From fbcb773284763605a4619cb28727612b0778416ad99004c3738b14464ede0089 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Wed, 17 Jun 2015 10:50:34 +0000 Subject: [PATCH] Accepting request 312322 from home:tobijk:X11:XOrg - Update to version 1.17.2: Pick up a pile of fixes from master. Notable highlights: + Fix for CVE-2015-3164 in Xwayland + Fix int10 setup for vesa + Fix regression in server-interpreted auth + Fix fb setup on big-endian CPUs + Build fix for for gcc5 - Dropped patches: + Patch110: u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch + Patch113: u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch + Patch116: U_os-XDMCP-options-like-query-etc-should-imply-listen.patch + Patch118: U_int10-Fix-error-check-for-pci_device_map_legacy.patch + Patch119: U_xwayland-enable-access-control-on-open-socket.patch + Patch120: U_os-support-new-implicit-local-user-access-mode.patch + Patch121: U_xwayland-default-to-local-user-if-no-xauth-file-given.patch + Patch2000: U_systemd-logind-filter-out-non-signal-messages-from.patch + Patch2001: U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch - Changed patches to work with the new version: + Patch114: u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch OBS-URL: https://build.opensuse.org/request/show/312322 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=576 --- ...rror-check-for-pci_device_map_legacy.patch | 45 ---- ...s-like-query-etc-should-imply-listen.patch | 82 ------ ...-new-implicit-local-user-access-mode.patch | 245 ------------------ ...-dont-second-guess-D-Bus-default-tim.patch | 96 ------- ...-filter-out-non-signal-messages-from.patch | 36 --- ...to-local-user-if-no-xauth-file-given.patch | 32 --- ...enable-access-control-on-open-socket.patch | 32 --- ...map-s-truncated-offset-parameter-on-.patch | 4 +- ...llKnownConnections-gets-called-twice.patch | 33 --- ...ols-Fix-sdksyms.sh-to-cope-with-gcc5.patch | 47 ---- xorg-server-1.17.1.tar.bz2 | 3 - xorg-server-1.17.2.tar.bz2 | 3 + xorg-x11-server.changes | 23 ++ xorg-x11-server.spec | 31 +-- 14 files changed, 34 insertions(+), 678 deletions(-) delete mode 100644 U_int10-Fix-error-check-for-pci_device_map_legacy.patch delete mode 100644 U_os-XDMCP-options-like-query-etc-should-imply-listen.patch delete mode 100644 U_os-support-new-implicit-local-user-access-mode.patch delete mode 100644 U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch delete mode 100644 U_systemd-logind-filter-out-non-signal-messages-from.patch delete mode 100644 U_xwayland-default-to-local-user-if-no-xauth-file-given.patch delete mode 100644 U_xwayland-enable-access-control-on-open-socket.patch delete mode 100644 u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch delete mode 100644 u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch delete mode 100644 xorg-server-1.17.1.tar.bz2 create mode 100644 xorg-server-1.17.2.tar.bz2 diff --git a/U_int10-Fix-error-check-for-pci_device_map_legacy.patch b/U_int10-Fix-error-check-for-pci_device_map_legacy.patch deleted file mode 100644 index 7121beb..0000000 --- a/U_int10-Fix-error-check-for-pci_device_map_legacy.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Jürg Billeter -Date: Sat Feb 7 18:13:21 2015 +0100 -Subject: [PATCH]int10: Fix error check for pci_device_map_legacy -Patch-mainline: Upstream -Git-commit: 0a78b599b34cc8b5fe6fe82f90e90234e8ab7a56 -Git-repo: git://anongit.freedesktop.org/git/xorg/xserver -References: bsc#932319 -Signed-off-by: Egbert Eich - -pci_device_map_legacy returns 0 on success. - -Signed-off-by: Jürg Billeter -Reviewed-by: Adam Jackson -Signed-off-by: Peter Hutterer ---- - hw/xfree86/int10/generic.c | 2 +- - hw/xfree86/os-support/linux/int10/linux.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c -index 012d194..8d5c4da 100644 ---- a/hw/xfree86/int10/generic.c -+++ b/hw/xfree86/int10/generic.c -@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len) - { - void *map; - -- if (!pci_device_map_legacy(dev, 0, len, 0, &map)) -+ if (pci_device_map_legacy(dev, 0, len, 0, &map)) - return FALSE; - - memcpy(buf, map, len); -diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c -index 79b9a88..6ca118f 100644 ---- a/hw/xfree86/os-support/linux/int10/linux.c -+++ b/hw/xfree86/os-support/linux/int10/linux.c -@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int base, int len) - { - void *map; - -- if (!pci_device_map_legacy(dev, base, len, 0, &map)) -+ if (pci_device_map_legacy(dev, base, len, 0, &map)) - return FALSE; - - memcpy(buf, map, len); diff --git a/U_os-XDMCP-options-like-query-etc-should-imply-listen.patch b/U_os-XDMCP-options-like-query-etc-should-imply-listen.patch deleted file mode 100644 index ec4fa3b..0000000 --- a/U_os-XDMCP-options-like-query-etc-should-imply-listen.patch +++ /dev/null @@ -1,82 +0,0 @@ -Git-commit: 491cf02e191e70c5ce24c19da880bb79bebfc03c -Author: Jon TURNEY -Subject: os: XDMCP options like -query etc. should imply -listen tcp -Patch-Mainline: Upstream -Signed-off-by: Michal Srb - -In X server 1.17, the default configuration is now -nolisten tcp. In this -configuration, XDMCP options don't work usefully, as the X server is not -listening on the port for the display that it tells the display manager to -connect to. - -Signed-off-by: Jon TURNEY -Reviewed-by: Alan Coopersmith -Reviewed-by: Colin Harrison ---- - os/xdmcp.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/os/xdmcp.c b/os/xdmcp.c -index b6e97c9..bc5a707 100644 ---- a/os/xdmcp.c -+++ b/os/xdmcp.c -@@ -48,6 +48,11 @@ - #include - #endif - -+#define XSERV_t -+#define TRANS_SERVER -+#define TRANS_REOPEN -+#include -+ - #ifdef XDMCP - #undef REQUEST - -@@ -242,6 +247,14 @@ XdmcpUseMsg(void) - ErrorF("-displayID display-id manufacturer display ID for request\n"); - } - -+static void -+XdmcpDefaultListen(void) -+{ -+ /* Even when configured --disable-listen-tcp, we should listen on tcp in -+ XDMCP modes */ -+ _XSERVTransListen("tcp"); -+} -+ - int - XdmcpOptions(int argc, char **argv, int i) - { -@@ -249,11 +262,13 @@ XdmcpOptions(int argc, char **argv, int i) - get_manager_by_name(argc, argv, i++); - XDM_INIT_STATE = XDM_QUERY; - AccessUsingXdmcp(); -+ XdmcpDefaultListen(); - return i + 1; - } - if (strcmp(argv[i], "-broadcast") == 0) { - XDM_INIT_STATE = XDM_BROADCAST; - AccessUsingXdmcp(); -+ XdmcpDefaultListen(); - return i + 1; - } - #if defined(IPv6) && defined(AF_INET6) -@@ -261,6 +276,7 @@ XdmcpOptions(int argc, char **argv, int i) - i = get_mcast_options(argc, argv, ++i); - XDM_INIT_STATE = XDM_MULTICAST; - AccessUsingXdmcp(); -+ XdmcpDefaultListen(); - return i + 1; - } - #endif -@@ -268,6 +284,7 @@ XdmcpOptions(int argc, char **argv, int i) - get_manager_by_name(argc, argv, i++); - XDM_INIT_STATE = XDM_INDIRECT; - AccessUsingXdmcp(); -+ XdmcpDefaultListen(); - return i + 1; - } - if (strcmp(argv[i], "-port") == 0) { --- -2.3.3 - diff --git a/U_os-support-new-implicit-local-user-access-mode.patch b/U_os-support-new-implicit-local-user-access-mode.patch deleted file mode 100644 index e5667ef..0000000 --- a/U_os-support-new-implicit-local-user-access-mode.patch +++ /dev/null @@ -1,245 +0,0 @@ -Subject: os: support new implicit local user access mode -Author: Ray Strode -Path-mainline: Upstream -Git-commit: 4b4b9086d02b80549981d205fb1f495edc373538 -References: bnc#934102 CVE-2015-3164 -Signed-off-by: Michal Srb - -If the X server is started without a '-auth' argument, then -it gets started wide open to all local users on the system. - -This isn't a great default access model, but changing it in -Xorg at this point would break backward compatibility. - -Xwayland, on the other hand is new, and much more targeted -in scope. It could, in theory, be changed to allow the much -more secure default of a "user who started X server can connect -clients to that server." - -This commit paves the way for that change, by adding a mechanism -for DDXs to opt-in to that behavior. They merely need to call - -LocalAccessScopeUser() - -in their init functions. - -A subsequent commit will add that call for Xwayland. - -Signed-off-by: Ray Strode -Reviewed-by: Daniel Stone -Reviewed-by: Alan Coopersmith -Signed-off-by: Keith Packard - -diff --git a/include/os.h b/include/os.h -index 6638c84..b2b96c8 100644 ---- a/include/os.h -+++ b/include/os.h -@@ -431,11 +431,28 @@ extern _X_EXPORT void - ResetHosts(const char *display); - - extern _X_EXPORT void -+EnableLocalAccess(void); -+ -+extern _X_EXPORT void -+DisableLocalAccess(void); -+ -+extern _X_EXPORT void - EnableLocalHost(void); - - extern _X_EXPORT void - DisableLocalHost(void); - -+#ifndef NO_LOCAL_CLIENT_CRED -+extern _X_EXPORT void -+EnableLocalUser(void); -+ -+extern _X_EXPORT void -+DisableLocalUser(void); -+ -+extern _X_EXPORT void -+LocalAccessScopeUser(void); -+#endif -+ - extern _X_EXPORT void - AccessUsingXdmcp(void); - -diff --git a/os/access.c b/os/access.c -index 8fa028e..75e7a69 100644 ---- a/os/access.c -+++ b/os/access.c -@@ -102,6 +102,10 @@ SOFTWARE. - #include - #include - -+#ifndef NO_LOCAL_CLIENT_CRED -+#include -+#endif -+ - #if defined(TCPCONN) || defined(STREAMSCONN) - #include - #endif /* TCPCONN || STREAMSCONN */ -@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; - static int LocalHostRequested = FALSE; - static int UsingXdmcp = FALSE; - -+static enum { -+ LOCAL_ACCESS_SCOPE_HOST = 0, -+#ifndef NO_LOCAL_CLIENT_CRED -+ LOCAL_ACCESS_SCOPE_USER, -+#endif -+} LocalAccessScope; -+ - /* FamilyServerInterpreted implementation */ - static Bool siAddrMatch(int family, void *addr, int len, HOST * host, - ClientPtr client); -@@ -237,6 +248,21 @@ static void siTypesInitialize(void); - */ - - void -+EnableLocalAccess(void) -+{ -+ switch (LocalAccessScope) { -+ case LOCAL_ACCESS_SCOPE_HOST: -+ EnableLocalHost(); -+ break; -+#ifndef NO_LOCAL_CLIENT_CRED -+ case LOCAL_ACCESS_SCOPE_USER: -+ EnableLocalUser(); -+ break; -+#endif -+ } -+} -+ -+void - EnableLocalHost(void) - { - if (!UsingXdmcp) { -@@ -249,6 +275,21 @@ EnableLocalHost(void) - * called when authorization is enabled to keep us secure - */ - void -+DisableLocalAccess(void) -+{ -+ switch (LocalAccessScope) { -+ case LOCAL_ACCESS_SCOPE_HOST: -+ DisableLocalHost(); -+ break; -+#ifndef NO_LOCAL_CLIENT_CRED -+ case LOCAL_ACCESS_SCOPE_USER: -+ DisableLocalUser(); -+ break; -+#endif -+ } -+} -+ -+void - DisableLocalHost(void) - { - HOST *self; -@@ -262,6 +303,74 @@ DisableLocalHost(void) - } - } - -+#ifndef NO_LOCAL_CLIENT_CRED -+static int GetLocalUserAddr(char **addr) -+{ -+ static const char *type = "localuser"; -+ static const char delimiter = '\0'; -+ static const char *value; -+ struct passwd *pw; -+ int length = -1; -+ -+ pw = getpwuid(getuid()); -+ -+ if (pw == NULL || pw->pw_name == NULL) -+ goto out; -+ -+ value = pw->pw_name; -+ -+ length = asprintf(addr, "%s%c%s", type, delimiter, value); -+ -+ if (length == -1) { -+ goto out; -+ } -+ -+ /* Trailing NUL */ -+ length++; -+ -+out: -+ return length; -+} -+ -+void -+EnableLocalUser(void) -+{ -+ char *addr = NULL; -+ int length = -1; -+ -+ length = GetLocalUserAddr(&addr); -+ -+ if (length == -1) -+ return; -+ -+ NewHost(FamilyServerInterpreted, addr, length, TRUE); -+ -+ free(addr); -+} -+ -+void -+DisableLocalUser(void) -+{ -+ char *addr = NULL; -+ int length = -1; -+ -+ length = GetLocalUserAddr(&addr); -+ -+ if (length == -1) -+ return; -+ -+ RemoveHost(NULL, FamilyServerInterpreted, length, addr); -+ -+ free(addr); -+} -+ -+void -+LocalAccessScopeUser(void) -+{ -+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER; -+} -+#endif -+ - /* - * called at init time when XDMCP will be used; xdmcp always - * adds local hosts manually when needed -diff --git a/os/auth.c b/os/auth.c -index 5fcb538..7da6fc6 100644 ---- a/os/auth.c -+++ b/os/auth.c -@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, - - /* - * If the authorization file has at least one entry for this server, -- * disable local host access. (loadauth > 0) -+ * disable local access. (loadauth > 0) - * - * If there are zero entries (either initially or when the - * authorization file is later reloaded), or if a valid -- * authorization file was never loaded, enable local host access. -+ * authorization file was never loaded, enable local access. - * (loadauth == 0 || !loaded) - * - * If the authorization file was loaded initially (with valid -@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, - */ - - if (loadauth > 0) { -- DisableLocalHost(); /* got at least one */ -+ DisableLocalAccess(); /* got at least one */ - loaded = TRUE; - } - else if (loadauth == 0 || !loaded) -- EnableLocalHost(); -+ EnableLocalAccess(); - } - if (name_length) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { diff --git a/U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch b/U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch deleted file mode 100644 index b8ba021..0000000 --- a/U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch +++ /dev/null @@ -1,96 +0,0 @@ -From b1029716e41e252f149b82124a149da180607c96 Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Thu, 16 Apr 2015 11:28:16 -0400 -Subject: systemd-logind: don't second guess D-Bus default timeout - -At the moment, the X server uses a non-default timeout for D-Bus -messages to systemd-logind. The only timeouts normally used with -D-Bus are: - -1) Infinite -2) Default - -Anything else is just as arbitrary as Default, and so rarely makes -sense to use instead of Default. - -Put another way, there's little reason to be fault tolerant against -a local root running daemon (logind), that in some configurations, the -X server already depends on for proper functionality. - -This commit changes systemd-logind to just use the default timeouts. - -Downstream-bug: https://bugzilla.redhat.com/show_bug.cgi?id=1209347 -Signed-off-by: Ray Strode -Reviewed-by: Hans de Goede -Signed-off-by: Keith Packard - -diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c -index 57c87c0..4ad41a3 100644 ---- a/hw/xfree86/os-support/linux/systemd-logind.c -+++ b/hw/xfree86/os-support/linux/systemd-logind.c -@@ -40,8 +40,6 @@ - - #include "systemd-logind.h" - --#define DBUS_TIMEOUT 500 /* Wait max 0.5 seconds */ -- - struct systemd_logind_info { - DBusConnection *conn; - char *session; -@@ -130,7 +128,7 @@ systemd_logind_take_fd(int _major, int _minor, const char *path, - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: failed to take device %s: %s\n", - path, error.message); -@@ -207,7 +205,7 @@ systemd_logind_release_fd(int _major, int _minor, int fd) - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) - LogMessage(X_ERROR, "systemd-logind: failed to release device: %s\n", - error.message); -@@ -289,7 +287,7 @@ systemd_logind_ack_pause(struct systemd_logind_info *info, - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) - LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n", - error.message); -@@ -457,7 +455,7 @@ connect_hook(DBusConnection *connection, void *data) - } - - reply = dbus_connection_send_with_reply_and_block(connection, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: failed to get session: %s\n", - error.message); -@@ -492,7 +490,7 @@ connect_hook(DBusConnection *connection, void *data) - } - - reply = dbus_connection_send_with_reply_and_block(connection, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: TakeControl failed: %s\n", - error.message); -@@ -564,7 +562,7 @@ systemd_logind_release_control(struct systemd_logind_info *info) - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: ReleaseControl failed: %s\n", - error.message); --- -cgit v0.10.2 - diff --git a/U_systemd-logind-filter-out-non-signal-messages-from.patch b/U_systemd-logind-filter-out-non-signal-messages-from.patch deleted file mode 100644 index 1a31445..0000000 --- a/U_systemd-logind-filter-out-non-signal-messages-from.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 792e9251670ce94210df5c6d354059bbb97f4478 Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Thu, 16 Apr 2015 11:28:15 -0400 -Subject: systemd-logind: filter out non-signal messages from message filter - -It's possible to receive a message reply in the message filter if a -previous message call timed out locally before the reply arrived. - -The message_filter function only handles signals, at the moment, and -does not properly handle message replies. - -This commit changes the message_filter function to filter out all -non-signal messages, including spurious message replies. - -Downstream-bug: https://bugzilla.redhat.com/show_bug.cgi?id=1209347 -Signed-off-by: Ray Strode -Reviewed-by: Hans de Goede -Signed-off-by: Keith Packard - -diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c -index 49758f4..57c87c0 100644 ---- a/hw/xfree86/os-support/linux/systemd-logind.c -+++ b/hw/xfree86/os-support/linux/systemd-logind.c -@@ -313,6 +313,9 @@ message_filter(DBusConnection * connection, DBusMessage * message, void *data) - dbus_int32_t major, minor; - char *pause_str; - -+ if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL) -+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -+ - dbus_error_init(&error); - - if (dbus_message_is_signal(message, --- -cgit v0.10.2 - diff --git a/U_xwayland-default-to-local-user-if-no-xauth-file-given.patch b/U_xwayland-default-to-local-user-if-no-xauth-file-given.patch deleted file mode 100644 index 11e7b12..0000000 --- a/U_xwayland-default-to-local-user-if-no-xauth-file-given.patch +++ /dev/null @@ -1,32 +0,0 @@ -Subject: xwayland: default to local user if no xauth file given. -Author: Ray Strode -Path-mainline: Upstream -Git-commit: 76636ac12f2d1dbdf7be08222f80e7505d53c451 -References: bnc#934102 CVE-2015-3164 -Signed-off-by: Michal Srb - -Right now if "-auth" isn't passed on the command line, we let -any user on the system connect to the Xwayland server. - -That's clearly suboptimal, given Xwayland is generally designed -to be used by one user at a time. - -This commit changes the behavior, so only the user who started the -X server can connect clients to it. - -Signed-off-by: Ray Strode -Reviewed-by: Daniel Stone -Reviewed-by: Alan Coopersmith -Signed-off-by: Keith Packard - -diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c -index c5bee77..bc92beb 100644 ---- a/hw/xwayland/xwayland.c -+++ b/hw/xwayland/xwayland.c -@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) - if (AddScreen(xwl_screen_init, argc, argv) == -1) { - FatalError("Couldn't add screen\n"); - } -+ -+ LocalAccessScopeUser(); - } diff --git a/U_xwayland-enable-access-control-on-open-socket.patch b/U_xwayland-enable-access-control-on-open-socket.patch deleted file mode 100644 index 15b7101..0000000 --- a/U_xwayland-enable-access-control-on-open-socket.patch +++ /dev/null @@ -1,32 +0,0 @@ -Subject: xwayland: Enable access control on open sockets -Author: Ray Strode -Path-mainline: Upstream -Git-commit: c4534a38b68aa07fb82318040dc8154fb48a9588 -References: bnc#934102 CVE-2015-3164 -Signed-off-by: Michal Srb - -Xwayland currently allows wide-open access to the X sockets -it listens on, ignoring Xauth access control. - -This commit makes sure to enable access control on the sockets, -so one user can't snoop on another user's X-over-wayland -applications. - -Signed-off-by: Ray Strode -Reviewed-by: Daniel Stone -Reviewed-by: Alan Coopersmith -Signed-off-by: Keith Packard - -diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c -index 7e8d667..c5bee77 100644 ---- a/hw/xwayland/xwayland.c -+++ b/hw/xwayland/xwayland.c -@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) - int i; - - for (i = 0; i < xwl_screen->listen_fd_count; i++) -- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); -+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); - } - - static void diff --git a/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch b/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch index 6114c3e..b273533 100644 --- a/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch +++ b/u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch @@ -14,8 +14,8 @@ index 58d420e..95b34a2 100644 --- a/hw/xfree86/drivers/modesetting/dumb_bo.c +++ b/hw/xfree86/drivers/modesetting/dumb_bo.c @@ -25,6 +25,12 @@ - * - */ + #include "dix-config.h" + #endif +/* + * ad hoc fix for mmap's truncated offset parameter on 32bit diff --git a/u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch b/u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch deleted file mode 100644 index f761d28..0000000 --- a/u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Egbert Eich -Date: Fri May 23 20:08:29 2014 +0200 -Subject: [PATCH]connection: avoid crash when CloseWellKnownConnections() gets called twice -Patch-mainline: to be upstreamed -Git-commit: 74472c4e8e4c873014554f321ec2086066126297 -Git-repo: -References: bnc#879666, bnc#879489 -Signed-off-by: Egbert Eich - -CloseWellKnownConnections() closes all connections and deallocates -their data. Thus all entries in ListenTransConns are invalid. -To avoid access to those entries set ListenTransCount to 0. -This avoids crashes when CloseWellKnownConnections() is called twice -for instance when FatalError() is called on Xserver shutdown. - -Signed-off-by: Egbert Eich ---- - os/connection.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/os/connection.c b/os/connection.c -index 162e1d9..3c0b62a 100644 ---- a/os/connection.c -+++ b/os/connection.c -@@ -513,6 +513,8 @@ CloseWellKnownConnections(void) - - for (i = 0; i < ListenTransCount; i++) - _XSERVTransClose(ListenTransConns[i]); -+ -+ ListenTransCount = 0; - } - - static void diff --git a/u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch b/u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch deleted file mode 100644 index 8c7e9cb..0000000 --- a/u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Egbert Eich -Date: Fri Feb 6 14:56:57 2015 +0100 -Subject: [PATCH]symbols: Fix sdksyms.sh to cope with gcc5 -Patch-mainline: to be upstreamed - -References: bnc#916580 -Signed-off-by: Egbert Eich - -Gcc5 adds additional lines stating line numbers before and -after __attribute__() which need to be skipped. - -Signed-off-by: Egbert Eich ---- - hw/xfree86/sdksyms.sh | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh -index d9a4478..2936669 100755 ---- a/hw/xfree86/sdksyms.sh -+++ b/hw/xfree86/sdksyms.sh -@@ -353,13 +353,25 @@ BEGIN { - if (sdk) { - n = 3; - -+ # skip line numbers GCC 5 adds before __attribute__ -+ while ($n == "" || $0 ~ /^# [0-9]+ "/) { -+ getline; -+ n = 1; -+ } -+ - # skip attribute, if any - while ($n ~ /^(__attribute__|__global)/ || - # skip modifiers, if any - $n ~ /^\*?(unsigned|const|volatile|struct|_X_EXPORT)$/ || - # skip pointer -- $n ~ /^[a-zA-Z0-9_]*\*$/) -+ $n ~ /^[a-zA-Z0-9_]*\*$/) { - n++; -+ # skip line numbers GCC 5 adds after __attribute__ -+ while ($n == "" || $0 ~ /^# [0-9]+ "/) { -+ getline; -+ n = 1; -+ } -+ } - - # type specifier may not be set, as in - # extern _X_EXPORT unsigned name(...) diff --git a/xorg-server-1.17.1.tar.bz2 b/xorg-server-1.17.1.tar.bz2 deleted file mode 100644 index 37ca7c4..0000000 --- a/xorg-server-1.17.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab -size 5852385 diff --git a/xorg-server-1.17.2.tar.bz2 b/xorg-server-1.17.2.tar.bz2 new file mode 100644 index 0000000..4bc1c49 --- /dev/null +++ b/xorg-server-1.17.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f61120612728f2c5034671d0ca3e2273438c60aba93b3dda4a8aa40e6a257993 +size 5767983 diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 3808f29..7541447 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Tue Jun 16 21:07:03 UTC 2015 - tobias.johannes.klausmann@mni.thm.de + +- Update to version 1.17.2: + Pick up a pile of fixes from master. Notable highlights: + + Fix for CVE-2015-3164 in Xwayland + + Fix int10 setup for vesa + + Fix regression in server-interpreted auth + + Fix fb setup on big-endian CPUs + + Build fix for for gcc5 +- Dropped patches: + + Patch110: u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch + + Patch113: u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch + + Patch116: U_os-XDMCP-options-like-query-etc-should-imply-listen.patch + + Patch118: U_int10-Fix-error-check-for-pci_device_map_legacy.patch + + Patch119: U_xwayland-enable-access-control-on-open-socket.patch + + Patch120: U_os-support-new-implicit-local-user-access-mode.patch + + Patch121: U_xwayland-default-to-local-user-if-no-xauth-file-given.patch + + Patch2000: U_systemd-logind-filter-out-non-signal-messages-from.patch + + Patch2001: U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch +- Changed patches to work with the new version: + + Patch114: u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch + ------------------------------------------------------------------- Fri Jun 12 11:58:43 UTC 2015 - msrb@suse.com diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 99ccf54..62bb02f 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -18,7 +18,7 @@ Name: xorg-x11-server -%define dirsuffix 1.17.1 +%define dirsuffix 1.17.2 Summary: X License: MIT @@ -159,21 +159,13 @@ Patch104: u_xorg-server-xdmcp.patch Patch105: ux_xserver_xvfb-randr.patch # PATCH-FIX-UPSTREAM u_exa-only-draw-valid-trapezoids.patch bnc#853846 msrb@suse.com -- Fixes possible crash of server using invalid trapezoids. 2013-12-12 patch is waiting in mailing list to be upstreamed. Patch106: u_exa-only-draw-valid-trapezoids.patch -Patch110: u_connection-avoid-crash-when-CloseWellKnownConnections-gets-called-twice.patch Patch111: u_CloseConsole-Don-t-report-FatalError-when-shutting-down.patch Patch112: u_render-Cast-color-masks-to-unsigned-long-before-shifting-them.patch -Patch113: u_symbols-Fix-sdksyms.sh-to-cope-with-gcc5.patch + Patch114: u_ad-hoc-fix-for-mmap-s-truncated-offset-parameter-on-.patch Patch115: N_Force-swcursor-for-KMS-drivers-without-hw-cursor-sup.patch -Patch116: U_os-XDMCP-options-like-query-etc-should-imply-listen.patch + Patch117: xorg-x11-server-byte-order.patch -Patch118: U_int10-Fix-error-check-for-pci_device_map_legacy.patch -# PATCH-FIX-UPSTREAM U_xwayland-enable-access-control-on-open-socket.patch bnc#934102 msrb@suse.com -- Fix CVE-2015-3164 -Patch119: U_xwayland-enable-access-control-on-open-socket.patch -# PATCH-FIX-UPSTREAM U_os-support-new-implicit-local-user-access-mode.patch bnc#934102 msrb@suse.com -- Fix CVE-2015-3164 -Patch120: U_os-support-new-implicit-local-user-access-mode.patch -# PATCH-FIX-UPSTREAM U_xwayland-default-to-local-user-if-no-xauth-file-given.patch bnc#934102 msrb@suse.com -- Fix CVE-2015-3164 -Patch121: U_xwayland-default-to-local-user-if-no-xauth-file-given.patch Patch1000: n_xserver-optimus-autoconfig-hack.patch @@ -181,10 +173,6 @@ Patch1162: b_cache-xkbcomp-output-for-fast-start-up.patch Patch1211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch Patch1222: b_sync-fix.patch -# PATCH-FIX-UPSTREAM U_systemd-logind-* rh#1209347 antoine.belvire@laposte.net -- Fix Gnome X session for some hybrid graphics -Patch2000: U_systemd-logind-filter-out-non-signal-messages-from.patch -Patch2001: U_systemd-logind-dont-second-guess-D-Bus-default-tim.patch - %description This package contains the X.Org Server. @@ -262,24 +250,17 @@ cp %{SOURCE90} . %patch104 -p1 %patch105 -p1 %patch106 -p1 -%patch110 -p1 + %patch111 -p1 %patch112 -p1 -%patch113 -p1 + %patch114 -p1 %patch115 -p1 -%patch116 -p1 + %patch117 -p1 -%patch118 -p1 -%patch119 -p1 -%patch120 -p1 -%patch121 -p1 %patch1000 -p1 -%patch2000 -p1 -%patch2001 -p1 - ### disabled for now #%patch1162 -p1 ### disabled for now