diff --git a/n_Install-Avoid-failure-on-wrapper-installation.patch b/N_Install-Avoid-failure-on-wrapper-installation.patch similarity index 100% rename from n_Install-Avoid-failure-on-wrapper-installation.patch rename to N_Install-Avoid-failure-on-wrapper-installation.patch diff --git a/u_xorg-wrapper-Drop-supplemental-group-IDs.patch b/u_xorg-wrapper-Drop-supplemental-group-IDs.patch new file mode 100644 index 0000000..9c3f45f --- /dev/null +++ b/u_xorg-wrapper-Drop-supplemental-group-IDs.patch @@ -0,0 +1,78 @@ +From: Egbert Eich +Date: Tue Apr 12 15:52:37 2016 +0200 +Subject: [PATCH]xorg-wrapper: Drop supplemental group IDs +Patch-mainline: to be upstreamed +References: +Signed-off-by: Egbert Eich + +Signed-off-by: Egbert Eich +--- + hw/xfree86/xorg-wrapper.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 48 insertions(+) + +diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c +index d930962..64a43c4 100644 +--- a/hw/xfree86/xorg-wrapper.c ++++ b/hw/xfree86/xorg-wrapper.c +@@ -36,6 +36,8 @@ + #include + #include + #include ++#include ++#include + #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) + #include + #endif +@@ -252,6 +254,52 @@ int main(int argc, char *argv[]) + if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) { + gid_t realgid = getgid(); + uid_t realuid = getuid(); ++ int ngroups = 0; ++ gid_t *groups = NULL; ++ long int initlen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ size_t len; ++ struct passwd result, *resultp; ++ char *buffer; ++ int e; ++ ++ if (initlen == -1) ++ len = 1024; ++ else ++ len = (size_t) initlen; ++ if ((buffer = malloc(len)) < 0) { ++ fprintf(stderr, "%s: Could not allocate memory: %s\n", ++ progname, strerror(errno)); ++ exit (1); ++ } ++ if ((e = getpwuid_r(realuid, &result, buffer, len, &resultp)) > 0) { ++ fprintf(stderr, "%s: Could not get user name: %s\n", ++ progname, strerror(errno)); ++ exit (1); ++ } else if (resultp == NULL) { ++ fprintf(stderr, "%s: Could not find user name for UID %d\n", ++ progname, realuid); ++ exit (1); ++ } ++ if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) { ++ if ((groups = malloc(sizeof(gid_t) * ngroups)) == NULL) { ++ fprintf(stderr, "%s: Could not allocate memory: %s\n", ++ progname, strerror(errno)); ++ exit (1); ++ } ++ if (getgrouplist(result.pw_name, realgid, groups, &ngroups) < 0) { ++ fprintf(stderr, "%s: Could not get supplementary group list\n", ++ progname); ++ ngroups = 0; ++ } ++ } ++ if (setgroups(ngroups, groups) == -1) { ++ fprintf(stderr, "%s: Could not set groups: %s\n", ++ progname, strerror(errno)); ++ exit (1); ++ } ++ memset(buffer, 0, len); ++ free(buffer); ++ free(groups); + + if (setresgid(-1, realgid, realgid) != 0) { + fprintf(stderr, "%s: Could not drop setgid privileges: %s\n", diff --git a/u_xorg-wrapper-build-Build-position-independent-code.patch b/u_xorg-wrapper-build-Build-position-independent-code.patch new file mode 100644 index 0000000..c2b01fb --- /dev/null +++ b/u_xorg-wrapper-build-Build-position-independent-code.patch @@ -0,0 +1,24 @@ +From: Egbert Eich +Date: Tue Apr 12 15:53:11 2016 +0200 +Subject: [PATCH]xorg-wrapper/build: Build position independent code +Patch-mainline: to be upstreamed +References: +Signed-off-by: Egbert Eich + +Signed-off-by: Egbert Eich +--- + hw/xfree86/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am +index 461e818..c0ce3b8 100644 +--- a/hw/xfree86/Makefile.am ++++ b/hw/xfree86/Makefile.am +@@ -87,6 +87,7 @@ if SUID_WRAPPER + wrapdir = $(SUID_WRAPPER_DIR) + wrap_PROGRAMS = Xorg.wrap + Xorg_wrap_SOURCES = xorg-wrapper.c ++Xorg_wrap_CFLAGS = $(AM_CFLAGS) -pie -fpie + endif + + BUILT_SOURCES = xorg.conf.example diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index c634b25..04291ae 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Apr 12 13:59:48 UTC 2016 - eich@suse.com + +- n_Install-Avoid-failure-on-wrapper-installation.patch: + rename to: + N_Install-Avoid-failure-on-wrapper-installation.patch +- u_xorg-wrapper-Drop-supplemental-group-IDs.patch: + Drop supplementary group privileges. +- u_xorg-wrapper-build-Build-position-independent-code.patch: + Build position independent. + ------------------------------------------------------------------- Tue Apr 12 09:06:06 UTC 2016 - eich@suse.com diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index acdb15a..52d3c85 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -170,8 +170,9 @@ Patch2: N_zap_warning_xserver.diff Patch3: N_driver-autoconfig.diff Patch4: N_fix_fglrx_screendepth_issue.patch Patch6: N_fix-dpi-values.diff -Patch7: n_Install-Avoid-failure-on-wrapper-installation.patch - +Patch7: N_Install-Avoid-failure-on-wrapper-installation.patch +Patch8: u_xorg-wrapper-Drop-supplemental-group-IDs.patch +Patch9: u_xorg-wrapper-build-Build-position-independent-code.patch Patch100: u_01-Improved-ConfineToShape.patch Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch # PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions @@ -307,6 +308,8 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch4 -p0 %patch6 -p0 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 # %patch100 -p1 #%patch101 -p1