diff options
10 files changed, 4 insertions, 1129 deletions
diff --git a/xorg-server-hwcursor-gamma/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch b/xorg-server-hwcursor-gamma/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch deleted file mode 100644 index 75e5bb9..0000000 --- a/xorg-server-hwcursor-gamma/0001-int10-Fix-error-check-for-pci_device_map_legacy.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0a78b599b34cc8b5fe6fe82f90e90234e8ab7a56 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=BCrg=20Billeter?= <j@bitron.ch> -Date: Sat, 7 Feb 2015 18:13:21 +0100 -Subject: [PATCH] int10: Fix error check for pci_device_map_legacy -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -pci_device_map_legacy returns 0 on success. - -Signed-off-by: Jürg Billeter <j@bitron.ch> -Reviewed-by: Adam Jackson <ajax@redhat.com> -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> ---- - hw/xfree86/int10/generic.c | 2 +- - hw/xfree86/os-support/linux/int10/linux.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c -index 012d194..8d5c4da 100644 ---- a/hw/xfree86/int10/generic.c -+++ b/hw/xfree86/int10/generic.c -@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len) - { - void *map; - -- if (!pci_device_map_legacy(dev, 0, len, 0, &map)) -+ if (pci_device_map_legacy(dev, 0, len, 0, &map)) - return FALSE; - - memcpy(buf, map, len); -diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c -index 79b9a88..6ca118f 100644 ---- a/hw/xfree86/os-support/linux/int10/linux.c -+++ b/hw/xfree86/os-support/linux/int10/linux.c -@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int base, int len) - { - void *map; - -- if (!pci_device_map_legacy(dev, base, len, 0, &map)) -+ if (pci_device_map_legacy(dev, base, len, 0, &map)) - return FALSE; - - memcpy(buf, map, len); --- -2.3.2 - diff --git a/xorg-server-hwcursor-gamma/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch b/xorg-server-hwcursor-gamma/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch deleted file mode 100644 index 668ae21..0000000 --- a/xorg-server-hwcursor-gamma/0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 41932dfbc841a1adc6512d41085ea3f8ebecb42c Mon Sep 17 00:00:00 2001 -From: Keith Packard <keithp@keithp.com> -Date: Wed, 8 Apr 2015 07:45:28 -0700 -Subject: [PATCH] mi: Partial pie-slice filled arcs may need more space for - spans - -The mi filled arc code estimates that a filled arc will produce no -more spans than the arc is tall. This is true for most arcs except -for pie-slice arcs strictly between 180 and 360 degrees where the missing -portion of the arc faces up or down such that we get two spans on some -scanlines. - -For those, we need to reserve room for another height/2 spans. This -patch just does it for all partial pie-sliced arcs to make the test -easier to understand; it's just over-allocating a bit of memory, so -that's safe. - -Signed-off-by: Keith Packard <keithp@keithp.com> -Reviewed-by: Adam Jackson <ajax@redhat.com> ---- - mi/mifillarc.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/mi/mifillarc.c b/mi/mifillarc.c -index 246d70f..888519e 100644 ---- a/mi/mifillarc.c -+++ b/mi/mifillarc.c -@@ -660,6 +660,11 @@ miPolyFillArc(DrawablePtr pDraw, GCPtr pGC, int narcs_all, xArc * parcs) - if (narcs && nspans + arc->height > MAX_SPANS_PER_LOOP) - break; - nspans += arc->height; -+ -+ /* A pie-slice arc may add another pile of spans */ -+ if (pGC->arcMode == ArcPieSlice && -+ (-FULLCIRCLE < arc->angle2 && arc->angle2 < FULLCIRCLE)) -+ nspans += (arc->height + 1) >> 1; - } - - pts = points = malloc (sizeof (DDXPointRec) * nspans + --- -2.3.5 - diff --git a/xorg-server-hwcursor-gamma/0001-modesetting-Fix-software-cursor-fallback.patch b/xorg-server-hwcursor-gamma/0001-modesetting-Fix-software-cursor-fallback.patch deleted file mode 100644 index ffb0875..0000000 --- a/xorg-server-hwcursor-gamma/0001-modesetting-Fix-software-cursor-fallback.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 63e4f22d5fe3d4247cb48c969b5f7f2690665d78 Mon Sep 17 00:00:00 2001 -From: Adel Gadllah <adel.gadllah@gmail.com> -Date: Fri, 1 May 2015 17:21:12 +0200 -Subject: [PATCH] modesetting: Fix software cursor fallback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The code in drmmode_set_cursor does not properly handle the case where -drmModeSetCursor2 returns any other error than EINVAL and silently fails to set -a cursor. - -So only return when the drmModeSetCursor2 succeeds (i.e returns 0) and disable -the cursor2 usage on EINVAL. - -References: https://bugzilla.redhat.com/show_bug.cgi?id=1205725 -Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com> -Reviewed-by: Michel Dänzer <michel@daenzer.net> ---- - hw/xfree86/drivers/modesetting/drmmode_display.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c -index 824500b..912abda 100644 ---- a/hw/xfree86/drivers/modesetting/drmmode_display.c -+++ b/hw/xfree86/drivers/modesetting/drmmode_display.c -@@ -396,10 +396,10 @@ drmmode_set_cursor(xf86CrtcPtr crtc) - drmModeSetCursor2(drmmode->fd, drmmode_crtc->mode_crtc->crtc_id, - handle, ms->cursor_width, ms->cursor_height, - cursor->bits->xhot, cursor->bits->yhot); -+ if (!ret) -+ return; - if (ret == -EINVAL) - use_set_cursor2 = FALSE; -- else -- return; - } - - ret = drmModeSetCursor(drmmode->fd, drmmode_crtc->mode_crtc->crtc_id, handle, --- -2.1.0 - diff --git a/xorg-server-hwcursor-gamma/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch b/xorg-server-hwcursor-gamma/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch deleted file mode 100644 index 0e0b20d..0000000 --- a/xorg-server-hwcursor-gamma/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001 -From: Hans de Goede <hdegoede@redhat.com> -Date: Wed, 11 Feb 2015 16:26:40 +0100 -Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5. - -gcc5's cpp inserts patterns like this: - -extern - __attribute__((visibility("default"))) - int WaitForSomething(int * - ); - -This patch make sdksyms.sh work with this. Note my awk skills are weak, so -there likely is a better way to deal with this. - -Signed-off-by: Hans de Goede <hdegoede@redhat.com> ---- - hw/xfree86/sdksyms.sh | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh -index 2305073..99b0cae 100755 ---- a/hw/xfree86/sdksyms.sh -+++ b/hw/xfree86/sdksyms.sh -@@ -350,6 +350,23 @@ BEGIN { - if (sdk) { - n = 3; - -+ # detect the following gcc5 cpp pattern and skip it: -+ # extern -+ # # 320 "../../include/os.h" 3 4 -+ # __attribute__((visibility("default"))) -+ # # 320 "../../include/os.h" -+ # Note in this case the "extern " or "extern void " always has -+ # a trailing space -+ if ($0 ~ "^extern.* $") { -+ getline; -+ getline; -+ getline; -+ getline; -+ n = 1; -+ while ($n == " ") -+ n++; -+ } -+ - # skip attribute, if any - while ($n ~ /^(__attribute__|__global)/ || - # skip modifiers, if any --- -2.1.0 - diff --git a/xorg-server-hwcursor-gamma/PKGBUILD b/xorg-server-hwcursor-gamma/PKGBUILD index 6c331ec..753ad39 100644 --- a/xorg-server-hwcursor-gamma/PKGBUILD +++ b/xorg-server-hwcursor-gamma/PKGBUILD @@ -4,8 +4,8 @@ _pkgname=xorg-server pkgname=xorg-server-hwcursor-gamma -pkgver=1.17.1 -pkgrel=7 +pkgver=1.17.2 +pkgrel=1 pkgdesc="Xorg X server with patch to apply gamma ramps on hardware cursors" depends=(libepoxy libxdmcp libxfont libpciaccess libdrm pixman libgcrypt libxau xorg-server-common xf86-input-evdev libxshmfence libgl) provides=("xorg-server=${pkgver}" 'X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21.1' 'X-ABI-EXTENSION_VERSION=9.0' 'x-server') @@ -25,35 +25,17 @@ source=(${url}/releases/individual/xserver/${_pkgname}-${pkgver}.tar.bz2 nvidia-drm-outputclass.conf xvfb-run xvfb-run.1 - os-access-fix-regression-in-server-interpreted-auth.patch - v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch - 0001-int10-Fix-error-check-for-pci_device_map_legacy.patch - 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch - 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch - fix-CVE-2015-3164.patch - systemd-logind-dont-second-guess-D-Bus-default-tim.patch - systemd-logind-filter-out-non-signal-messages-from.patch - 0001-modesetting-Fix-software-cursor-fallback.patch 0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch 0002-Fix-for-full-and-semi-transparency-under-negative-im.patch 0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch) -sha256sums=('2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab' +sha256sums=('f61120612728f2c5034671d0ca3e2273438c60aba93b3dda4a8aa40e6a257993' 'af1c3d2ea5de7f6a6b5f7c60951a189a4749d1495e5462f3157ae7ac8fe1dc56' 'ff0156309470fc1d378fd2e104338020a884295e285972cc88e250e031cc35b9' '2460adccd3362fefd4cdc5f1c70f332d7b578091fb9167bf88b5f91265bbd776' - '8a9d76eecf8795ca645fb1ce261733965578e953f6606153ce001a0e15d036e8' - 'a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9' - '2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071' - 'ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90' - 'b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa' '3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7' '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96' - 'bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28' - 'a8b9670844d784e9a0d6880f5689bbc107e071518acdbaa8c3ce5debca6b663b' - '97e4d5a6cfcf916889c493e232aec6f16d9447eb641bafb6e0afa9b27cfdc47e' - 'a0c0dbf5fe27994d52d5892c9c7cecf72792c5fa35db57b112ee7b17980faa75' 'bea348631dedd66475d84ac2cfe0840f22a80a642b4680d73fead4749e47f055' 'be9169b937b5d0b44f7f05d7c08aaa5f0c1092e128ce261d9cb350f09dfe1fb0' '0a643ae83e03faee0f4db669a33c5b3c99edbba5c86cde2c83962ae536d31081') @@ -65,35 +47,10 @@ prepare() { patch -Np1 -i ../0001-When-an-cursor-is-set-it-is-adjusted-to-use-the.patch patch -Np1 -i ../0002-Fix-for-full-and-semi-transparency-under-negative-im.patch patch -Np1 -i ../0003-Use-Harms-s-suggest-do-not-use-inline-if.-And-fix-si.patch - - msg2 'fix FS#43884, merged upstream' - patch -Np1 -i ../os-access-fix-regression-in-server-interpreted-auth.patch - msg2 'partially fix FS#43867, merged upstream' - patch -Np1 -i ../v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch - - msg2 'fix FS#43924, merged upstream' - patch -Np1 -i ../0001-int10-Fix-error-check-for-pci_device_map_legacy.patch - - msg2 'fix FS#43937, merged upstream' - patch -Np1 -i ../0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch - - msg2 'fix FS#45245, merged upstream' - patch -Np1 -i ../0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch - - msg2 'fix FS#45229, merged upstream' + msg2 'Fix FS#45229, merged upstream' patch -Np1 -i ../0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch patch -Np1 -i ../0002-dix-hook-up-the-unaccelerated-valuator-masks.patch - - msg2 'fix CVE-2015-3164, merged upstream' - patch -Np1 -i ../fix-CVE-2015-3164.patch - - msg2 'Fix FS#44304, merged upstream' - patch -Np1 -i ../systemd-logind-filter-out-non-signal-messages-from.patch - patch -Np1 -i ../systemd-logind-dont-second-guess-D-Bus-default-tim.patch - - msg2 'Fix software cursor fallback (possible fix for FS#44602)' - patch -Np1 -i ../0001-modesetting-Fix-software-cursor-fallback.patch } build() { diff --git a/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch b/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch deleted file mode 100644 index e2ee129..0000000 --- a/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch +++ /dev/null @@ -1,311 +0,0 @@ -From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 -From: Ray Strode <rstrode@redhat.com> -Date: Tue, 5 May 2015 16:43:42 -0400 -Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] - -Xwayland currently allows wide-open access to the X sockets -it listens on, ignoring Xauth access control. - -This commit makes sure to enable access control on the sockets, -so one user can't snoop on another user's X-over-wayland -applications. - -Signed-off-by: Ray Strode <rstrode@redhat.com> -Reviewed-by: Daniel Stone <daniels@collabora.com> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -Signed-off-by: Keith Packard <keithp@keithp.com> - -diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c -index 7e8d667..c5bee77 100644 ---- a/hw/xwayland/xwayland.c -+++ b/hw/xwayland/xwayland.c -@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) - int i; - - for (i = 0; i < xwl_screen->listen_fd_count; i++) -- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); -+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); - } - - static void --- -cgit v0.10.2 -From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 -From: Ray Strode <rstrode@redhat.com> -Date: Tue, 5 May 2015 16:43:43 -0400 -Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] - -If the X server is started without a '-auth' argument, then -it gets started wide open to all local users on the system. - -This isn't a great default access model, but changing it in -Xorg at this point would break backward compatibility. - -Xwayland, on the other hand is new, and much more targeted -in scope. It could, in theory, be changed to allow the much -more secure default of a "user who started X server can connect -clients to that server." - -This commit paves the way for that change, by adding a mechanism -for DDXs to opt-in to that behavior. They merely need to call - -LocalAccessScopeUser() - -in their init functions. - -A subsequent commit will add that call for Xwayland. - -Signed-off-by: Ray Strode <rstrode@redhat.com> -Reviewed-by: Daniel Stone <daniels@collabora.com> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -Signed-off-by: Keith Packard <keithp@keithp.com> - -diff --git a/include/os.h b/include/os.h -index 6638c84..b2b96c8 100644 ---- a/include/os.h -+++ b/include/os.h -@@ -431,11 +431,28 @@ extern _X_EXPORT void - ResetHosts(const char *display); - - extern _X_EXPORT void -+EnableLocalAccess(void); -+ -+extern _X_EXPORT void -+DisableLocalAccess(void); -+ -+extern _X_EXPORT void - EnableLocalHost(void); - - extern _X_EXPORT void - DisableLocalHost(void); - -+#ifndef NO_LOCAL_CLIENT_CRED -+extern _X_EXPORT void -+EnableLocalUser(void); -+ -+extern _X_EXPORT void -+DisableLocalUser(void); -+ -+extern _X_EXPORT void -+LocalAccessScopeUser(void); -+#endif -+ - extern _X_EXPORT void - AccessUsingXdmcp(void); - -diff --git a/os/access.c b/os/access.c -index 8fa028e..75e7a69 100644 ---- a/os/access.c -+++ b/os/access.c -@@ -102,6 +102,10 @@ SOFTWARE. - #include <sys/ioctl.h> - #include <ctype.h> - -+#ifndef NO_LOCAL_CLIENT_CRED -+#include <pwd.h> -+#endif -+ - #if defined(TCPCONN) || defined(STREAMSCONN) - #include <netinet/in.h> - #endif /* TCPCONN || STREAMSCONN */ -@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; - static int LocalHostRequested = FALSE; - static int UsingXdmcp = FALSE; - -+static enum { -+ LOCAL_ACCESS_SCOPE_HOST = 0, -+#ifndef NO_LOCAL_CLIENT_CRED -+ LOCAL_ACCESS_SCOPE_USER, -+#endif -+} LocalAccessScope; -+ - /* FamilyServerInterpreted implementation */ - static Bool siAddrMatch(int family, void *addr, int len, HOST * host, - ClientPtr client); -@@ -237,6 +248,21 @@ static void siTypesInitialize(void); - */ - - void -+EnableLocalAccess(void) -+{ -+ switch (LocalAccessScope) { -+ case LOCAL_ACCESS_SCOPE_HOST: -+ EnableLocalHost(); -+ break; -+#ifndef NO_LOCAL_CLIENT_CRED -+ case LOCAL_ACCESS_SCOPE_USER: -+ EnableLocalUser(); -+ break; -+#endif -+ } -+} -+ -+void - EnableLocalHost(void) - { - if (!UsingXdmcp) { -@@ -249,6 +275,21 @@ EnableLocalHost(void) - * called when authorization is enabled to keep us secure - */ - void -+DisableLocalAccess(void) -+{ -+ switch (LocalAccessScope) { -+ case LOCAL_ACCESS_SCOPE_HOST: -+ DisableLocalHost(); -+ break; -+#ifndef NO_LOCAL_CLIENT_CRED -+ case LOCAL_ACCESS_SCOPE_USER: -+ DisableLocalUser(); -+ break; -+#endif -+ } -+} -+ -+void - DisableLocalHost(void) - { - HOST *self; -@@ -262,6 +303,74 @@ DisableLocalHost(void) - } - } - -+#ifndef NO_LOCAL_CLIENT_CRED -+static int GetLocalUserAddr(char **addr) -+{ -+ static const char *type = "localuser"; -+ static const char delimiter = '\0'; -+ static const char *value; -+ struct passwd *pw; -+ int length = -1; -+ -+ pw = getpwuid(getuid()); -+ -+ if (pw == NULL || pw->pw_name == NULL) -+ goto out; -+ -+ value = pw->pw_name; -+ -+ length = asprintf(addr, "%s%c%s", type, delimiter, value); -+ -+ if (length == -1) { -+ goto out; -+ } -+ -+ /* Trailing NUL */ -+ length++; -+ -+out: -+ return length; -+} -+ -+void -+EnableLocalUser(void) -+{ -+ char *addr = NULL; -+ int length = -1; -+ -+ length = GetLocalUserAddr(&addr); -+ -+ if (length == -1) -+ return; -+ -+ NewHost(FamilyServerInterpreted, addr, length, TRUE); -+ -+ free(addr); -+} -+ -+void -+DisableLocalUser(void) -+{ -+ char *addr = NULL; -+ int length = -1; -+ -+ length = GetLocalUserAddr(&addr); -+ -+ if (length == -1) -+ return; -+ -+ RemoveHost(NULL, FamilyServerInterpreted, length, addr); -+ -+ free(addr); -+} -+ -+void -+LocalAccessScopeUser(void) -+{ -+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER; -+} -+#endif -+ - /* - * called at init time when XDMCP will be used; xdmcp always - * adds local hosts manually when needed -diff --git a/os/auth.c b/os/auth.c -index 5fcb538..7da6fc6 100644 ---- a/os/auth.c -+++ b/os/auth.c -@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, - - /* - * If the authorization file has at least one entry for this server, -- * disable local host access. (loadauth > 0) -+ * disable local access. (loadauth > 0) - * - * If there are zero entries (either initially or when the - * authorization file is later reloaded), or if a valid -- * authorization file was never loaded, enable local host access. -+ * authorization file was never loaded, enable local access. - * (loadauth == 0 || !loaded) - * - * If the authorization file was loaded initially (with valid -@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, - */ - - if (loadauth > 0) { -- DisableLocalHost(); /* got at least one */ -+ DisableLocalAccess(); /* got at least one */ - loaded = TRUE; - } - else if (loadauth == 0 || !loaded) -- EnableLocalHost(); -+ EnableLocalAccess(); - } - if (name_length) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { --- -cgit v0.10.2 -From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 -From: Ray Strode <rstrode@redhat.com> -Date: Tue, 5 May 2015 16:43:44 -0400 -Subject: xwayland: default to local user if no xauth file given. - [CVE-2015-3164 3/3] - -Right now if "-auth" isn't passed on the command line, we let -any user on the system connect to the Xwayland server. - -That's clearly suboptimal, given Xwayland is generally designed -to be used by one user at a time. - -This commit changes the behavior, so only the user who started the -X server can connect clients to it. - -Signed-off-by: Ray Strode <rstrode@redhat.com> -Reviewed-by: Daniel Stone <daniels@collabora.com> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -Signed-off-by: Keith Packard <keithp@keithp.com> - -diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c -index c5bee77..bc92beb 100644 ---- a/hw/xwayland/xwayland.c -+++ b/hw/xwayland/xwayland.c -@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) - if (AddScreen(xwl_screen_init, argc, argv) == -1) { - FatalError("Couldn't add screen\n"); - } -+ -+ LocalAccessScopeUser(); - } --- -cgit v0.10.2 - diff --git a/xorg-server-hwcursor-gamma/os-access-fix-regression-in-server-interpreted-auth.patch b/xorg-server-hwcursor-gamma/os-access-fix-regression-in-server-interpreted-auth.patch deleted file mode 100644 index b96bb7a..0000000 --- a/xorg-server-hwcursor-gamma/os-access-fix-regression-in-server-interpreted-auth.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/os/access.c b/os/access.c -index 28f2d32..fe6e831 100644 ---- a/os/access.c -+++ b/os/access.c -@@ -1390,14 +1390,23 @@ InvalidHost(register struct sockaddr *saddr, int len, ClientPtr client) - else - return 0; - } -+ -+ /* An empty address requires both a NULL addr *and* a zero length -+ * as the address comparison functions call memcmp with both -+ * parameters. Make sure they agree here -+ */ -+ if (addr == NULL) -+ len = 0; -+ if (len == 0) -+ addr = NULL; - for (host = validhosts; host; host = host->next) { - if (host->family == FamilyServerInterpreted) { -- if (addr && siAddrMatch(family, addr, len, host, client)) { -+ if (siAddrMatch(family, addr, len, host, client)) { - return 0; - } - } - else { -- if (addr && addrEqual(family, addr, len, host)) -+ if (addrEqual(family, addr, len, host)) - return 0; - } - diff --git a/xorg-server-hwcursor-gamma/systemd-logind-dont-second-guess-D-Bus-default-tim.patch b/xorg-server-hwcursor-gamma/systemd-logind-dont-second-guess-D-Bus-default-tim.patch deleted file mode 100644 index 0245211..0000000 --- a/xorg-server-hwcursor-gamma/systemd-logind-dont-second-guess-D-Bus-default-tim.patch +++ /dev/null @@ -1,446 +0,0 @@ -From 89250c82a01062775f8f840737a757125138fbce Mon Sep 17 00:00:00 2001 -From: Ray Strode <rstrode@redhat.com> -Date: Fri, 10 Apr 2015 14:19:50 -0400 -Subject: [PATCH] systemd-logind: don't second guess D-Bus default timeout - -At the moment, the X server uses a non-default timeout for D-Bus -messages to systemd-logind. The only timeouts normally used with -D-Bus are: - -1) Infinite -2) Default - -Anything else is just as arbitrary as Default, and so rarely makes -sense to use instead of Default. - -Put another way, there's little reason to be fault tolerant against -a local root running daemon (logind), that in some configurations, the -X server already depends on for proper functionality. - -This commit changes systemd-logind to just use the default timeouts. - -https://bugzilla.redhat.com/show_bug.cgi?id=1209347 ---- - hw/xfree86/os-support/linux/systemd-logind.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c -index 57c87c0..4ad41a3 100644 ---- a/hw/xfree86/os-support/linux/systemd-logind.c -+++ b/hw/xfree86/os-support/linux/systemd-logind.c -@@ -13,62 +13,60 @@ - * Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - * Author: Hans de Goede <hdegoede@redhat.com> - */ - - #ifdef HAVE_XORG_CONFIG_H - #include <xorg-config.h> - #endif - - #include <dbus/dbus.h> - #include <string.h> - #include <sys/types.h> - #include <unistd.h> - - #include "os.h" - #include "dbus-core.h" - #include "xf86.h" - #include "xf86platformBus.h" - #include "xf86Xinput.h" - - #include "systemd-logind.h" - --#define DBUS_TIMEOUT 500 /* Wait max 0.5 seconds */ -- - struct systemd_logind_info { - DBusConnection *conn; - char *session; - Bool active; - Bool vt_active; - }; - - static struct systemd_logind_info logind_info; - - static InputInfoPtr - systemd_logind_find_info_ptr_by_devnum(InputInfoPtr start, - int major, int minor) - { - InputInfoPtr pInfo; - - for (pInfo = start; pInfo; pInfo = pInfo->next) - if (pInfo->major == major && pInfo->minor == minor && - (pInfo->flags & XI86_SERVER_FD)) - return pInfo; - - return NULL; - } - - static void - systemd_logind_set_input_fd_for_all_devs(int major, int minor, int fd, - Bool enable) - { - InputInfoPtr pInfo; - - pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor); -@@ -103,61 +101,61 @@ systemd_logind_take_fd(int _major, int _minor, const char *path, - if (strstr(path, "mouse")) - return -1; - - /* Check if we already have an InputInfo entry with this major, minor - * (shared device-nodes happen ie with Wacom tablets). */ - pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor); - if (pInfo) { - LogMessage(X_INFO, "systemd-logind: returning pre-existing fd for %s %u:%u\n", - path, major, minor); - *paused_ret = FALSE; - return pInfo->fd; - } - - dbus_error_init(&error); - - msg = dbus_message_new_method_call("org.freedesktop.login1", info->session, - "org.freedesktop.login1.Session", "TakeDevice"); - if (!msg) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major, - DBUS_TYPE_UINT32, &minor, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: failed to take device %s: %s\n", - path, error.message); - goto cleanup; - } - - if (!dbus_message_get_args(reply, &error, - DBUS_TYPE_UNIX_FD, &fd, - DBUS_TYPE_BOOLEAN, &paused, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: TakeDevice %s: %s\n", - path, error.message); - goto cleanup; - } - - *paused_ret = paused; - - LogMessage(X_INFO, "systemd-logind: got fd for %s %u:%u fd %d paused %d\n", - path, major, minor, fd, paused); - - cleanup: - if (msg) - dbus_message_unref(msg); - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); - - return fd; - } - -@@ -180,61 +178,61 @@ systemd_logind_release_fd(int _major, int _minor, int fd) - * and minor, otherwise other InputInfo's are still referencing the fd. */ - pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor); - while (pInfo) { - matches++; - pInfo = systemd_logind_find_info_ptr_by_devnum(pInfo->next, major, minor); - } - if (matches > 1) { - LogMessage(X_INFO, "systemd-logind: not releasing fd for %u:%u, still in use\n", major, minor); - return; - } - - LogMessage(X_INFO, "systemd-logind: releasing fd for %u:%u\n", major, minor); - - dbus_error_init(&error); - - msg = dbus_message_new_method_call("org.freedesktop.login1", info->session, - "org.freedesktop.login1.Session", "ReleaseDevice"); - if (!msg) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major, - DBUS_TYPE_UINT32, &minor, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) - LogMessage(X_ERROR, "systemd-logind: failed to release device: %s\n", - error.message); - - cleanup: - if (msg) - dbus_message_unref(msg); - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); - close: - if (fd != -1) - close(fd); - } - - int - systemd_logind_controls_session(void) - { - return logind_info.session ? 1 : 0; - } - - void - systemd_logind_vtenter(void) - { - struct systemd_logind_info *info = &logind_info; - InputInfoPtr pInfo; - int i; - - if (!info->session) - return; /* Not using systemd-logind */ -@@ -262,61 +260,61 @@ systemd_logind_vtenter(void) - - /* Do delayed input probing, this must be done after the above enabling */ - xf86InputEnableVTProbe(); - } - - static void - systemd_logind_ack_pause(struct systemd_logind_info *info, - dbus_int32_t minor, dbus_int32_t major) - { - DBusError error; - DBusMessage *msg = NULL; - DBusMessage *reply = NULL; - - dbus_error_init(&error); - - msg = dbus_message_new_method_call("org.freedesktop.login1", info->session, - "org.freedesktop.login1.Session", "PauseDeviceComplete"); - if (!msg) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major, - DBUS_TYPE_UINT32, &minor, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) - LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n", - error.message); - - cleanup: - if (msg) - dbus_message_unref(msg); - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); - } - - static DBusHandlerResult - message_filter(DBusConnection * connection, DBusMessage * message, void *data) - { - struct systemd_logind_info *info = data; - struct xf86_platform_device *pdev = NULL; - InputInfoPtr pInfo = NULL; - int ack = 0, pause = 0, fd = -1; - DBusError error; - dbus_int32_t major, minor; - char *pause_str; - - if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - dbus_error_init(&error); - - if (dbus_message_is_signal(message, - "org.freedesktop.DBus", "NameOwnerChanged")) { -@@ -430,96 +428,96 @@ message_filter(DBusConnection * connection, DBusMessage * message, void *data) - } - - static void - connect_hook(DBusConnection *connection, void *data) - { - struct systemd_logind_info *info = data; - DBusError error; - DBusMessage *msg = NULL; - DBusMessage *reply = NULL; - dbus_int32_t arg; - char *session = NULL; - - dbus_error_init(&error); - - msg = dbus_message_new_method_call("org.freedesktop.login1", - "/org/freedesktop/login1", "org.freedesktop.login1.Manager", - "GetSessionByPID"); - if (!msg) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - arg = getpid(); - if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &arg, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(connection, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: failed to get session: %s\n", - error.message); - goto cleanup; - } - dbus_message_unref(msg); - - if (!dbus_message_get_args(reply, &error, DBUS_TYPE_OBJECT_PATH, &session, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: GetSessionByPID: %s\n", - error.message); - goto cleanup; - } - session = XNFstrdup(session); - - dbus_message_unref(reply); - reply = NULL; - - - msg = dbus_message_new_method_call("org.freedesktop.login1", - session, "org.freedesktop.login1.Session", "TakeControl"); - if (!msg) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - arg = FALSE; /* Don't forcibly take over over the session */ - if (!dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &arg, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(connection, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: TakeControl failed: %s\n", - error.message); - goto cleanup; - } - - dbus_bus_add_match(connection, - "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus'", - &error); - if (dbus_error_is_set(&error)) { - LogMessage(X_ERROR, "systemd-logind: could not add match: %s\n", - error.message); - goto cleanup; - } - - /* - * HdG: This is not useful with systemd <= 208 since the signal only - * contains invalidated property names there, rather than property, val - * pairs as it should. Instead we just use the first resume / pause now. - */ - #if 0 - snprintf(match, sizeof(match), - "type='signal',sender='org.freedesktop.login1',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged',path='%s'", - session); - dbus_bus_add_match(connection, match, &error); - if (dbus_error_is_set(&error)) { - LogMessage(X_ERROR, "systemd-logind: could not add match: %s\n", - error.message); - goto cleanup; - } -@@ -537,61 +535,61 @@ connect_hook(DBusConnection *connection, void *data) - info->session = session; - info->vt_active = info->active = TRUE; /* The server owns the vt during init */ - session = NULL; - - cleanup: - free(session); - if (msg) - dbus_message_unref(msg); - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); - } - - static void - systemd_logind_release_control(struct systemd_logind_info *info) - { - DBusError error; - DBusMessage *msg = NULL; - DBusMessage *reply = NULL; - - dbus_error_init(&error); - - msg = dbus_message_new_method_call("org.freedesktop.login1", - info->session, "org.freedesktop.login1.Session", "ReleaseControl"); - if (!msg) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, -- DBUS_TIMEOUT, &error); -+ DBUS_TIMEOUT_USE_DEFAULT, &error); - if (!reply) { - LogMessage(X_ERROR, "systemd-logind: ReleaseControl failed: %s\n", - error.message); - goto cleanup; - } - - cleanup: - if (msg) - dbus_message_unref(msg); - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); - } - - static void - disconnect_hook(void *data) - { - struct systemd_logind_info *info = data; - - free(info->session); - info->session = NULL; - info->conn = NULL; - } - - static struct dbus_core_hook core_hook = { - .connect = connect_hook, - .disconnect = disconnect_hook, - .data = &logind_info, - }; - --- -2.3.3
\ No newline at end of file diff --git a/xorg-server-hwcursor-gamma/systemd-logind-filter-out-non-signal-messages-from.patch b/xorg-server-hwcursor-gamma/systemd-logind-filter-out-non-signal-messages-from.patch deleted file mode 100644 index af319c5..0000000 --- a/xorg-server-hwcursor-gamma/systemd-logind-filter-out-non-signal-messages-from.patch +++ /dev/null @@ -1,90 +0,0 @@ -From e90798c142dedc4fd296936b69fe34a40d0aa35a Mon Sep 17 00:00:00 2001 -From: Ray Strode <rstrode@redhat.com> -Date: Fri, 10 Apr 2015 14:19:50 -0400 -Subject: [PATCH] systemd-logind: filter out non-signal messages from message - filter - -It's possible to receive a message reply in the message filter if a -previous message call timed out locally before the reply arrived. - -The message_filter function only handles signals, at the moment, and -does not properly handle message replies. - -This commit changes the message_filter function to filter out all -non-signal messages, including spurious message replies. - -https://bugzilla.redhat.com/show_bug.cgi?id=1209347 ---- - hw/xfree86/os-support/linux/systemd-logind.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c -index 49758f4..57c87c0 100644 ---- a/hw/xfree86/os-support/linux/systemd-logind.c -+++ b/hw/xfree86/os-support/linux/systemd-logind.c -@@ -286,60 +286,63 @@ systemd_logind_ack_pause(struct systemd_logind_info *info, - DBUS_TYPE_INVALID)) { - LogMessage(X_ERROR, "systemd-logind: out of memory\n"); - goto cleanup; - } - - reply = dbus_connection_send_with_reply_and_block(info->conn, msg, - DBUS_TIMEOUT, &error); - if (!reply) - LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n", - error.message); - - cleanup: - if (msg) - dbus_message_unref(msg); - if (reply) - dbus_message_unref(reply); - dbus_error_free(&error); - } - - static DBusHandlerResult - message_filter(DBusConnection * connection, DBusMessage * message, void *data) - { - struct systemd_logind_info *info = data; - struct xf86_platform_device *pdev = NULL; - InputInfoPtr pInfo = NULL; - int ack = 0, pause = 0, fd = -1; - DBusError error; - dbus_int32_t major, minor; - char *pause_str; - -+ if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL) -+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -+ - dbus_error_init(&error); - - if (dbus_message_is_signal(message, - "org.freedesktop.DBus", "NameOwnerChanged")) { - char *name, *old_owner, *new_owner; - - dbus_message_get_args(message, &error, - DBUS_TYPE_STRING, &name, - DBUS_TYPE_STRING, &old_owner, - DBUS_TYPE_STRING, &new_owner, DBUS_TYPE_INVALID); - if (dbus_error_is_set(&error)) { - LogMessage(X_ERROR, "systemd-logind: NameOwnerChanged: %s\n", - error.message); - dbus_error_free(&error); - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - } - - if (name && strcmp(name, "org.freedesktop.login1") == 0) - FatalError("systemd-logind disappeared (stopped/restarted?)\n"); - - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - } - - if (strcmp(dbus_message_get_path(message), info->session) != 0) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - if (dbus_message_is_signal(message, "org.freedesktop.login1.Session", - "PauseDevice")) { - if (!dbus_message_get_args(message, &error, - DBUS_TYPE_UINT32, &major, --- -2.3.3
\ No newline at end of file diff --git a/xorg-server-hwcursor-gamma/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch b/xorg-server-hwcursor-gamma/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch deleted file mode 100644 index 02dbaf2..0000000 --- a/xorg-server-hwcursor-gamma/v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/os/xdmcp.c b/os/xdmcp.c -index b6e97c9..0e9e625 100644 ---- a/os/xdmcp.c -+++ b/os/xdmcp.c -@@ -1409,8 +1409,16 @@ recv_alive_msg(unsigned length) - static void - XdmcpFatal(const char *type, ARRAY8Ptr status) - { -- FatalError("XDMCP fatal error: %s %*.*s\n", type, -- status->length, status->length, status->data); -+ char *error_message; -+ -+ /* error_message is leaked, but that's fine, we're aborting */ -+ error_message = malloc (status->length + 1); -+ if (!error_message) -+ FatalError("XDMCP fatal error: %s", type); -+ -+ memcpy(error_message, status->data, status->length); -+ error_message[status->length] = '\0'; -+ FatalError("XDMCP fatal error: %s %s\n", type, error_message); - } - - static void |