diff --git a/n_xorg-wrapper-anybody.patch b/n_xorg-wrapper-anybody.patch new file mode 100644 index 0000000..552762e --- /dev/null +++ b/n_xorg-wrapper-anybody.patch @@ -0,0 +1,11 @@ +--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c.old 2020-09-30 12:25:12.757532000 +0200 ++++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-30 12:27:12.809554000 +0200 +@@ -254,7 +254,7 @@ int main(int argc, char *argv[]) + int i, r, fd; + int kms_cards = 0; + int total_cards = 0; +- int allowed = CONSOLE_ONLY; ++ int allowed = ANYBODY; + int needs_root_rights = -1; + char *const empty_envp[1] = { NULL, }; + diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 0ef5cee..afbcc42 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Sep 30 10:30:06 UTC 2020 - Stefan Dirsch + +- n_xorg-wrapper-anybody.patch + * replace default config /etc/X11/Xwrapper, which allows + anybody to use the wrapper, by a patch for the code, i.e. + # rootonly, console, anybody + allowed_users=anybody + # yes, no, auto + needs_root_rights=auto + is now the default without any Xwrapper config + (needs_root_rights=auto was already the default before) + ------------------------------------------------------------------- Tue Sep 29 14:47:48 UTC 2020 - Stefan Dirsch diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 04a6743..c8bb9dd 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -214,6 +214,7 @@ Patch8: u_xorg-wrapper-Drop-supplemental-group-IDs.patch Patch9: u_xorg-wrapper-build-Build-position-independent-code.patch Patch10: u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch Patch11: n_xorg-wrapper-rename-Xorg.patch +Patch12: n_xorg-wrapper-anybody.patch Patch100: u_01-Improved-ConfineToShape.patch Patch101: u_02-DIX-ConfineTo-Don-t-bother-about-the-bounding-box-when-grabbing-a-shaped-window.patch # PATCH-FIX-UPSTREAM u_x86emu-include-order.patch schwab@suse.de -- Change include order to avoid conflict with system header, remove duplicate definitions @@ -378,6 +379,7 @@ sh %{SOURCE92} --verify . %{SOURCE91} %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 # %patch100 -p1 #%patch101 -p1 @@ -543,16 +545,6 @@ ln -snf %{_sysconfdir}/alternatives/libglx.so %{buildroot}%{_libdir}/xorg/module mkdir -p %{buildroot}/usr/src/xserver xargs cp --parents --target-directory=%{buildroot}/usr/src/xserver < source-file-list -%if 0%{?build_suid_wrapper} == 1 -mkdir -p %{buildroot}%{_sysconfdir}/X11 -cat > %{buildroot}%{_sysconfdir}/X11/Xwrapper.config << EOF -# rootonly, console, anybody -allowed_users=anybody -# yes, no, auto -needs_root_rights=auto -EOF -%endif - %post %tmpfiles_create xbb.conf %ifnarch s390 s390x @@ -658,8 +650,6 @@ fi %files wrapper %defattr(-,root,root) %attr(4755,root,root) %{suid_wrapper_dir}/Xorg.wrap -%dir %{_sysconfdir}/X11 -%attr(0644,root,root) %config %{_sysconfdir}/X11/Xwrapper.config %endif %files extra