forked from pool/xorg-x11-server
Accepting request 510318 from X11:XOrg
- disable Xwayland for s390x again; it was wrong to enable it; there is no Wayland on s390x and will most likely never exist, since there is no gfx card on such systems and no gfx emulation either (bsc#1047173) - u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch If arc4random_buf() is not available for generating cookies: * use getentropy(), if available (which was only recently added to glibc) * use getrandom() via syscall(), if available (there was no glibc wrapper for this syscall for a long time) * if all else fails, directly read from /dev/urandom as before, but employ O_CLOEXEC, do an OsAbort() in case the random data couldn't be read to avoid unsecure situations. Don't know if that's too hard a measure but it shouldn't actually occur except on maximum number of FDs reached (bsc#1025084) OBS-URL: https://build.opensuse.org/request/show/510318 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=345
This commit is contained in:
commit
cbb4be14a1
235
u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
Normal file
235
u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
Normal file
@ -0,0 +1,235 @@
|
|||||||
|
From 44a643812ce3c07cd38972abfa9dbd163529c192 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthias Gerstner <mgerstner@suse.de>
|
||||||
|
Date: Thu, 13 Jul 2017 14:58:04 +0200
|
||||||
|
Subject: [PATCH] Use better fallbacks to generate cookies if arc4random_buf(3)
|
||||||
|
is unavailable
|
||||||
|
References: bsc#1025084
|
||||||
|
|
||||||
|
If arc4random_buf() is not available for generating cookies:
|
||||||
|
|
||||||
|
- use getentropy(), if available (which was only recently added to
|
||||||
|
glibc)
|
||||||
|
- use getrandom() via syscall(), if available (there was no glibc
|
||||||
|
wrapper for this syscall for a long time)
|
||||||
|
- if all else fails, directly read from /dev/urandom as before, but
|
||||||
|
employ O_CLOEXEC, do an OsAbort() in case the random data couldn't be
|
||||||
|
read to avoid unsecure situations. Don't know if that's too hard a
|
||||||
|
measure but it shouldn't actually occur except on maximum number of
|
||||||
|
FDs reached
|
||||||
|
|
||||||
|
Reviewed-by: Stefan Dirsch <sndirsch@suse.de>
|
||||||
|
---
|
||||||
|
configure.ac | 4 +-
|
||||||
|
include/dix-config.h.in | 6 +++
|
||||||
|
os/auth.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++--
|
||||||
|
3 files changed, 141 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
Index: xorg-server-1.19.3/configure.ac
|
||||||
|
===================================================================
|
||||||
|
--- xorg-server-1.19.3.orig/configure.ac
|
||||||
|
+++ xorg-server-1.19.3/configure.ac
|
||||||
|
@@ -134,7 +134,7 @@ AM_CONDITIONAL(SPECIAL_DTRACE_OBJECTS, [
|
||||||
|
AC_HEADER_DIRENT
|
||||||
|
AC_HEADER_STDC
|
||||||
|
AC_CHECK_HEADERS([fcntl.h stdlib.h string.h unistd.h dlfcn.h stropts.h \
|
||||||
|
- fnmatch.h sys/mkdev.h sys/utsname.h])
|
||||||
|
+ fnmatch.h sys/mkdev.h sys/utsname.h sys/syscall.h])
|
||||||
|
|
||||||
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||||
|
AC_C_CONST
|
||||||
|
@@ -226,7 +226,7 @@ AC_REPLACE_FUNCS([reallocarray strcasecm
|
||||||
|
AM_CONDITIONAL(POLL, [test "x$ac_cv_func_poll" = "xyes"])
|
||||||
|
|
||||||
|
AC_CHECK_LIB([bsd], [arc4random_buf])
|
||||||
|
-AC_CHECK_FUNCS([arc4random_buf])
|
||||||
|
+AC_CHECK_FUNCS([arc4random_buf getentropy])
|
||||||
|
|
||||||
|
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
|
||||||
|
|
||||||
|
Index: xorg-server-1.19.3/include/dix-config.h.in
|
||||||
|
===================================================================
|
||||||
|
--- xorg-server-1.19.3.orig/include/dix-config.h.in
|
||||||
|
+++ xorg-server-1.19.3/include/dix-config.h.in
|
||||||
|
@@ -167,6 +167,9 @@
|
||||||
|
/* Define to 1 if you have the `arc4random_buf' function. */
|
||||||
|
#undef HAVE_ARC4RANDOM_BUF
|
||||||
|
|
||||||
|
+/* Define to 1 if you have the `getentropy' function. */
|
||||||
|
+#undef HAVE_GETENTROPY
|
||||||
|
+
|
||||||
|
/* Define to use libc SHA1 functions */
|
||||||
|
#undef HAVE_SHA1_IN_LIBC
|
||||||
|
|
||||||
|
@@ -244,6 +247,9 @@
|
||||||
|
/* Define to 1 if you have the <sys/utsname.h> header file. */
|
||||||
|
#undef HAVE_SYS_UTSNAME_H
|
||||||
|
|
||||||
|
+/* Define to 1 if you have the <sys/syscall.h> header file. */
|
||||||
|
+#undef HAVE_SYS_SYSCALL_H
|
||||||
|
+
|
||||||
|
/* Define to 1 if you have the `timingsafe_memcmp' function. */
|
||||||
|
#undef HAVE_TIMINGSAFE_MEMCMP
|
||||||
|
|
||||||
|
Index: xorg-server-1.19.3/os/auth.c
|
||||||
|
===================================================================
|
||||||
|
--- xorg-server-1.19.3.orig/os/auth.c
|
||||||
|
+++ xorg-server-1.19.3/os/auth.c
|
||||||
|
@@ -48,6 +48,10 @@ from The Open Group.
|
||||||
|
#ifdef HAVE_LIBBSD
|
||||||
|
#include <bsd/stdlib.h> /* for arc4random_buf() */
|
||||||
|
#endif
|
||||||
|
+#include <errno.h>
|
||||||
|
+#ifdef HAVE_SYS_SYSCALL_H
|
||||||
|
+#include <syscall.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
struct protocol {
|
||||||
|
unsigned short name_length;
|
||||||
|
@@ -302,18 +306,142 @@ GenerateAuthorization(unsigned name_leng
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if ! defined(HAVE_ARC4RANDOM_BUF)
|
||||||
|
+
|
||||||
|
+// fallback function to get random data directly from /dev/urandom
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+GetUrandom ( char *buffer, size_t length )
|
||||||
|
+{
|
||||||
|
+ int random_fd = -1;
|
||||||
|
+ int res = -1;
|
||||||
|
+ size_t filled = 0;
|
||||||
|
+
|
||||||
|
+ // larger requests are typically rejected by getentropy() / getrandom()
|
||||||
|
+ // because they could block or return partially filled buffers
|
||||||
|
+ if( length > 256 ) {
|
||||||
|
+ errno = EIO;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ random_fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
|
||||||
|
+
|
||||||
|
+ if( random_fd == -1 ) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while( filled < length ) {
|
||||||
|
+ res = read(random_fd, (char*)buffer + filled, length - filled);
|
||||||
|
+
|
||||||
|
+ if( res == -1 ) {
|
||||||
|
+ // shouldn't actually happen acc. to man(4) random,
|
||||||
|
+ // but you never know
|
||||||
|
+ if( errno == EINTR ) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ res = errno;
|
||||||
|
+ close(random_fd);
|
||||||
|
+ errno = res;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ else if( res == 0 ) {
|
||||||
|
+ close(random_fd);
|
||||||
|
+ // no more bytes available? should not happen
|
||||||
|
+ errno = EIO;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ filled += res;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ close(random_fd);
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#endif // ! defined(HAVE_ARC4RANDOM_BUF)
|
||||||
|
+
|
||||||
|
+#if !defined(HAVE_GETENTROPY) && defined(HAVE_SYS_SYSCALL_H) && defined(SYS_getrandom)
|
||||||
|
+# define TRY_GETRANDOM
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifdef TRY_GETRANDOM
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * wrapper for the getrandom() syscall which was for a long time implemented
|
||||||
|
+ * in the Linux kernel, but not wrapped in glibc
|
||||||
|
+ */
|
||||||
|
+static int
|
||||||
|
+GetRandom ( char *buffer, size_t length )
|
||||||
|
+{
|
||||||
|
+ int res;
|
||||||
|
+ size_t filled = 0;
|
||||||
|
+
|
||||||
|
+ // larger requests are typically rejected by getentropy() / getrandom()
|
||||||
|
+ // because they could block or return partially filled buffers
|
||||||
|
+ if( length > 256 )
|
||||||
|
+ {
|
||||||
|
+ errno = EIO;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while( filled < length )
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * glibc does not contain a syscall wrapper for this in older
|
||||||
|
+ * versions
|
||||||
|
+ */
|
||||||
|
+ res = syscall(SYS_getrandom, (char*)buffer + filled, length - filled, 0);
|
||||||
|
+
|
||||||
|
+ if( res == -1 )
|
||||||
|
+ {
|
||||||
|
+ if( errno == EINTR ) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ else if( res == 0 )
|
||||||
|
+ {
|
||||||
|
+ // no more bytes available? should not happen
|
||||||
|
+ errno = EIO;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ filled += res;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#endif /* TRY_GETRANDOM */
|
||||||
|
+
|
||||||
|
void
|
||||||
|
GenerateRandomData(int len, char *buf)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_ARC4RANDOM_BUF
|
||||||
|
arc4random_buf(buf, len);
|
||||||
|
#else
|
||||||
|
- int fd;
|
||||||
|
+ int ret = -1;
|
||||||
|
+# ifdef HAVE_GETENTROPY
|
||||||
|
+ /* use getentropy instead */
|
||||||
|
+ ret = getentropy (buf, len);
|
||||||
|
+# elif defined(TRY_GETRANDOM)
|
||||||
|
+ /* try getrandom() wrapper */
|
||||||
|
+ ret = GetRandom(buf, len);
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
+ if( ret == -1 ) {
|
||||||
|
+ // fallback to manual reading of /dev/urandom
|
||||||
|
+ ret = GetUrandom(buf, len);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- fd = open("/dev/urandom", O_RDONLY);
|
||||||
|
- read(fd, buf, len);
|
||||||
|
- close(fd);
|
||||||
|
-#endif
|
||||||
|
+ if( ret == -1 ) {
|
||||||
|
+ // no error return possible, rather abort than have security problems
|
||||||
|
+ OsAbort();
|
||||||
|
+ }
|
||||||
|
+#endif // HAVE_ARC4RANDOM_BUF
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* XCSECURITY */
|
@ -1,3 +1,27 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 14 13:52:36 UTC 2017 - sndirsch@suse.com
|
||||||
|
|
||||||
|
- disable Xwayland for s390x again; it was wrong to enable it;
|
||||||
|
there is no Wayland on s390x and will most likely never exist,
|
||||||
|
since there is no gfx card on such systems and no gfx emulation
|
||||||
|
either (bsc#1047173)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 13 13:20:07 UTC 2017 - sndirsch@suse.com
|
||||||
|
|
||||||
|
- u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
|
||||||
|
If arc4random_buf() is not available for generating cookies:
|
||||||
|
* use getentropy(), if available (which was only recently added to
|
||||||
|
glibc)
|
||||||
|
* use getrandom() via syscall(), if available (there was no glibc
|
||||||
|
wrapper for this syscall for a long time)
|
||||||
|
* if all else fails, directly read from /dev/urandom as before, but
|
||||||
|
employ O_CLOEXEC, do an OsAbort() in case the random data couldn't be
|
||||||
|
read to avoid unsecure situations. Don't know if that's too hard a
|
||||||
|
measure but it shouldn't actually occur except on maximum number of
|
||||||
|
FDs reached
|
||||||
|
(bsc#1025084)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 7 09:13:23 UTC 2017 - msrb@suse.com
|
Fri Jul 7 09:13:23 UTC 2017 - msrb@suse.com
|
||||||
|
|
||||||
|
@ -16,11 +16,13 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%ifarch s390 s390x
|
||||||
|
%define have_wayland 0
|
||||||
|
%else
|
||||||
%define pci_ids_dir %{_sysconfdir}/X11/xorg_pci_ids
|
%define pci_ids_dir %{_sysconfdir}/X11/xorg_pci_ids
|
||||||
%if 0%{?suse_version} >= 1330 || 0%{?build_xwayland}
|
%if 0%{?suse_version} >= 1330 || 0%{?build_xwayland}
|
||||||
%define have_wayland 1
|
%define have_wayland 1
|
||||||
%else
|
%endif
|
||||||
%define have_wayland 0
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%define build_suid_wrapper 0
|
%define build_suid_wrapper 0
|
||||||
@ -206,6 +208,7 @@ Patch211: U_Xi-Do-not-try-to-swap-GenericEvent.patch
|
|||||||
Patch212: U_Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch
|
Patch212: U_Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch
|
||||||
Patch213: U_Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch
|
Patch213: U_Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch
|
||||||
Patch214: U_dix-Disallow-GenericEvent-in-SendEvent-request.patch
|
Patch214: U_dix-Disallow-GenericEvent-in-SendEvent-request.patch
|
||||||
|
Patch215: u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch
|
||||||
|
|
||||||
Patch1000: n_xserver-optimus-autoconfig-hack.patch
|
Patch1000: n_xserver-optimus-autoconfig-hack.patch
|
||||||
|
|
||||||
@ -342,6 +345,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
|
|||||||
%patch212 -p1
|
%patch212 -p1
|
||||||
%patch213 -p1
|
%patch213 -p1
|
||||||
%patch214 -p1
|
%patch214 -p1
|
||||||
|
%patch215 -p1
|
||||||
|
|
||||||
### disabled for now
|
### disabled for now
|
||||||
#%patch1000 -p1
|
#%patch1000 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user