From a53b8160f0014f0afa880fbeeb21bda091cbe3787149e9f51a9a55e9e8466fcc Mon Sep 17 00:00:00 2001
From: Egbert Eich <eich@suse.com>
Date: Tue, 29 Mar 2016 08:59:45 +0000
Subject: [PATCH 1/9] - Add automake, autoconf, libtool, c_compiler,
 pkgconfig(xorg-macros),   pkgconfig(libudev), pkgconfig(libevdev),
 pkgconfig(mtdev) to Requires:   of the SDK. This simplifies the build of
 Xserver modules.

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=622
---
 xorg-x11-server.changes | 7 +++++++
 xorg-x11-server.spec    | 8 ++++++++
 2 files changed, 15 insertions(+)

diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 6425dcc..7222650 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar 29 08:56:43 UTC 2016 - eich@suse.com
+
+- Add automake, autoconf, libtool, c_compiler, pkgconfig(xorg-macros),
+  pkgconfig(libudev), pkgconfig(libevdev), pkgconfig(mtdev) to Requires:
+  of the SDK. This simplifies the build of Xserver modules.
+
 -------------------------------------------------------------------
 Tue Mar 22 12:22:28 UTC 2016 - eich@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 0edc5b8..892f3b4 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -233,12 +233,19 @@ This package contains the Xserver running on the Wayland Display Server.
 %package sdk
 Summary:        X
 Group:          System/Libraries
+Requires:       autoconf
+Requires:       automake
+Requires:       c_compiler
+Requires:       libtool
 Requires:       xorg-x11-server
 Requires:       pkgconfig(fontconfig)
 Requires:       pkgconfig(fontenc)
 Requires:       pkgconfig(freetype2)
 Requires:       pkgconfig(ice)
 Requires:       pkgconfig(libdrm)
+Requires:       pkgconfig(libevdev)
+Requires:       pkgconfig(libudev)
+Requires:       pkgconfig(mtdev)
 Requires:       pkgconfig(sm)
 Requires:       pkgconfig(x11)
 Requires:       pkgconfig(xau)
@@ -247,6 +254,7 @@ Requires:       pkgconfig(xext)
 Requires:       pkgconfig(xfixes)
 Requires:       pkgconfig(xkbfile)
 Requires:       pkgconfig(xmu)
+Requires:       pkgconfig(xorg-macros)
 Requires:       pkgconfig(xp)
 Requires:       pkgconfig(xpm)
 Requires:       pkgconfig(xprintutil)

From 7c9193563605ed831c9a953071edf4f0433527574158f613734f05d3be7d52be Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Fri, 1 Apr 2016 12:17:40 +0000
Subject: [PATCH 2/9] Accepting request 382536 from home:tobijk:X11:XOrg

- Add patch U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
  Fix a hang while using the present extension
  Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94515
            https://bugs.freedesktop.org/show_bug.cgi?id=94596

OBS-URL: https://build.opensuse.org/request/show/382536
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=623
---
 ...ueue-for-next-MSC-after-flip-failure.patch | 44 +++++++++++++++++++
 xorg-x11-server.changes                       |  8 ++++
 xorg-x11-server.spec                          |  4 ++
 3 files changed, 56 insertions(+)
 create mode 100644 U_present-Only-requeue-for-next-MSC-after-flip-failure.patch

diff --git a/U_present-Only-requeue-for-next-MSC-after-flip-failure.patch b/U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
new file mode 100644
index 0000000..2328f77
--- /dev/null
+++ b/U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
@@ -0,0 +1,44 @@
+From 07ad2fde78f07e98caaf3e9b6b67af15359fefe4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <michel.daenzer@amd.com>
+Date: Thu, 24 Mar 2016 17:42:47 +0900
+Subject: [PATCH] present: Only requeue for next MSC after flip failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This code was added to deal with the driver present hook failing, in
+which case we need to wait for the next MSC before executing the
+presentation.
+
+However, it could also take effect in cases where the driver incorrectly
+thinks the current MSC matches the target one (e.g. due to the kernel
+interface only supporting 32-bit MSC values), in which case it could
+result in the presentation getting requeued over and over.
+
+To prevent such issues, check specifically for the target MSC
+immediately following the current MSC.
+
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94596
+Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
+Reviewed-by: Keith Packard <keithp@keithp.com>
+(cherry picked from commit 3b385105b2d19a1c55e9779ae88d775185eea231)
+---
+ present/present.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/present/present.c b/present/present.c
+index 55f6aa7..105e2bf 100644
+--- a/present/present.c
++++ b/present/present.c
+@@ -726,7 +726,7 @@ present_execute(present_vblank_ptr vblank, uint64_t ust, uint64_t crtc_msc)
+         }
+ 
+         /* If present_flip failed, we may have to requeue for the target MSC */
+-        if (msc_is_after(vblank->target_msc, crtc_msc) &&
++        if (vblank->target_msc == crtc_msc + 1 &&
+             Success == present_queue_vblank(screen,
+                                             vblank->crtc,
+                                             vblank->event_id,
+-- 
+2.7.4
+
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 7222650..198f268 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Mar 31 14:27:29 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
+
+- Add patch U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
+  Fix a hang while using the present extension
+  Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94515
+            https://bugs.freedesktop.org/show_bug.cgi?id=94596
+
 -------------------------------------------------------------------
 Tue Mar 29 08:56:43 UTC 2016 - eich@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 892f3b4..1b56509 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -202,6 +202,8 @@ Patch1229:      U_kdrive-introduce-input-hot-plugging-support-for-udev.patch
 Patch1230:      U_kdrive-add-options-to-set-default-XKB-properties.patch
 Patch1232:      U_config-udev-distinguish-between-real-keyboards-and-o.patch
 
+Patch1300:      U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
+
 %description
 This package contains the X.Org Server.
 
@@ -330,6 +332,8 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 
 %patch1232 -p1
 
+%patch1300 -p1
+
 %build
 test -e source-file-list || \
     find . -type f \! -name '*.orig' \! -path ./source-file-list > \

From 193054f9e4c883ecd99403988ce42b8a74a920616c140b0ad402ee599c02962e Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Wed, 6 Apr 2016 10:09:56 +0000
Subject: [PATCH 3/9] Accepting request 384228 from home:tobijk:X11:XOrg

- Update to version 1.18.3:
  A few fixes relative to 1.18.2, including one fairly important
  performance fix to the Present extension.
- Remove U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
  The patch is included in this release.

OBS-URL: https://build.opensuse.org/request/show/384228
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=624
---
 ...ueue-for-next-MSC-after-flip-failure.patch | 44 -------------------
 xorg-server-1.18.2.tar.bz2                    |  3 --
 xorg-server-1.18.3.tar.bz2                    |  3 ++
 xorg-x11-server.changes                       |  9 ++++
 xorg-x11-server.spec                          |  6 +--
 5 files changed, 13 insertions(+), 52 deletions(-)
 delete mode 100644 U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
 delete mode 100644 xorg-server-1.18.2.tar.bz2
 create mode 100644 xorg-server-1.18.3.tar.bz2

diff --git a/U_present-Only-requeue-for-next-MSC-after-flip-failure.patch b/U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
deleted file mode 100644
index 2328f77..0000000
--- a/U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 07ad2fde78f07e98caaf3e9b6b67af15359fefe4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <michel.daenzer@amd.com>
-Date: Thu, 24 Mar 2016 17:42:47 +0900
-Subject: [PATCH] present: Only requeue for next MSC after flip failure
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This code was added to deal with the driver present hook failing, in
-which case we need to wait for the next MSC before executing the
-presentation.
-
-However, it could also take effect in cases where the driver incorrectly
-thinks the current MSC matches the target one (e.g. due to the kernel
-interface only supporting 32-bit MSC values), in which case it could
-result in the presentation getting requeued over and over.
-
-To prevent such issues, check specifically for the target MSC
-immediately following the current MSC.
-
-Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94596
-Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
-Reviewed-by: Keith Packard <keithp@keithp.com>
-(cherry picked from commit 3b385105b2d19a1c55e9779ae88d775185eea231)
----
- present/present.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/present/present.c b/present/present.c
-index 55f6aa7..105e2bf 100644
---- a/present/present.c
-+++ b/present/present.c
-@@ -726,7 +726,7 @@ present_execute(present_vblank_ptr vblank, uint64_t ust, uint64_t crtc_msc)
-         }
- 
-         /* If present_flip failed, we may have to requeue for the target MSC */
--        if (msc_is_after(vblank->target_msc, crtc_msc) &&
-+        if (vblank->target_msc == crtc_msc + 1 &&
-             Success == present_queue_vblank(screen,
-                                             vblank->crtc,
-                                             vblank->event_id,
--- 
-2.7.4
-
diff --git a/xorg-server-1.18.2.tar.bz2 b/xorg-server-1.18.2.tar.bz2
deleted file mode 100644
index 3e4b714..0000000
--- a/xorg-server-1.18.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:022142b07f6477d140dcc915902df326408a53ca3a352426a499f142b25d632d
-size 5864615
diff --git a/xorg-server-1.18.3.tar.bz2 b/xorg-server-1.18.3.tar.bz2
new file mode 100644
index 0000000..06b5a2a
--- /dev/null
+++ b/xorg-server-1.18.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ea739c22517cdbe2b5f7c0a5fd05fe8a10ac0629003e71c0c7862f4bb60142cd
+size 5867330
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 198f268..1cdd932 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Apr  4 20:11:13 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
+
+- Update to version 1.18.3:
+  A few fixes relative to 1.18.2, including one fairly important
+  performance fix to the Present extension.
+- Remove U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
+  The patch is included in this release.
+
 -------------------------------------------------------------------
 Thu Mar 31 14:27:29 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 1b56509..1076711 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -27,7 +27,7 @@
 
 Name:           xorg-x11-server
 
-%define dirsuffix 1.18.2
+%define dirsuffix 1.18.3
 
 Summary:        X
 License:        MIT
@@ -202,8 +202,6 @@ Patch1229:      U_kdrive-introduce-input-hot-plugging-support-for-udev.patch
 Patch1230:      U_kdrive-add-options-to-set-default-XKB-properties.patch
 Patch1232:      U_config-udev-distinguish-between-real-keyboards-and-o.patch
 
-Patch1300:      U_present-Only-requeue-for-next-MSC-after-flip-failure.patch
-
 %description
 This package contains the X.Org Server.
 
@@ -332,8 +330,6 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 
 %patch1232 -p1
 
-%patch1300 -p1
-
 %build
 test -e source-file-list || \
     find . -type f \! -name '*.orig' \! -path ./source-file-list > \

From 5f5d5107266d8d3eb651321ed7584fdbbe6c40fe38616b358de06a2e3500f564 Mon Sep 17 00:00:00 2001
From: Egbert Eich <eich@suse.com>
Date: Thu, 7 Apr 2016 16:03:27 +0000
Subject: [PATCH 4/9] - Set configure option --enable-suid-wrapper for TW:  
 This way, the SUID wrapper is built which allows to run the Xserver   as root
 even though the the DM instance runs as user. This allows to   support
 drivers which require direct HW access.

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=625
---
 xorg-x11-server.changes | 8 ++++++++
 xorg-x11-server.spec    | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 1cdd932..0fe0b00 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Apr  7 15:53:39 UTC 2016 - eich@suse.com
+
+- Set configure option --enable-suid-wrapper for TW:
+  This way, the SUID wrapper is built which allows to run the Xserver
+  as root even though the the DM instance runs as user. This allows to
+  support drivers which require direct HW access.
+
 -------------------------------------------------------------------
 Mon Apr  4 20:11:13 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 1076711..bcaaf89 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -373,6 +373,9 @@ export PCI_TXT_IDS_DIR=%{pci_ids_dir}
             --enable-xwayland \
 %else
             --disable-xwayland \
+%endif
+%if 0%{?suse_version} >= 1330
+	    --enable-suid-wrapper \
 %endif
             --with-log-dir="/var/log" \
             --with-os-name="openSUSE" \

From 19a8f400f73c187c3a615d1962ce7d4344583a9afb13d88fff573f891b10c07a Mon Sep 17 00:00:00 2001
From: Egbert Eich <eich@suse.com>
Date: Tue, 12 Apr 2016 09:35:45 +0000
Subject: [PATCH 5/9] - n_Install-Avoid-failure-on-wrapper-installation.patch: 
  Fix up build for wrapper. - Place SUID wrapper into a separate package:  
 xorg-x11-server-wrapper

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=626
---
 ...void-failure-on-wrapper-installation.patch | 34 +++++++++++++++++++
 xorg-x11-server.changes                       |  8 +++++
 xorg-x11-server.spec                          | 32 +++++++++++++++--
 3 files changed, 72 insertions(+), 2 deletions(-)
 create mode 100644 n_Install-Avoid-failure-on-wrapper-installation.patch

diff --git a/n_Install-Avoid-failure-on-wrapper-installation.patch b/n_Install-Avoid-failure-on-wrapper-installation.patch
new file mode 100644
index 0000000..f9538e8
--- /dev/null
+++ b/n_Install-Avoid-failure-on-wrapper-installation.patch
@@ -0,0 +1,34 @@
+From: Egbert Eich <eich@suse.de>
+Date: Tue Apr 12 09:22:40 2016 +0200
+Subject: [PATCH]Install: Avoid failure on wrapper installation
+Patch-mainline: never
+References: 
+Signed-off-by: Egbert Eich <eich@suse.com>
+
+- Check for SUID_WRAPPER_DIR being identical to bindir
+  before copying script.
+- Check whether user is root before doing a chmod/chown
+
+Signed-off-by: Egbert Eich <eich@suse.de>
+---
+ hw/xfree86/Makefile.am | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
+index 85bd0be..461e818 100644
+--- a/hw/xfree86/Makefile.am
++++ b/hw/xfree86/Makefile.am
+@@ -108,9 +108,10 @@ if INSTALL_SETUID
+ endif
+ if SUID_WRAPPER
+ 	$(MKDIR_P) $(DESTDIR)$(SUID_WRAPPER_DIR)
+-	mv $(DESTDIR)$(bindir)/Xorg $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg
+-	${INSTALL} -m 755 Xorg.sh $(DESTDIR)$(bindir)/Xorg
+-	-chown root $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap && chmod u+s $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap
++	mv $(DESTDIR)$(bindir)/Xorg $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg 2>/dev/null && target=Xorg; \
++	${INSTALL} -m 755 Xorg.sh $(DESTDIR)$(bindir)/$${target}
++	-test "x$UID" = "x0" -o "x$EUID" = "x0" && \
++		chown root $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap && chmod u+s $(DESTDIR)$(SUID_WRAPPER_DIR)/Xorg.wrap
+ endif
+ 
+ uninstall-local:
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 0fe0b00..c634b25 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Apr 12 09:06:06 UTC 2016 - eich@suse.com
+
+- n_Install-Avoid-failure-on-wrapper-installation.patch:
+  Fix up build for wrapper.
+- Place SUID wrapper into a separate package: 
+  xorg-x11-server-wrapper
+
 -------------------------------------------------------------------
 Thu Apr  7 15:53:39 UTC 2016 - eich@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index bcaaf89..acdb15a 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -24,6 +24,12 @@
 %define have_wayland 1
 %endif
 %endif
+%if 0%{?suse_version} >= 1330
+%define build_suid_wrapper 1
+%define suid_wrapper_dir %{_libexecdir}
+%else
+%define build_suid_wrapper 0
+%endif
 
 Name:           xorg-x11-server
 
@@ -164,6 +170,7 @@ Patch2:         N_zap_warning_xserver.diff
 Patch3:         N_driver-autoconfig.diff
 Patch4:         N_fix_fglrx_screendepth_issue.patch
 Patch6:         N_fix-dpi-values.diff
+Patch7:         n_Install-Avoid-failure-on-wrapper-installation.patch
 
 Patch100:       u_01-Improved-ConfineToShape.patch
 Patch101:       u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
@@ -230,6 +237,16 @@ Requires:       xorg-x11-fonts-core
 This package contains the Xserver running on the Wayland Display Server.
 %endif
 
+%if 0%{?build_suid_wrapper} == 1
+%package wrapper
+Summary:        Xserver SUID Wrapper
+Group:          System/X11/Servers/XF86_4
+Requires:       xorg-x11-server == %{version}
+
+%description wrapper
+This package contains an SUID wrapper for the Xserver.
+%endif
+
 %package sdk
 Summary:        X
 Group:          System/Libraries
@@ -289,6 +306,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 %patch3 -p0
 %patch4 -p0
 %patch6 -p0
+%patch7 -p1
 #
 %patch100 -p1
 #%patch101 -p1
@@ -332,7 +350,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 
 %build
 test -e source-file-list || \
-    find . -type f \! -name '*.orig' \! -path ./source-file-list > \
+    find -L . -type f \! -name '*.orig' \! -path ./source-file-list > \
     source-file-list
 
 autoreconf -fi
@@ -374,8 +392,9 @@ export PCI_TXT_IDS_DIR=%{pci_ids_dir}
 %else
             --disable-xwayland \
 %endif
-%if 0%{?suse_version} >= 1330
+%if 0%{?build_suid_wrapper} == 1
 	    --enable-suid-wrapper \
+	    --libexecdir=%{suid_wrapper_dir} \
 %endif
             --with-log-dir="/var/log" \
             --with-os-name="openSUSE" \
@@ -522,6 +541,9 @@ fi
 %{_localstatedir}/lib/xkb/compiled/README.compiled
 %ifnarch s390 s390x
 %{_bindir}/Xorg
+%if 0%{?build_suid_wrapper} == 1
+%{suid_wrapper_dir}/Xorg
+%endif
 %{_bindir}/X
 
 %{_bindir}/cvt
@@ -543,6 +565,12 @@ fi
 %{_bindir}/Xwayland
 %endif
 
+%if 0%{?build_suid_wrapper} == 1
+%files wrapper
+%defattr(-,root,root)
+%attr(4755,root,root) %{suid_wrapper_dir}/Xorg.wrap
+%endif
+
 %files extra
 %defattr(-,root,root)
 %{_bindir}/Xephyr

From 1a9d38c162ce9122e3bd2a1abd668f359824e10a8017b7f5bbaf1c9d24c2aa47 Mon Sep 17 00:00:00 2001
From: Egbert Eich <eich@suse.com>
Date: Tue, 12 Apr 2016 14:04:29 +0000
Subject: [PATCH 6/9] -  n_Install-Avoid-failure-on-wrapper-installation.patch:
    rename to:     N_Install-Avoid-failure-on-wrapper-installation.patch - 
 u_xorg-wrapper-Drop-supplemental-group-IDs.patch:    Drop supplementary group
 privileges. -  u_xorg-wrapper-build-Build-position-independent-code.patch:   
 Build position independent.

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=627
---
 ...void-failure-on-wrapper-installation.patch |  0
 ...-wrapper-Drop-supplemental-group-IDs.patch | 78 +++++++++++++++++++
 ...uild-Build-position-independent-code.patch | 24 ++++++
 xorg-x11-server.changes                       | 11 +++
 xorg-x11-server.spec                          |  7 +-
 5 files changed, 118 insertions(+), 2 deletions(-)
 rename n_Install-Avoid-failure-on-wrapper-installation.patch => N_Install-Avoid-failure-on-wrapper-installation.patch (100%)
 create mode 100644 u_xorg-wrapper-Drop-supplemental-group-IDs.patch
 create mode 100644 u_xorg-wrapper-build-Build-position-independent-code.patch

diff --git a/n_Install-Avoid-failure-on-wrapper-installation.patch b/N_Install-Avoid-failure-on-wrapper-installation.patch
similarity index 100%
rename from n_Install-Avoid-failure-on-wrapper-installation.patch
rename to N_Install-Avoid-failure-on-wrapper-installation.patch
diff --git a/u_xorg-wrapper-Drop-supplemental-group-IDs.patch b/u_xorg-wrapper-Drop-supplemental-group-IDs.patch
new file mode 100644
index 0000000..9c3f45f
--- /dev/null
+++ b/u_xorg-wrapper-Drop-supplemental-group-IDs.patch
@@ -0,0 +1,78 @@
+From: Egbert Eich <eich@suse.de>
+Date: Tue Apr 12 15:52:37 2016 +0200
+Subject: [PATCH]xorg-wrapper: Drop supplemental group IDs
+Patch-mainline: to be upstreamed
+References: 
+Signed-off-by: Egbert Eich <eich@suse.com>
+
+Signed-off-by: Egbert Eich <eich@suse.de>
+---
+ hw/xfree86/xorg-wrapper.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 48 insertions(+)
+
+diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c
+index d930962..64a43c4 100644
+--- a/hw/xfree86/xorg-wrapper.c
++++ b/hw/xfree86/xorg-wrapper.c
+@@ -36,6 +36,8 @@
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <pwd.h>
++#include <grp.h>
+ #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+ #include <sys/consio.h>
+ #endif
+@@ -252,6 +254,52 @@ int main(int argc, char *argv[])
+     if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) {
+         gid_t realgid = getgid();
+         uid_t realuid = getuid();
++        int ngroups = 0;
++        gid_t *groups = NULL;
++        long int initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
++        size_t len;
++        struct passwd result, *resultp;
++        char *buffer;
++        int e;
++
++        if (initlen == -1)
++            len = 1024;
++        else
++            len = (size_t) initlen;
++        if ((buffer = malloc(len)) < 0) {
++            fprintf(stderr, "%s: Could not allocate memory: %s\n",
++                    progname, strerror(errno));
++            exit (1);
++        }
++        if ((e = getpwuid_r(realuid, &result, buffer, len, &resultp)) > 0) {
++            fprintf(stderr, "%s: Could not get user name: %s\n",
++                    progname, strerror(errno));
++            exit (1);
++        } else if (resultp == NULL) {
++            fprintf(stderr, "%s: Could not find user name for UID %d\n",
++                    progname, realuid);
++            exit (1);
++        }
++        if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) {
++            if ((groups = malloc(sizeof(gid_t) * ngroups)) == NULL) {
++                fprintf(stderr, "%s: Could not allocate memory: %s\n",
++                        progname, strerror(errno));
++                exit (1);
++            }
++            if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) {
++                fprintf(stderr, "%s: Could not get supplementary group list\n",
++                        progname);
++                ngroups = 0;
++            }
++        }
++        if (setgroups(ngroups, groups) == -1) {
++            fprintf(stderr, "%s: Could not set groups: %s\n",
++                    progname, strerror(errno));
++            exit (1);
++        }
++        memset(buffer, 0, len);
++        free(buffer);
++        free(groups);
+ 
+         if (setresgid(-1, realgid, realgid) != 0) {
+             fprintf(stderr, "%s: Could not drop setgid privileges: %s\n",
diff --git a/u_xorg-wrapper-build-Build-position-independent-code.patch b/u_xorg-wrapper-build-Build-position-independent-code.patch
new file mode 100644
index 0000000..c2b01fb
--- /dev/null
+++ b/u_xorg-wrapper-build-Build-position-independent-code.patch
@@ -0,0 +1,24 @@
+From: Egbert Eich <eich@suse.de>
+Date: Tue Apr 12 15:53:11 2016 +0200
+Subject: [PATCH]xorg-wrapper/build: Build position independent code
+Patch-mainline: to be upstreamed
+References: 
+Signed-off-by: Egbert Eich <eich@suse.com>
+
+Signed-off-by: Egbert Eich <eich@suse.de>
+---
+ hw/xfree86/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
+index 461e818..c0ce3b8 100644
+--- a/hw/xfree86/Makefile.am
++++ b/hw/xfree86/Makefile.am
+@@ -87,6 +87,7 @@ if SUID_WRAPPER
+ wrapdir = $(SUID_WRAPPER_DIR)
+ wrap_PROGRAMS = Xorg.wrap
+ Xorg_wrap_SOURCES = xorg-wrapper.c
++Xorg_wrap_CFLAGS = $(AM_CFLAGS) -pie -fpie
+ endif
+ 
+ BUILT_SOURCES = xorg.conf.example
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index c634b25..04291ae 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Apr 12 13:59:48 UTC 2016 - eich@suse.com
+
+-  n_Install-Avoid-failure-on-wrapper-installation.patch:
+   rename to:
+    N_Install-Avoid-failure-on-wrapper-installation.patch
+-  u_xorg-wrapper-Drop-supplemental-group-IDs.patch:
+   Drop supplementary group privileges.
+-  u_xorg-wrapper-build-Build-position-independent-code.patch:
+   Build position independent.
+
 -------------------------------------------------------------------
 Tue Apr 12 09:06:06 UTC 2016 - eich@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index acdb15a..52d3c85 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -170,8 +170,9 @@ Patch2:         N_zap_warning_xserver.diff
 Patch3:         N_driver-autoconfig.diff
 Patch4:         N_fix_fglrx_screendepth_issue.patch
 Patch6:         N_fix-dpi-values.diff
-Patch7:         n_Install-Avoid-failure-on-wrapper-installation.patch
-
+Patch7:         N_Install-Avoid-failure-on-wrapper-installation.patch
+Patch8:         u_xorg-wrapper-Drop-supplemental-group-IDs.patch
+Patch9:         u_xorg-wrapper-build-Build-position-independent-code.patch
 Patch100:       u_01-Improved-ConfineToShape.patch
 Patch101:       u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch
 # PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions
@@ -307,6 +308,8 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 %patch4 -p0
 %patch6 -p0
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 #
 %patch100 -p1
 #%patch101 -p1

From e83231907966040d11dfbdc9d55e10e5461e75ed3c24f13efb8fef1e0928f7b7 Mon Sep 17 00:00:00 2001
From: Egbert Eich <eich@suse.com>
Date: Tue, 12 Apr 2016 15:37:50 +0000
Subject: [PATCH 7/9] - Add permission verification for SUID wrapper - Disable
 SUID wrapper per default until reviewed

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=628
---
 xorg-x11-server.changes |  6 ++++++
 xorg-x11-server.spec    | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 04291ae..be8b1b9 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Apr 12 15:33:45 UTC 2016 - eich@suse.com
+
+- Add permission verification for SUID wrapper
+- Disable SUID wrapper per default until reviewed
+
 -------------------------------------------------------------------
 Tue Apr 12 13:59:48 UTC 2016 - eich@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 52d3c85..de43113 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -24,12 +24,21 @@
 %define have_wayland 1
 %endif
 %endif
+
+%define build_suid_wrapper 0
+
+%if 0%{!?build_suid_wrapper:1}
+%ifarch s390 s390x
+%define build_suid_wrapper 0
+%else
 %if 0%{?suse_version} >= 1330
 %define build_suid_wrapper 1
 %define suid_wrapper_dir %{_libexecdir}
 %else
 %define build_suid_wrapper 0
 %endif
+%endif
+%endif
 
 Name:           xorg-x11-server
 
@@ -242,6 +251,7 @@ This package contains the Xserver running on the Wayland Display Server.
 %package wrapper
 Summary:        Xserver SUID Wrapper
 Group:          System/X11/Servers/XF86_4
+PreReq:         permissions
 Requires:       xorg-x11-server == %{version}
 
 %description wrapper
@@ -518,6 +528,14 @@ fi
 %endif
 %endif
 
+%if 0%{?build_suid_wrapper} == 1
+%post wrapper
+%set_permissions %{suid_wrapper_dir}/Xorg.wrap
+
+%verifyscript wrapper
+%verify_permissions -e %{suid_wrapper_dir}/Xorg.wrap
+%endif
+
 %files
 %defattr(-,root,root)
 %ifnarch s390 s390x

From 44559516f956f81bdcf10743f46b27d7fbfd8610ca1066017751a73ae59b4b48 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Fri, 29 Apr 2016 08:58:29 +0000
Subject: [PATCH 8/9] - removed no longer needed patch  
 u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch, see  
 https://lists.x.org/archives/xorg-devel/2016-April/049493.html for   upstream
 discussion; obsoleted by upstream patch  
 https://cgit.freedesktop.org/xorg/xserver/commit/?id=4962c8c08842d9d3ca66d254b1ce4cacc4fb3756,
 which is already in xorg-server 1.18.3

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=629
---
 ...map-s-truncated-offset-parameter-on-.patch | 31 -------------------
 xorg-x11-server.changes                       |  9 ++++++
 xorg-x11-server.spec                          |  2 --
 3 files changed, 9 insertions(+), 33 deletions(-)
 delete mode 100644 u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch

diff --git a/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch b/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch
deleted file mode 100644
index b273533..0000000
--- a/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2c36b0001729fa2c22255777bce66b99adc6c568 Mon Sep 17 00:00:00 2001
-From: Stefan Dirsch <sndirsch@suse.de>
-Date: Mon, 16 Feb 2015 15:00:54 +0100
-Subject: [PATCH] ad hoc fix for mmap's truncated offset parameter on 32bit
-
-Builtin modesetting driver didn't work on 32bit on cirrus KMS.
-See https://bugzilla.suse.com/show_bug.cgi?id=917385 for more details.
----
- hw/xfree86/drivers/modesetting/dumb_bo.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/xfree86/drivers/modesetting/dumb_bo.c b/hw/xfree86/drivers/modesetting/dumb_bo.c
-index 58d420e..95b34a2 100644
---- a/hw/xfree86/drivers/modesetting/dumb_bo.c
-+++ b/hw/xfree86/drivers/modesetting/dumb_bo.c
-@@ -25,6 +25,12 @@
- #include "dix-config.h"
- #endif
- 
-+/*
-+ * ad hoc fix for mmap's truncated offset parameter on 32bit
-+ * see also https://bugzilla.suse.com/show_bug.cgi?id=917385
-+ */
-+#define _FILE_OFFSET_BITS 64
-+
- #include "dumb_bo.h"
- 
- #include <errno.h>
--- 
-1.8.4.5
-
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index be8b1b9..2794a37 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Apr 29 08:40:24 UTC 2016 - sndirsch@suse.com
+
+- removed no longer needed patch
+  u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch, see
+  https://lists.x.org/archives/xorg-devel/2016-April/049493.html for
+  upstream discussion; obsoleted by upstream patch
+  https://cgit.freedesktop.org/xorg/xserver/commit/?id=4962c8c08842d9d3ca66d254b1ce4cacc4fb3756, which is already in xorg-server 1.18.3
+
 -------------------------------------------------------------------
 Tue Apr 12 15:33:45 UTC 2016 - eich@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index de43113..a74ad54 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -191,7 +191,6 @@ Patch104:       u_xorg-server-xdmcp.patch
 Patch106:       u_exa-only-draw-valid-trapezoids.patch
 Patch112:       u_render-Cast-color-masks-to-unsigned-long-before-shifting-them.patch
 
-Patch114:       u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch
 Patch115:       N_Force-swcursor-for-KMS-drivers-without-hw-cursor-sup.patch
 
 Patch117:       xorg-x11-server-byte-order.patch
@@ -329,7 +328,6 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 
 %patch112 -p1
 
-%patch114 -p1
 %patch115 -p1
 
 %patch117 -p1

From ec95159c4242f28055f407fb3d6bdbb380babba2a2bb06b5ca8bd7f12159c6d2 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Mon, 2 May 2016 13:51:33 +0000
Subject: [PATCH 9/9] - removed u_exa-only-draw-valid-trapezoids.patch; no
 longer needed   since pixman 0.32.0

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=630
---
 u_exa-only-draw-valid-trapezoids.patch | 33 --------------------------
 xorg-x11-server.changes                |  6 +++++
 xorg-x11-server.spec                   |  3 ---
 3 files changed, 6 insertions(+), 36 deletions(-)
 delete mode 100644 u_exa-only-draw-valid-trapezoids.patch

diff --git a/u_exa-only-draw-valid-trapezoids.patch b/u_exa-only-draw-valid-trapezoids.patch
deleted file mode 100644
index e0b3168..0000000
--- a/u_exa-only-draw-valid-trapezoids.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Author: Maarten Lankhorst <maarten.lankhorst@canonical.com>
-Subject: exa: only draw valid trapezoids
-Patch-Mainline: To be upstreamed
-References: bnc#853846 CVE-2013-6424
-Signed-off-by: Michal Srb <msrb@suse.com>
-
-diff --git a/exa/exa_render.c b/exa/exa_render.c
-index 172e2b5..807eeba 100644
---- a/exa/exa_render.c
-+++ b/exa/exa_render.c
-@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
- 
-         exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
-         for (; ntrap; ntrap--, traps++)
--            (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
-+            if (xTrapezoidValid(traps))
-+                (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
-         exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
- 
-         xRel = bounds.x1 + xSrc - xDst;
-diff --git a/render/picture.h b/render/picture.h
-index c85353a..fcd6401 100644
---- a/render/picture.h
-+++ b/render/picture.h
-@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
- /* whether 't' is a well defined not obviously empty trapezoid */
- #define xTrapezoidValid(t)  ((t)->left.p1.y != (t)->left.p2.y && \
- 			     (t)->right.p1.y != (t)->right.p2.y && \
--			     (int) ((t)->bottom - (t)->top) > 0)
-+			     ((t)->bottom > (t)->top))
- 
- /*
-  * Standard NTSC luminance conversions:
diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes
index 2794a37..fd1d543 100644
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May  2 13:46:34 UTC 2016 - sndirsch@suse.com
+
+- removed u_exa-only-draw-valid-trapezoids.patch; no longer needed
+  since pixman 0.32.0
+
 -------------------------------------------------------------------
 Fri Apr 29 08:40:24 UTC 2016 - sndirsch@suse.com
 
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index a74ad54..95a72ba 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -187,8 +187,6 @@ Patch101:       u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grab
 # PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions
 Patch102:       u_x86emu-include-order.patch
 Patch104:       u_xorg-server-xdmcp.patch
-# PATCH-FIX-UPSTREAM u_exa-only-draw-valid-trapezoids.patch bnc#853846 msrb@suse.com -- Fixes possible crash of server using invalid trapezoids. 2013-12-12 patch is waiting in mailing list to be upstreamed.
-Patch106:       u_exa-only-draw-valid-trapezoids.patch
 Patch112:       u_render-Cast-color-masks-to-unsigned-long-before-shifting-them.patch
 
 Patch115:       N_Force-swcursor-for-KMS-drivers-without-hw-cursor-sup.patch
@@ -324,7 +322,6 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 #%patch101 -p1
 %patch102 -p1
 %patch104 -p1
-%patch106 -p1
 
 %patch112 -p1