for-xf86ScreenCheckHWCursor.patch | 65 ---------------- ...input-lock-for-xf86TransparentCursor.patch | 38 ---------- xorg-server-1.19.1.tar.bz2 | 3 - xorg-server-1.19.2.tar.bz2 | 3 + xorg-x11-server.changes | 12 +++ xorg-x11-server.spec | 9 +-- 7 files changed, 16 insertions(+), 190 deletions(-) delete mode 100644 U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch delete mode 100644 U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch delete mode 100644 U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch delete mode 100644 xorg-server-1.19.1.tar.bz2 create mode 100644 xorg-server-1.19.2.tar.bz2 diff --git a/U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch b/U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch deleted file mode 100644 index 5f3334e..0000000 --- a/U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 7198a6d4e74f684cb383b3e0f70dd2bae405e6e7 Mon Sep 17 00:00:00 2001 -From: Chris Wilson -Date: Mon, 16 Jan 2017 22:17:36 +0000 -Subject: [PATCH xserver] xfree86: Take the input lock for xf86RecolorCursor - -xf86RecolorCursor() may be called directly from XRecolorCursor as well -as from xf86ScreenSetCursor(). In the latter case, the input lock is -already held, but not for the former and so we need to add a wrapper -function that acquires the input lock before performing -xf86RecolorCursor() - -References: https://bugs.freedesktop.org/show_bug.cgi?id=99358 ---- - hw/xfree86/ramdac/xf86HWCurs.c | 24 ++++++++++++++++++------ - 1 file changed, 18 insertions(+), 6 deletions(-) - -diff --git a/hw/xfree86/ramdac/xf86HWCurs.c b/hw/xfree86/ramdac/xf86HWCurs.c -index 4481320..55d5861 100644 ---- a/hw/xfree86/ramdac/xf86HWCurs.c -+++ b/hw/xfree86/ramdac/xf86HWCurs.c -@@ -22,6 +22,9 @@ - - #include "servermd.h" - -+static void -+xf86RecolorCursor_locked(xf86CursorScreenPtr ScreenPriv, CursorPtr pCurs); -+ - static CARD32 - xf86ReverseBitOrder(CARD32 v) - { -@@ -204,7 +207,7 @@ xf86ScreenSetCursor(ScreenPtr pScreen, CursorPtr pCurs, int x, int y) - if (!xf86DriverLoadCursorImage (infoPtr, bits)) - return FALSE; - -- xf86RecolorCursor(pScreen, pCurs, 1); -+ xf86RecolorCursor_locked (ScreenPriv, pCurs); - - (*infoPtr->SetCursorPosition) (infoPtr->pScrn, x, y); - -@@ -312,12 +315,9 @@ xf86MoveCursor(ScreenPtr pScreen, int x, int y) - input_unlock(); - } - --void --xf86RecolorCursor(ScreenPtr pScreen, CursorPtr pCurs, Bool displayed) -+static void -+xf86RecolorCursor_locked(xf86CursorScreenPtr ScreenPriv, CursorPtr pCurs) - { -- xf86CursorScreenPtr ScreenPriv = -- (xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates, -- xf86CursorScreenKey); - xf86CursorInfoPtr infoPtr = ScreenPriv->CursorInfoPtr; - - /* recoloring isn't applicable to ARGB cursors and drivers -@@ -357,6 +357,18 @@ xf86RecolorCursor(ScreenPtr pScreen, CursorPtr pCurs, Bool displayed) - } - } - -+void -+xf86RecolorCursor(ScreenPtr pScreen, CursorPtr pCurs, Bool displayed) -+{ -+ xf86CursorScreenPtr ScreenPriv = -+ (xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates, -+ xf86CursorScreenKey); -+ -+ input_lock(); -+ xf86RecolorCursor_locked (ScreenPriv, pCurs); -+ input_unlock(); -+} -+ - /* These functions assume that MaxWidth is a multiple of 32 */ - static unsigned char * - RealizeCursorInterleave0(xf86CursorInfoPtr infoPtr, CursorPtr pCurs) --- -2.10.2 - diff --git a/U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch b/U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch deleted file mode 100644 index 63ffdff..0000000 --- a/U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch +++ /dev/null @@ -1,65 +0,0 @@ -From chris at chris-wilson.co.uk Thu Feb 2 10:51:46 2017 -From: chris at chris-wilson.co.uk (Chris Wilson) -Date: Thu, 2 Feb 2017 10:51:46 +0000 -Subject: [PATCH xserver 3/3] xfree86: Take input_lock() for - -Add the missing input_lock() around the call into the driver's -UseHWCursor() callback. - -References: https://bugs.freedesktop.org/show_bug.cgi?id=99358 ---- - hw/xfree86/ramdac/xf86HWCurs.c | 27 ++++++++++++++++++++------- - 1 file changed, 20 insertions(+), 7 deletions(-) - -diff --git a/hw/xfree86/ramdac/xf86HWCurs.c b/hw/xfree86/ramdac/xf86HWCurs.c -index 26dc7e5af..09d59b15d 100644 ---- a/hw/xfree86/ramdac/xf86HWCurs.c -+++ b/hw/xfree86/ramdac/xf86HWCurs.c -@@ -139,9 +139,14 @@ Bool - xf86CheckHWCursor(ScreenPtr pScreen, CursorPtr cursor, xf86CursorInfoPtr infoPtr) - { - ScreenPtr pSlave; -+ Bool use_hw_cursor = TRUE; - -- if (!xf86ScreenCheckHWCursor(pScreen, cursor, infoPtr)) -- return FALSE; -+ input_lock(); -+ -+ if (!xf86ScreenCheckHWCursor(pScreen, cursor, infoPtr)) { -+ use_hw_cursor = FALSE; -+ goto unlock; -+ } - - /* ask each driver consuming a pixmap if it can support HW cursor */ - xorg_list_for_each_entry(pSlave, &pScreen->slave_list, slave_head) { -@@ -151,14 +156,22 @@ xf86CheckHWCursor(ScreenPtr pScreen, CursorPtr cursor, xf86CursorInfoPtr infoPtr - continue; - - sPriv = dixLookupPrivate(&pSlave->devPrivates, xf86CursorScreenKey); -- if (!sPriv) /* NULL if Option "SWCursor", possibly other conditions */ -- return FALSE; -+ if (!sPriv) { /* NULL if Option "SWCursor", possibly other conditions */ -+ use_hw_cursor = FALSE; -+ break; -+ } - - /* FALSE if HWCursor not supported by slave */ -- if (!xf86ScreenCheckHWCursor(pSlave, cursor, sPriv->CursorInfoPtr)) -- return FALSE; -+ if (!xf86ScreenCheckHWCursor(pSlave, cursor, sPriv->CursorInfoPtr)) { -+ use_hw_cursor = FALSE; -+ break; -+ } - } -- return TRUE; -+ -+unlock: -+ input_unlock(); -+ -+ return use_hw_cursor; - } - - static Bool --- -2.11.0 - diff --git a/U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch b/U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch deleted file mode 100644 index d40c403..0000000 --- a/U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch +++ /dev/null @@ -1,38 +0,0 @@ -From chris at chris-wilson.co.uk Thu Feb 2 10:51:45 2017 -From: chris at chris-wilson.co.uk (Chris Wilson) -Date: Thu, 2 Feb 2017 10:51:45 +0000 -Subject: [PATCH xserver 2/3] xfree86: Take input lock for xf86TransparentCursor - -The new input lock is missing for the xf86TransparentCursor() entry -point. - -References: https://bugs.freedesktop.org/show_bug.cgi?id=99358 ---- - hw/xfree86/ramdac/xf86HWCurs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/xfree86/ramdac/xf86HWCurs.c b/hw/xfree86/ramdac/xf86HWCurs.c -index 55d5861c1..26dc7e5af 100644 ---- a/hw/xfree86/ramdac/xf86HWCurs.c -+++ b/hw/xfree86/ramdac/xf86HWCurs.c -@@ -261,6 +261,8 @@ xf86SetTransparentCursor(ScreenPtr pScreen) - xf86CursorScreenKey); - xf86CursorInfoPtr infoPtr = ScreenPriv->CursorInfoPtr; - -+ input_lock(); -+ - if (!ScreenPriv->transparentData) - ScreenPriv->transparentData = - (*infoPtr->RealizeCursor) (infoPtr, NullCursor); -@@ -273,6 +275,8 @@ xf86SetTransparentCursor(ScreenPtr pScreen) - ScreenPriv->transparentData); - - (*infoPtr->ShowCursor) (infoPtr->pScrn); -+ -+ input_unlock(); - } - - static void --- -2.11.0 - diff --git a/xorg-server-1.19.1.tar.bz2 b/xorg-server-1.19.1.tar.bz2 deleted file mode 100644 index 0b9020a..0000000 --- a/xorg-server-1.19.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:79ae2cf39d3f6c4a91201d8dad549d1d774b3420073c5a70d390040aa965a7fb -size 6041792 diff --git a/xorg-server-1.19.2.tar.bz2 b/xorg-server-1.19.2.tar.bz2 new file mode 100644 index 0000000..78bc6cf --- /dev/null +++ b/xorg-server-1.19.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f8ab9f4a1a885fe7550080555381b34b82858582559e8e3c4da96e3a85884bb +size 5969543 diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 7f4e285..b991f36 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Mar 2 23:29:00 UTC 2017 - tobias.johannes.klausmann@mni.thm.de + +- Update to version 1.19.2: + A collection of stability fixes here across glamor, Xwayland, input, + and Prime support. Also a security fix for CVE-2017-2624, a timing + attack which can brute-force MIT-MAGIC-COOKIE authentication. +- Remove upstream patches: + + U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch + + U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch + + U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch + ------------------------------------------------------------------- Tue Feb 21 13:39:27 UTC 2017 - denis.kondratenko@suse.com diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index d91e872..4c09c41 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -41,7 +41,7 @@ %endif Name: xorg-x11-server -Version: 1.19.1 +Version: 1.19.2 Release: 0 Url: http://xorg.freedesktop.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -210,9 +210,6 @@ Patch1000: n_xserver-optimus-autoconfig-hack.patch Patch1162: b_cache-xkbcomp-output-for-fast-start-up.patch Patch1211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch Patch1222: b_sync-fix.patch -Patch1223: U_xfree86-Take-the-input-lock-for-xf86RecolorCursor.patch -Patch1224: U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch -Patch1225: U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch %description This package contains the X.Org Server. @@ -350,10 +347,6 @@ sh %{SOURCE92} --verify . %{SOURCE91} ### patch222 might not be applicable anymore #%patch1222 -p1 -%patch1223 -p1 -%patch1224 -p1 -%patch1225 -p1 - %build test -e source-file-list || \ find -L . -type f \! -name '*.orig' \! -path ./source-file-list > \