rpm/xorg-x11-server
SHA256
1
0
Fork 0
forked from pool/xorg-x11-server
Code Pull Requests Activity

Accepting request 393308 from X11:XOrg

Browse Source 
- removed u_exa-only-draw-valid-trapezoids.patch; no longer needed
  since pixman 0.32.0

- removed no longer needed patch
  u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch, see
  https://lists.x.org/archives/xorg-devel/2016-April/049493.html for
  upstream discussion; obsoleted by upstream patch
  https://cgit.freedesktop.org/xorg/xserver/commit/?id=4962c8c08842d9d3ca66d254b1ce4cacc4fb3756, which is already in xorg-server 1.18.3

- Add permission verification for SUID wrapper
- Disable SUID wrapper per default until reviewed

-  n_Install-Avoid-failure-on-wrapper-installation.patch:
   rename to:
    N_Install-Avoid-failure-on-wrapper-installation.patch
-  u_xorg-wrapper-Drop-supplemental-group-IDs.patch:
   Drop supplementary group privileges.
-  u_xorg-wrapper-build-Build-position-independent-code.patch:
   Build position independent.

- n_Install-Avoid-failure-on-wrapper-installation.patch:
  Fix up build for wrapper.
- Place SUID wrapper into a separate package: 
  xorg-x11-server-wrapper

- Set configure option --enable-suid-wrapper for TW:
  This way, the SUID wrapper is built which allows to run the Xserver
  as root even though the the DM instance runs as user. This allows to
  support drivers which require direct HW access.

OBS-URL: https://build.opensuse.org/request/show/393308
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=329
This commit is contained in:
Dominique Leuenberger 2016-05-03 07:34:30 +00:00 committed by Git OBS Bridge
commit 025b975feb
9 changed files with 274 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
N_Install-Avoid-failure-on-wrapper-installation.patch Normal file
View File

@ -0,0 +1,34 @@
From: Egbert Eich <eich@suse.de>
Date: Tue Apr 12 09:22:40 2016 +0200
Subject: [PATCH]Install: Avoid failure on wrapper installation
Patch-mainline: never
References:
Signed-off-by: Egbert Eich <eich@suse.com>
- Check for SUID_WRAPPER_DIR being identical to bindir
before copying script.
- Check whether user is root before doing a chmod/chown
Signed-off-by: Egbert Eich <eich@suse.de>
---
hw/xfree86/Makefile.am | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
index 85bd0be..461e818 100644
--- a/hw/xfree86/Makefile.am
+++ b/hw/xfree86/Makefile.am
@@ -108,9 +108,10 @@ if INSTALL_SETUID
endif
if SUID_WRAPPER
$(MKDIR_P) $(DESTDIR)$(SUID_WRAPPER_DIR)
- mv $(DESTDIR)$(bindir)/Xorg $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg
- ${INSTALL} -m 755 Xorg.sh $(DESTDIR)$(bindir)/Xorg
- -chown root $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap && chmod u+s $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap
+ mv $(DESTDIR)$(bindir)/Xorg $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg 2>/dev/null && target=Xorg; \
+ ${INSTALL} -m 755 Xorg.sh $(DESTDIR)$(bindir)/$${target}
+ -test "x$UID" = "x0" -o "x$EUID" = "x0" && \
+ chown root $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap && chmod u+s $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap
endif
uninstall-local:

31
u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch
View File

@ -1,31 +0,0 @@
From 2c36b0001729fa2c22255777bce66b99adc6c568 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.de>
Date: Mon, 16 Feb 2015 15:00:54 +0100
Subject: [PATCH] ad hoc fix for mmap's truncated offset parameter on 32bit
Builtin modesetting driver didn't work on 32bit on cirrus KMS.
See https://bugzilla.suse.com/show_bug.cgi?id=917385 for more details.
---
hw/xfree86/drivers/modesetting/dumb_bo.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/xfree86/drivers/modesetting/dumb_bo.c b/hw/xfree86/drivers/modesetting/dumb_bo.c
index 58d420e..95b34a2 100644
--- a/hw/xfree86/drivers/modesetting/dumb_bo.c
+++ b/hw/xfree86/drivers/modesetting/dumb_bo.c
@@ -25,6 +25,12 @@
#include "dix-config.h"
#endif
+/*
+ * ad hoc fix for mmap's truncated offset parameter on 32bit
+ * see also https://bugzilla.suse.com/show_bug.cgi?id=917385
+ */
+#define _FILE_OFFSET_BITS 64
+
#include "dumb_bo.h"
#include <errno.h>
--
1.8.4.5

33
u_exa-only-draw-valid-trapezoids.patch
View File

@ -1,33 +0,0 @@
Author: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Subject: exa: only draw valid trapezoids
Patch-Mainline: To be upstreamed
References: bnc#853846 CVE-2013-6424
Signed-off-by: Michal Srb <msrb@suse.com>
diff --git a/exa/exa_render.c b/exa/exa_render.c
index 172e2b5..807eeba 100644
--- a/exa/exa_render.c
+++ b/exa/exa_render.c
@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
for (; ntrap; ntrap--, traps++)
- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
+ if (xTrapezoidValid(traps))
+ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
xRel = bounds.x1 + xSrc - xDst;
diff --git a/render/picture.h b/render/picture.h
index c85353a..fcd6401 100644
--- a/render/picture.h
+++ b/render/picture.h
@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
/* whether 't' is a well defined not obviously empty trapezoid */
#define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
(t)->right.p1.y != (t)->right.p2.y && \
- (int) ((t)->bottom - (t)->top) > 0)
+ ((t)->bottom > (t)->top))
/*
* Standard NTSC luminance conversions:

78
u_xorg-wrapper-Drop-supplemental-group-IDs.patch Normal file
View File

@ -0,0 +1,78 @@
From: Egbert Eich <eich@suse.de>
Date: Tue Apr 12 15:52:37 2016 +0200
Subject: [PATCH]xorg-wrapper: Drop supplemental group IDs
Patch-mainline: to be upstreamed
References:
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
hw/xfree86/xorg-wrapper.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c
index d930962..64a43c4 100644
--- a/hw/xfree86/xorg-wrapper.c
+++ b/hw/xfree86/xorg-wrapper.c
@@ -36,6 +36,8 @@
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
#include <sys/consio.h>
#endif
@@ -252,6 +254,52 @@ int main(int argc, char *argv[])
if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) {
gid_t realgid = getgid();
uid_t realuid = getuid();
+ int ngroups = 0;
+ gid_t *groups = NULL;
+ long int initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ size_t len;
+ struct passwd result, *resultp;
+ char *buffer;
+ int e;
+
+ if (initlen == -1)
+ len = 1024;
+ else
+ len = (size_t) initlen;
+ if ((buffer = malloc(len)) < 0) {
+ fprintf(stderr, "%s: Could not allocate memory: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ }
+ if ((e = getpwuid_r(realuid, &result, buffer, len, &resultp)) > 0) {
+ fprintf(stderr, "%s: Could not get user name: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ } else if (resultp == NULL) {
+ fprintf(stderr, "%s: Could not find user name for UID %d\n",
+ progname, realuid);
+ exit (1);
+ }
+ if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) {
+ if ((groups = malloc(sizeof(gid_t) * ngroups)) == NULL) {
+ fprintf(stderr, "%s: Could not allocate memory: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ }
+ if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) {
+ fprintf(stderr, "%s: Could not get supplementary group list\n",
+ progname);
+ ngroups = 0;
+ }
+ }
+ if (setgroups(ngroups, groups) == -1) {
+ fprintf(stderr, "%s: Could not set groups: %s\n",
+ progname, strerror(errno));
+ exit (1);
+ }
+ memset(buffer, 0, len);
+ free(buffer);
+ free(groups);
if (setresgid(-1, realgid, realgid) != 0) {
fprintf(stderr, "%s: Could not drop setgid privileges: %s\n",

24
u_xorg-wrapper-build-Build-position-independent-code.patch Normal file
View File

@ -0,0 +1,24 @@
From: Egbert Eich <eich@suse.de>
Date: Tue Apr 12 15:53:11 2016 +0200
Subject: [PATCH]xorg-wrapper/build: Build position independent code
Patch-mainline: to be upstreamed
References:
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
hw/xfree86/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
index 461e818..c0ce3b8 100644
--- a/hw/xfree86/Makefile.am
+++ b/hw/xfree86/Makefile.am
@@ -87,6 +87,7 @@ if SUID_WRAPPER
wrapdir = $(SUID_WRAPPER_DIR)
wrap_PROGRAMS = Xorg.wrap
Xorg_wrap_SOURCES = xorg-wrapper.c
+Xorg_wrap_CFLAGS = $(AM_CFLAGS) -pie -fpie
endif
BUILT_SOURCES = xorg.conf.example

3
xorg-server-1.18.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:022142b07f6477d140dcc915902df326408a53ca3a352426a499f142b25d632d
size 5864615

3
xorg-server-1.18.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea739c22517cdbe2b5f7c0a5fd05fe8a10ac0629003e71c0c7862f4bb60142cd
size 5867330

72
xorg-x11-server.changes
View File

@ -1,3 +1,75 @@
-------------------------------------------------------------------
Mon May 2 13:46:34 UTC 2016 - sndirsch@suse.com
- removed u_exa-only-draw-valid-trapezoids.patch; no longer needed
since pixman 0.32.0
-------------------------------------------------------------------
Fri Apr 29 08:40:24 UTC 2016 - sndirsch@suse.com
- removed no longer needed patch
u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch, see
https://lists.x.org/archives/xorg-devel/2016-April/049493.html for
upstream discussion; obsoleted by upstream patch
https://cgit.freedesktop.org/xorg/xserver/commit/?id=4962c8c08842d9d3ca66d254b1ce4cacc4fb3756, which is already in xorg-server 1.18.3
-------------------------------------------------------------------
Tue Apr 12 15:33:45 UTC 2016 - eich@suse.com
- Add permission verification for SUID wrapper
- Disable SUID wrapper per default until reviewed
-------------------------------------------------------------------
Tue Apr 12 13:59:48 UTC 2016 - eich@suse.com
- n_Install-Avoid-failure-on-wrapper-installation.patch:
rename to:
N_Install-Avoid-failure-on-wrapper-installation.patch
- u_xorg-wrapper-Drop-supplemental-group-IDs.patch:
Drop supplementary group privileges.
- u_xorg-wrapper-build-Build-position-independent-code.patch:
Build position independent.
-------------------------------------------------------------------
Tue Apr 12 09:06:06 UTC 2016 - eich@suse.com
- n_Install-Avoid-failure-on-wrapper-installation.patch:
Fix up build for wrapper.
- Place SUID wrapper into a separate package:
xorg-x11-server-wrapper
-------------------------------------------------------------------
Thu Apr 7 15:53:39 UTC 2016 - eich@suse.com
- Set configure option --enable-suid-wrapper for TW:
This way, the SUID wrapper is built which allows to run the Xserver
as root even though the the DM instance runs as user. This allows to
support drivers which require direct HW access.
-------------------------------------------------------------------
Mon Apr 4 20:11:13 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
- Update to version 1.18.3:
A few fixes relative to 1.18.2, including one fairly important
performance fix to the Present extension.
- Remove U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
The patch is included in this release.
-------------------------------------------------------------------
Thu Mar 31 14:27:29 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
- Add patch U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
Fix a hang while using the present extension
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94515
https://bugs.freedesktop.org/show_bug.cgi?id=94596
-------------------------------------------------------------------
Tue Mar 29 08:56:43 UTC 2016 - eich@suse.com
- Add automake, autoconf, libtool, c_compiler, pkgconfig(xorg-macros),
pkgconfig(libudev), pkgconfig(libevdev), pkgconfig(mtdev) to Requires:
of the SDK. This simplifies the build of Xserver modules.
-------------------------------------------------------------------
Tue Mar 22 12:22:28 UTC 2016 - eich@suse.com

71
xorg-x11-server.spec
View File

@ -25,9 +25,24 @@
%endif
%endif
%define build_suid_wrapper 0
%if 0%{!?build_suid_wrapper:1}
%ifarch s390 s390x
%define build_suid_wrapper 0
%else
%if 0%{?suse_version} >= 1330
%define build_suid_wrapper 1
%define suid_wrapper_dir %{_libexecdir}
%else
%define build_suid_wrapper 0
%endif
%endif
%endif
Name: xorg-x11-server
%define dirsuffix 1.18.2
%define dirsuffix 1.18.3
Summary: X
License: MIT
@ -164,17 +179,16 @@ Patch2: N_zap_warning_xserver.diff
Patch3: N_driver-autoconfig.diff
Patch4: N_fix_fglrx_screendepth_issue.patch
Patch6: N_fix-dpi-values.diff
Patch7: N_Install-Avoid-failure-on-wrapper-installation.patch
Patch8: u_xorg-wrapper-Drop-supplemental-group-IDs.patch
Patch9: u_xorg-wrapper-build-Build-position-independent-code.patch
Patch100: u_01-Improved-ConfineToShape.patch
Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
# PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions
Patch102: u_x86emu-include-order.patch
Patch104: u_xorg-server-xdmcp.patch
# PATCH-FIX-UPSTREAM u_exa-only-draw-valid-trapezoids.patch bnc#853846 msrb@suse.com -- Fixes possible crash of server using invalid trapezoids. 2013-12-12 patch is waiting in mailing list to be upstreamed.
Patch106: u_exa-only-draw-valid-trapezoids.patch
Patch112: u_render-Cast-color-masks-to-unsigned-long-before-shifting-them.patch
Patch114: u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch
Patch115: N_Force-swcursor-for-KMS-drivers-without-hw-cursor-sup.patch
Patch117: xorg-x11-server-byte-order.patch
@ -230,15 +244,33 @@ Requires: xorg-x11-fonts-core
This package contains the Xserver running on the Wayland Display Server.
%endif
%if 0%{?build_suid_wrapper} == 1
%package wrapper
Summary: Xserver SUID Wrapper
Group: System/X11/Servers/XF86_4
PreReq: permissions
Requires: xorg-x11-server == %{version}
%description wrapper
This package contains an SUID wrapper for the Xserver.
%endif
%package sdk
Summary: X
Group: System/Libraries
Requires: autoconf
Requires: automake
Requires: c_compiler
Requires: libtool
Requires: xorg-x11-server
Requires: pkgconfig(fontconfig)
Requires: pkgconfig(fontenc)
Requires: pkgconfig(freetype2)
Requires: pkgconfig(ice)
Requires: pkgconfig(libdrm)
Requires: pkgconfig(libevdev)
Requires: pkgconfig(libudev)
Requires: pkgconfig(mtdev)
Requires: pkgconfig(sm)
Requires: pkgconfig(x11)
Requires: pkgconfig(xau)
@ -247,6 +279,7 @@ Requires: pkgconfig(xext)
Requires: pkgconfig(xfixes)
Requires: pkgconfig(xkbfile)
Requires: pkgconfig(xmu)
Requires: pkgconfig(xorg-macros)
Requires: pkgconfig(xp)
Requires: pkgconfig(xpm)
Requires: pkgconfig(xprintutil)
@ -281,16 +314,17 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%patch3 -p0
%patch4 -p0
%patch6 -p0
%patch7 -p1
%patch8 -p1
%patch9 -p1
#
%patch100 -p1
#%patch101 -p1
%patch102 -p1
%patch104 -p1
%patch106 -p1
%patch112 -p1
%patch114 -p1
%patch115 -p1
%patch117 -p1
@ -324,7 +358,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
%build
test -e source-file-list || \
find . -type f \! -name '*.orig' \! -path ./source-file-list > \
find -L . -type f \! -name '*.orig' \! -path ./source-file-list > \
source-file-list
autoreconf -fi
@ -365,6 +399,10 @@ export PCI_TXT_IDS_DIR=%{pci_ids_dir}
--enable-xwayland \
%else
--disable-xwayland \
%endif
%if 0%{?build_suid_wrapper} == 1
--enable-suid-wrapper \
--libexecdir=%{suid_wrapper_dir} \
%endif
--with-log-dir="/var/log" \
--with-os-name="openSUSE" \
@ -485,6 +523,14 @@ fi
%endif
%endif
%if 0%{?build_suid_wrapper} == 1
%post wrapper
%set_permissions %{suid_wrapper_dir}/Xorg.wrap
%verifyscript wrapper
%verify_permissions -e %{suid_wrapper_dir}/Xorg.wrap
%endif
%files
%defattr(-,root,root)
%ifnarch s390 s390x
@ -511,6 +557,9 @@ fi
%{_localstatedir}/lib/xkb/compiled/README.compiled
%ifnarch s390 s390x
%{_bindir}/Xorg
%if 0%{?build_suid_wrapper} == 1
%{suid_wrapper_dir}/Xorg
%endif
%{_bindir}/X
%{_bindir}/cvt
@ -532,6 +581,12 @@ fi
%{_bindir}/Xwayland
%endif
%if 0%{?build_suid_wrapper} == 1
%files wrapper
%defattr(-,root,root)
%attr(4755,root,root) %{suid_wrapper_dir}/Xorg.wrap
%endif
%files extra
%defattr(-,root,root)
%{_bindir}/Xephyr