rpms/xorg-x11-server
7
0
Fork 0
Code Issues Pull Requests Releases Activity

xserver 1.17.2

Browse Source
This commit is contained in:
Adam Jackson 2015-06-16 12:45:00 -04:00
parent 9922a5c28a
commit 0a05356996
14 changed files with 6 additions and 1517 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
0001-glamor-don-t-do-render-ops-with-matching-source-dest.patch
View File

@ -1,71 +0,0 @@
From dd94c65ecc8b36617566df7db5b5ec2378ea96d8 Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Thu, 28 May 2015 05:30:01 +0000
Subject: [PATCH] glamor: don't do render ops with matching source/dest (v2)
XRender defines this, GL really doesn't like it.
kwin 4.x and qt 4.x seem to make this happen for the
gradient in the titlebar, and on radeonsi/r600 hw
this draws all kinds of wrong.
v2: bump this up a level, and check it earlier.
(I assume the XXXX was for this case.)
Signed-off-by: Dave Airlie <airlied@redhat.com>
---
glamor/glamor_largepixmap.c | 9 +++++++++
glamor/glamor_render.c | 10 +++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/glamor/glamor_largepixmap.c b/glamor/glamor_largepixmap.c
index 9b24584..b9c3b9a 100644
--- a/glamor/glamor_largepixmap.c
+++ b/glamor/glamor_largepixmap.c
@@ -1046,6 +1046,15 @@ glamor_composite_largepixmap_region(CARD8 op,
int source_repeat_type = 0, mask_repeat_type = 0;
int ok = TRUE;
+ if (source_pixmap_priv == dest_pixmap_priv) {
+ glamor_fallback("source and dest pixmaps are the same\n");
+ return FALSE;
+ }
+ if (mask_pixmap_priv == dest_pixmap_priv) {
+ glamor_fallback("mask and dest pixmaps are the same\n");
+ return FALSE;
+ }
+
if (source->repeat)
source_repeat_type = source->repeatType;
else
diff --git a/glamor/glamor_render.c b/glamor/glamor_render.c
index 2386f2e..d9b16ea 100644
--- a/glamor/glamor_render.c
+++ b/glamor/glamor_render.c
@@ -1400,6 +1400,7 @@ glamor_composite_clipped_region(CARD8 op,
{
ScreenPtr screen = dest->pDrawable->pScreen;
PixmapPtr source_pixmap = NULL, mask_pixmap = NULL;
+ PixmapPtr dest_pixmap = glamor_get_drawable_pixmap(dest->pDrawable);
PicturePtr temp_src = source, temp_mask = mask;
glamor_pixmap_private *temp_src_priv = source_pixmap_priv;
glamor_pixmap_private *temp_mask_priv = mask_pixmap_priv;
@@ -1502,7 +1503,14 @@ glamor_composite_clipped_region(CARD8 op,
}
}
- /*XXXXX, self copy? */
+ if (source_pixmap == dest_pixmap) {
+ glamor_fallback("source and dest pixmaps are the same\n");
+ goto out;
+ }
+ if (mask_pixmap == dest_pixmap) {
+ glamor_fallback("mask and dest pixmaps are the same\n");
+ goto out;
+ }
x_dest += dest->pDrawable->x;
y_dest += dest->pDrawable->y;
--
1.8.3.1

39
0001-include-Fix-endianness-setup.patch
View File

@ -1,39 +0,0 @@
From 1f679da30a33f3ddad14bc6b2be0795160ae12b8 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Thu, 9 Apr 2015 10:19:13 -0400
Subject: [PATCH] include: Fix endianness setup
Need to make sure X_{BIG,LITTLE}_ENDIAN actually get defined
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
include/dix-config.h.in | 1 +
include/xorg-server.h.in | 1 +
2 files changed, 2 insertions(+)
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 1aa77a5..5e53c00 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -499,6 +499,7 @@
/* byte order */
#undef X_BYTE_ORDER
+#include <X11/Xarch.h>
/* Listen on TCP socket */
#undef LISTEN_TCP
diff --git a/include/xorg-server.h.in b/include/xorg-server.h.in
index 4cb9487..de6462a 100644
--- a/include/xorg-server.h.in
+++ b/include/xorg-server.h.in
@@ -233,5 +233,6 @@
/* byte order */
#undef X_BYTE_ORDER
+#include <X11/Xarch.h>
#endif /* _XORG_SERVER_H_ */
--
2.1.0

29
0001-int10-Fix-mapping-the-interrupt-vector.patch
View File

@ -1,29 +0,0 @@
From 2f3267bc017a420854dc98aac1526fb8f11b1874 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 4 Mar 2015 12:44:39 -0500
Subject: [PATCH] int10: Fix mapping the interrupt vector
pci_device_map_legacy returns 0 on success, and an errno value on
failure. It works a lot better if we don't treat 0 as failure.
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
hw/xfree86/int10/generic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c
index 012d194..8d5c4da 100644
--- a/hw/xfree86/int10/generic.c
+++ b/hw/xfree86/int10/generic.c
@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len)
{
void *map;
- if (!pci_device_map_legacy(dev, 0, len, 0, &map))
+ if (pci_device_map_legacy(dev, 0, len, 0, &map))
return FALSE;
memcpy(buf, map, len);
--
1.9.3

42
0001-modesetting-Fix-software-cursor-fallback.patch
View File

@ -1,42 +0,0 @@
From 63e4f22d5fe3d4247cb48c969b5f7f2690665d78 Mon Sep 17 00:00:00 2001
From: Adel Gadllah <adel.gadllah@gmail.com>
Date: Fri, 1 May 2015 17:21:12 +0200
Subject: [PATCH] modesetting: Fix software cursor fallback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code in drmmode_set_cursor does not properly handle the case where
drmModeSetCursor2 returns any other error than EINVAL and silently fails to set
a cursor.
So only return when the drmModeSetCursor2 succeeds (i.e returns 0) and disable
the cursor2 usage on EINVAL.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1205725
Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Reviewed-by: Michel Dänzer <michel@daenzer.net>
---
hw/xfree86/drivers/modesetting/drmmode_display.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c
index 824500b..912abda 100644
--- a/hw/xfree86/drivers/modesetting/drmmode_display.c
+++ b/hw/xfree86/drivers/modesetting/drmmode_display.c
@@ -396,10 +396,10 @@ drmmode_set_cursor(xf86CrtcPtr crtc)
drmModeSetCursor2(drmmode->fd, drmmode_crtc->mode_crtc->crtc_id,
handle, ms->cursor_width, ms->cursor_height,
cursor->bits->xhot, cursor->bits->yhot);
+ if (!ret)
+ return;
if (ret == -EINVAL)
use_set_cursor2 = FALSE;
- else
- return;
}
ret = drmModeSetCursor(drmmode->fd, drmmode_crtc->mode_crtc->crtc_id, handle,
--
2.1.0

34
0001-os-access-fix-regression-in-server-interpreted-auth.patch
View File

@ -1,34 +0,0 @@
From 6b617438442aee010ae69e1134b5a6f34cbdc9fd Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Tue, 17 Feb 2015 14:38:21 +1000
Subject: [PATCH] os/access: fix regression in server interpreted auth
This was reported on irc on Fedora when rawhide went to 1.17.1.
regression occured in: 2566835b4374edb3e5a8353d4f7c9e7ec4851c57
os: Eliminate uninitialized value warnings from access.c
siAddrMatch doesn't need addr to be a useful value, it checks
some things like localuser without having an address at all.
Signed-off-by: Dave Airlie <airlied@redhat.com>
---
os/access.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/os/access.c b/os/access.c
index 28f2d32..8fa028e 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1392,7 +1392,7 @@ InvalidHost(register struct sockaddr *saddr, int len, ClientPtr client)
}
for (host = validhosts; host; host = host->next) {
if (host->family == FamilyServerInterpreted) {
- if (addr && siAddrMatch(family, addr, len, host, client)) {
+ if (siAddrMatch(family, addr, len, host, client)) {
return 0;
}
}
--
1.9.3

48
0001-present-make-unflip-work-when-the-flip-window-is-des.patch
View File

@ -1,48 +0,0 @@
From df3b03e05b5c826584fc75466f404b53844edcf4 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Thu, 5 Feb 2015 14:11:40 -0500
Subject: [PATCH] present: Copy unflip contents back to the Screen Pixmap
As we unflip after the flip Window no longer passes the pixel ownership
test for the full Screen Pixmap, we can no longer utilize that Window to
copy the contents back to the backing pixmap. To first flip means that
the Window was originally backed by the Screen Pixmap and wholly covered
the Pixmap, thus we need to copy the last frame contents to the Screen
Pixmap when the flip chain is complete.
---
present/present.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/present/present.c b/present/present.c
index 8e4829e..a516575 100644
--- a/present/present.c
+++ b/present/present.c
@@ -377,20 +377,20 @@ present_set_tree_pixmap(WindowPtr window, PixmapPtr pixmap)
present_unflip(ScreenPtr screen)
{
present_screen_priv_ptr screen_priv = present_screen_priv(screen);
+ PixmapPtr pixmap = (*screen->GetScreenPixmap)(screen);
assert (!screen_priv->unflip_event_id);
assert (!screen_priv->flip_pending);
if (screen_priv->flip_window)
- present_set_tree_pixmap(screen_priv->flip_window,
- (*screen->GetScreenPixmap)(screen));
+ present_set_tree_pixmap(screen_priv->flip_window, pixmap);
- present_set_tree_pixmap(screen->root, (*screen->GetScreenPixmap)(screen));
+ present_set_tree_pixmap(screen->root, pixmap);
/* Update the screen pixmap with the current flip pixmap contents
*/
if (screen_priv->flip_pixmap && screen_priv->flip_window) {
- present_copy_region(&screen_priv->flip_window->drawable,
+ present_copy_region(&pixmap->drawable,
screen_priv->flip_pixmap,
NULL, 0, 0);
}
--
2.1.0

51
0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
View File

@ -1,51 +0,0 @@
From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 11 Feb 2015 16:26:40 +0100
Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5.
gcc5's cpp inserts patterns like this:
extern
__attribute__((visibility("default")))
int WaitForSomething(int *
);
This patch make sdksyms.sh work with this. Note my awk skills are weak, so
there likely is a better way to deal with this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
hw/xfree86/sdksyms.sh | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh
index 2305073..99b0cae 100755
--- a/hw/xfree86/sdksyms.sh
+++ b/hw/xfree86/sdksyms.sh
@@ -350,6 +350,23 @@ BEGIN {
if (sdk) {
n = 3;
+ # detect the following gcc5 cpp pattern and skip it:
+ # extern
+ # # 320 "../../include/os.h" 3 4
+ # __attribute__((visibility("default")))
+ # # 320 "../../include/os.h"
+ # Note in this case the "extern " or "extern void " always has
+ # a trailing space
+ if ($0 ~ "^extern.* $") {
+ getline;
+ getline;
+ getline;
+ getline;
+ n = 1;
+ while ($n == " ")
+ n++;
+ }
+
# skip attribute, if any
while ($n ~ /^(__attribute__|__global)/ ||
# skip modifiers, if any
--
2.1.0

90
0001-xwayland-Enable-access-control-on-open-sockets-CVE-2.patch
View File

@ -1,90 +0,0 @@
From d80ec479f17bf0931b9332b4f3959c19ec62aba1 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 23 Apr 2015 14:10:23 -0400
Subject: [PATCH 1/3] xwayland: Enable access control on open sockets
[CVE-2015-3164 1/3]
Xwayland currently allows wide-open access to the X sockets
it listens on, ignoring Xauth access control.
This commit makes sure to enable access control on the sockets,
so one user can't snoop on another user's X-over-wayland
applications.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
hw/xwayland/xwayland.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index 7e8d667..c5bee77 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -456,61 +456,61 @@ block_handler(void *data, struct timeval **tv, void *read_mask)
FatalError("failed to dispatch Wayland events: %s\n",
strerror(errno));
}
xwl_screen->prepare_read = 1;
ret = wl_display_flush(xwl_screen->display);
if (ret == -1)
FatalError("failed to write to XWayland fd: %s\n", strerror(errno));
}
static CARD32
add_client_fd(OsTimerPtr timer, CARD32 time, void *arg)
{
struct xwl_screen *xwl_screen = arg;
if (!AddClientOnOpenFD(xwl_screen->wm_fd))
FatalError("Failed to add wm client\n");
TimerFree(timer);
return 0;
}
static void
listen_on_fds(struct xwl_screen *xwl_screen)
{
int i;
for (i = 0; i < xwl_screen->listen_fd_count; i++)
- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
}
static void
wm_selection_callback(CallbackListPtr *p, void *data, void *arg)
{
SelectionInfoRec *info = arg;
struct xwl_screen *xwl_screen = data;
static const char atom_name[] = "WM_S0";
static Atom atom_wm_s0;
if (atom_wm_s0 == None)
atom_wm_s0 = MakeAtom(atom_name, strlen(atom_name), TRUE);
if (info->selection->selection != atom_wm_s0 ||
info->kind != SelectionSetOwner)
return;
listen_on_fds(xwl_screen);
DeleteCallback(&SelectionCallback, wm_selection_callback, xwl_screen);
}
static Bool
xwl_screen_init(ScreenPtr pScreen, int argc, char **argv)
{
struct xwl_screen *xwl_screen;
Pixel red_mask, blue_mask, green_mask;
int ret, bpc, green_bpc, i;
xwl_screen = calloc(sizeof *xwl_screen, 1);
if (xwl_screen == NULL)
--
2.3.7

484
0002-os-support-new-implicit-local-user-access-mode-CVE-2.patch
View File

@ -1,484 +0,0 @@
From 6003510f40dd64f8cd1c060b6fd5ca40d48d3e6d Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 23 Apr 2015 15:36:09 -0400
Subject: [PATCH 2/3] os: support new implicit local user access mode
[CVE-2015-3164 2/3]
If the X server is started without a '-auth' argument, then
it gets started wide open to all local users on the system.
This isn't a great default access model, but changing it in
Xorg at this point would break backward compatibility.
Xwayland, on the other hand is new, and much more targeted
in scope. It could, in theory, be changed to allow the much
more secure default of a "user who started X server can connect
clients to that server."
This commit paves the way for that change, by adding a mechanism
for DDXs to opt-in to that behavior. They merely need to call
LocalAccessScopeUser()
in their init functions.
A subsequent commit will add that call for Xwayland.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
include/os.h | 17 ++++++++++
os/access.c | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
os/auth.c | 8 ++---
3 files changed, 130 insertions(+), 4 deletions(-)
diff --git a/include/os.h b/include/os.h
index 3e68c49..3c3954f 100644
--- a/include/os.h
+++ b/include/os.h
@@ -386,65 +386,82 @@ InvalidHost(sockaddrPtr /*saddr */ , int /*len */ , ClientPtr client);
#define LCC_ZID_SET (1 << 3)
typedef struct {
int fieldsSet; /* Bit mask of fields set */
int euid; /* Effective uid */
int egid; /* Primary effective group id */
int nSuppGids; /* Number of supplementary group ids */
int *pSuppGids; /* Array of supplementary group ids */
int pid; /* Process id */
int zoneid; /* Only set on Solaris 10 & later */
} LocalClientCredRec;
extern _X_EXPORT int
GetLocalClientCreds(ClientPtr, LocalClientCredRec **);
extern _X_EXPORT void
FreeLocalClientCreds(LocalClientCredRec *);
extern _X_EXPORT int
ChangeAccessControl(ClientPtr /*client */ , int /*fEnabled */ );
extern _X_EXPORT int
GetAccessControl(void);
extern _X_EXPORT void
AddLocalHosts(void);
extern _X_EXPORT void
ResetHosts(const char *display);
extern _X_EXPORT void
+EnableLocalAccess(void);
+
+extern _X_EXPORT void
+DisableLocalAccess(void);
+
+extern _X_EXPORT void
EnableLocalHost(void);
extern _X_EXPORT void
DisableLocalHost(void);
+#ifndef NO_LOCAL_CLIENT_CRED
+extern _X_EXPORT void
+EnableLocalUser(void);
+
+extern _X_EXPORT void
+DisableLocalUser(void);
+
+extern _X_EXPORT void
+LocalAccessScopeUser(void);
+#endif
+
extern _X_EXPORT void
AccessUsingXdmcp(void);
extern _X_EXPORT void
DefineSelf(int /*fd */ );
#if XDMCP
extern _X_EXPORT void
AugmentSelf(void *from, int len);
extern _X_EXPORT void
RegisterAuthorizations(void);
#endif
extern _X_EXPORT void
InitAuthorization(const char * /*filename */ );
/* extern int LoadAuthorization(void); */
extern _X_EXPORT int
AuthorizationFromID(XID id,
unsigned short *name_lenp,
const char **namep,
unsigned short *data_lenp, char **datap);
extern _X_EXPORT XID
CheckAuthorization(unsigned int /*namelength */ ,
const char * /*name */ ,
unsigned int /*datalength */ ,
const char * /*data */ ,
diff --git a/os/access.c b/os/access.c
index 28f2d32..c9f8a1f 100644
--- a/os/access.c
+++ b/os/access.c
@@ -75,60 +75,64 @@ SOFTWARE.
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
#ifdef HAVE_DIX_CONFIG_H
#include <dix-config.h>
#endif
#ifdef WIN32
#include <X11/Xwinsock.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#define XSERV_t
#define TRANS_SERVER
#define TRANS_REOPEN
#include <X11/Xtrans/Xtrans.h>
#include <X11/Xauth.h>
#include <X11/X.h>
#include <X11/Xproto.h>
#include "misc.h"
#include "site.h"
#include <errno.h>
#include <sys/types.h>
#ifndef WIN32
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <ctype.h>
+#ifndef NO_LOCAL_CLIENT_CRED
+#include <pwd.h>
+#endif
+
#if defined(TCPCONN) || defined(STREAMSCONN)
#include <netinet/in.h>
#endif /* TCPCONN || STREAMSCONN */
#ifdef HAVE_GETPEERUCRED
#include <ucred.h>
#ifdef sun
#include <zone.h>
#endif
#endif
#if defined(SVR4) || (defined(SYSV) && defined(__i386__)) || defined(__GNU__)
#include <sys/utsname.h>
#endif
#if defined(SYSV) && defined(__i386__)
#include <sys/stream.h>
#endif
#ifdef __GNU__
#undef SIOCGIFCONF
#include <netdb.h>
#else /*!__GNU__ */
#include <net/if.h>
#endif /*__GNU__ */
#ifdef SVR4
#include <sys/sockio.h>
#include <sys/stropts.h>
#endif
#include <netdb.h>
@@ -198,97 +202,202 @@ static Bool NewHost(int /*family */ ,
int /* addingLocalHosts */ );
/* XFree86 bug #156: To keep track of which hosts were explicitly requested in
/etc/X<display>.hosts, we've added a requested field to the HOST struct,
and a LocalHostRequested variable. These default to FALSE, but are set
to TRUE in ResetHosts when reading in /etc/X<display>.hosts. They are
checked in DisableLocalHost(), which is called to disable the default
local host entries when stronger authentication is turned on. */
typedef struct _host {
short family;
short len;
unsigned char *addr;
struct _host *next;
int requested;
} HOST;
#define MakeHost(h,l) (h)=malloc(sizeof *(h)+(l));\
if (h) { \
(h)->addr=(unsigned char *) ((h) + 1);\
(h)->requested = FALSE; \
}
#define FreeHost(h) free(h)
static HOST *selfhosts = NULL;
static HOST *validhosts = NULL;
static int AccessEnabled = DEFAULT_ACCESS_CONTROL;
static int LocalHostEnabled = FALSE;
static int LocalHostRequested = FALSE;
static int UsingXdmcp = FALSE;
+static enum {
+ LOCAL_ACCESS_SCOPE_HOST = 0,
+#ifndef NO_LOCAL_CLIENT_CRED
+ LOCAL_ACCESS_SCOPE_USER,
+#endif
+} LocalAccessScope;
+
/* FamilyServerInterpreted implementation */
static Bool siAddrMatch(int family, void *addr, int len, HOST * host,
ClientPtr client);
static int siCheckAddr(const char *addrString, int length);
static void siTypesInitialize(void);
/*
* called when authorization is not enabled to add the
* local host to the access list
*/
void
+EnableLocalAccess(void)
+{
+ switch (LocalAccessScope) {
+ case LOCAL_ACCESS_SCOPE_HOST:
+ EnableLocalHost();
+ break;
+#ifndef NO_LOCAL_CLIENT_CRED
+ case LOCAL_ACCESS_SCOPE_USER:
+ EnableLocalUser();
+ break;
+#endif
+ }
+}
+
+void
EnableLocalHost(void)
{
if (!UsingXdmcp) {
LocalHostEnabled = TRUE;
AddLocalHosts();
}
}
/*
* called when authorization is enabled to keep us secure
*/
void
+DisableLocalAccess(void)
+{
+ switch (LocalAccessScope) {
+ case LOCAL_ACCESS_SCOPE_HOST:
+ DisableLocalHost();
+ break;
+#ifndef NO_LOCAL_CLIENT_CRED
+ case LOCAL_ACCESS_SCOPE_USER:
+ DisableLocalUser();
+ break;
+#endif
+ }
+}
+
+void
DisableLocalHost(void)
{
HOST *self;
if (!LocalHostRequested) /* Fix for XFree86 bug #156 */
LocalHostEnabled = FALSE;
for (self = selfhosts; self; self = self->next) {
if (!self->requested) /* Fix for XFree86 bug #156 */
(void) RemoveHost((ClientPtr) NULL, self->family, self->len,
(void *) self->addr);
}
}
+#ifndef NO_LOCAL_CLIENT_CRED
+static int GetLocalUserAddr(char **addr)
+{
+ static const char *type = "localuser";
+ static const char delimiter = '\0';
+ static const char *value;
+ struct passwd *pw;
+ int length = -1;
+
+ pw = getpwuid(getuid());
+
+ if (pw == NULL || pw->pw_name == NULL)
+ goto out;
+
+ value = pw->pw_name;
+
+ length = asprintf(addr, "%s%c%s", type, delimiter, value);
+
+ if (length == -1) {
+ goto out;
+ }
+
+ /* Trailing NUL */
+ length++;
+
+out:
+ return length;
+}
+
+void
+EnableLocalUser(void)
+{
+ char *addr = NULL;
+ int length = -1;
+
+ length = GetLocalUserAddr(&addr);
+
+ if (length == -1)
+ return;
+
+ NewHost(FamilyServerInterpreted, addr, length, TRUE);
+
+ free(addr);
+}
+
+void
+DisableLocalUser(void)
+{
+ char *addr = NULL;
+ int length = -1;
+
+ length = GetLocalUserAddr(&addr);
+
+ if (length == -1)
+ return;
+
+ RemoveHost(NULL, FamilyServerInterpreted, length, addr);
+
+ free(addr);
+}
+
+void
+LocalAccessScopeUser(void)
+{
+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER;
+}
+#endif
+
/*
* called at init time when XDMCP will be used; xdmcp always
* adds local hosts manually when needed
*/
void
AccessUsingXdmcp(void)
{
UsingXdmcp = TRUE;
LocalHostEnabled = FALSE;
}
#if defined(SVR4) && !defined(sun) && defined(SIOCGIFCONF) && !defined(USE_SIOCGLIFCONF)
/* Deal with different SIOCGIFCONF ioctl semantics on these OSs */
static int
ifioctl(int fd, int cmd, char *arg)
{
struct strioctl ioc;
int ret;
memset((char *) &ioc, 0, sizeof(ioc));
ioc.ic_cmd = cmd;
ioc.ic_timout = 0;
if (cmd == SIOCGIFCONF) {
ioc.ic_len = ((struct ifconf *) arg)->ifc_len;
ioc.ic_dp = ((struct ifconf *) arg)->ifc_buf;
}
else {
diff --git a/os/auth.c b/os/auth.c
index 5fcb538..7da6fc6 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -154,78 +154,78 @@ RegisterAuthorizations(void)
(int) protocols[i].name_length);
}
#endif
XID
CheckAuthorization(unsigned int name_length,
const char *name,
unsigned int data_length,
const char *data, ClientPtr client, const char **reason)
{ /* failure message. NULL for default msg */
int i;
struct stat buf;
static time_t lastmod = 0;
static Bool loaded = FALSE;
if (!authorization_file || stat(authorization_file, &buf)) {
if (lastmod != 0) {
lastmod = 0;
ShouldLoadAuth = TRUE; /* stat lost, so force reload */
}
}
else if (buf.st_mtime > lastmod) {
lastmod = buf.st_mtime;
ShouldLoadAuth = TRUE;
}
if (ShouldLoadAuth) {
int loadauth = LoadAuthorization();
/*
* If the authorization file has at least one entry for this server,
- * disable local host access. (loadauth > 0)
+ * disable local access. (loadauth > 0)
*
* If there are zero entries (either initially or when the
* authorization file is later reloaded), or if a valid
- * authorization file was never loaded, enable local host access.
+ * authorization file was never loaded, enable local access.
* (loadauth == 0 || !loaded)
*
* If the authorization file was loaded initially (with valid
* entries for this server), and reloading it later fails, don't
* change anything. (loadauth == -1 && loaded)
*/
if (loadauth > 0) {
- DisableLocalHost(); /* got at least one */
+ DisableLocalAccess(); /* got at least one */
loaded = TRUE;
}
else if (loadauth == 0 || !loaded)
- EnableLocalHost();
+ EnableLocalAccess();
}
if (name_length) {
for (i = 0; i < NUM_AUTHORIZATION; i++) {
if (protocols[i].name_length == name_length &&
memcmp(protocols[i].name, name, (int) name_length) == 0) {
return (*protocols[i].Check) (data_length, data, client,
reason);
}
*reason = "Protocol not supported by server\n";
}
}
else
*reason = "No protocol specified\n";
return (XID) ~0L;
}
void
ResetAuthorization(void)
{
int i;
for (i = 0; i < NUM_AUTHORIZATION; i++)
if (protocols[i].Reset)
(*protocols[i].Reset) ();
ShouldLoadAuth = TRUE;
}
int
AuthorizationFromID(XID id,
unsigned short *name_lenp,
--
2.3.7

63
0003-xwayland-default-to-local-user-if-no-xauth-file-give.patch
View File

@ -1,63 +0,0 @@
From fc11a1d595222932af192e7aef551b98cd3393f2 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 23 Apr 2015 15:39:50 -0400
Subject: [PATCH 3/3] xwayland: default to local user if no xauth file given.
[CVE-2015-3164 3/3]
Right now if "-auth" isn't passed on the command line, we let
any user on the system connect to the Xwayland server.
That's clearly suboptimal, given Xwayland is generally designed
to be used by one user at a time.
This commit changes the behavior, so only the user who started the
X server can connect clients to it.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
hw/xwayland/xwayland.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index c5bee77..bc92beb 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -675,31 +675,33 @@ static const ExtensionModule xwayland_extensions[] = {
void
InitOutput(ScreenInfo * screen_info, int argc, char **argv)
{
int depths[] = { 1, 4, 8, 15, 16, 24, 32 };
int bpp[] = { 1, 8, 8, 16, 16, 32, 32 };
int i;
for (i = 0; i < ARRAY_SIZE(depths); i++) {
screen_info->formats[i].depth = depths[i];
screen_info->formats[i].bitsPerPixel = bpp[i];
screen_info->formats[i].scanlinePad = BITMAP_SCANLINE_PAD;
}
screen_info->imageByteOrder = IMAGE_BYTE_ORDER;
screen_info->bitmapScanlineUnit = BITMAP_SCANLINE_UNIT;
screen_info->bitmapScanlinePad = BITMAP_SCANLINE_PAD;
screen_info->bitmapBitOrder = BITMAP_BIT_ORDER;
screen_info->numPixmapFormats = ARRAY_SIZE(depths);
LoadExtensionList(xwayland_extensions,
ARRAY_SIZE(xwayland_extensions), FALSE);
/* Cast away warning from missing printf annotation for
* wl_log_func_t. Wayland 1.5 will have the annotation, so we can
* remove the cast and require that when it's released. */
wl_log_set_handler_client((void *) xwl_log_handler);
if (AddScreen(xwl_screen_init, argc, argv) == -1) {
FatalError("Couldn't add screen\n");
}
+
+ LocalAccessScopeUser();
}
--
2.3.7

2
sources
View File

@ -1 +1 @@
5986510d59e394a50126a8e2833e79d3 xorg-server-1.17.1.tar.bz2 397e405566651150490ff493e463f1ad xorg-server-1.17.2.tar.bz2

446
systemd-logind-dont-second-guess-D-Bus-default-tim.patch
View File

@ -1,446 +0,0 @@
From 89250c82a01062775f8f840737a757125138fbce Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 10 Apr 2015 14:19:50 -0400
Subject: [PATCH] systemd-logind: don't second guess D-Bus default timeout
At the moment, the X server uses a non-default timeout for D-Bus
messages to systemd-logind. The only timeouts normally used with
D-Bus are:
1) Infinite
2) Default
Anything else is just as arbitrary as Default, and so rarely makes
sense to use instead of Default.
Put another way, there's little reason to be fault tolerant against
a local root running daemon (logind), that in some configurations, the
X server already depends on for proper functionality.
This commit changes systemd-logind to just use the default timeouts.
https://bugzilla.redhat.com/show_bug.cgi?id=1209347
---
hw/xfree86/os-support/linux/systemd-logind.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c
index 57c87c0..4ad41a3 100644
--- a/hw/xfree86/os-support/linux/systemd-logind.c
+++ b/hw/xfree86/os-support/linux/systemd-logind.c
@@ -13,62 +13,60 @@
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
* Author: Hans de Goede <hdegoede@redhat.com>
*/
#ifdef HAVE_XORG_CONFIG_H
#include <xorg-config.h>
#endif
#include <dbus/dbus.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include "os.h"
#include "dbus-core.h"
#include "xf86.h"
#include "xf86platformBus.h"
#include "xf86Xinput.h"
#include "systemd-logind.h"
-#define DBUS_TIMEOUT 500 /* Wait max 0.5 seconds */
-
struct systemd_logind_info {
DBusConnection *conn;
char *session;
Bool active;
Bool vt_active;
};
static struct systemd_logind_info logind_info;
static InputInfoPtr
systemd_logind_find_info_ptr_by_devnum(InputInfoPtr start,
int major, int minor)
{
InputInfoPtr pInfo;
for (pInfo = start; pInfo; pInfo = pInfo->next)
if (pInfo->major == major && pInfo->minor == minor &&
(pInfo->flags & XI86_SERVER_FD))
return pInfo;
return NULL;
}
static void
systemd_logind_set_input_fd_for_all_devs(int major, int minor, int fd,
Bool enable)
{
InputInfoPtr pInfo;
pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor);
@@ -103,61 +101,61 @@ systemd_logind_take_fd(int _major, int _minor, const char *path,
if (strstr(path, "mouse"))
return -1;
/* Check if we already have an InputInfo entry with this major, minor
* (shared device-nodes happen ie with Wacom tablets). */
pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor);
if (pInfo) {
LogMessage(X_INFO, "systemd-logind: returning pre-existing fd for %s %u:%u\n",
path, major, minor);
*paused_ret = FALSE;
return pInfo->fd;
}
dbus_error_init(&error);
msg = dbus_message_new_method_call("org.freedesktop.login1", info->session,
"org.freedesktop.login1.Session", "TakeDevice");
if (!msg) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major,
DBUS_TYPE_UINT32, &minor,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(info->conn, msg,
- DBUS_TIMEOUT, &error);
+ DBUS_TIMEOUT_USE_DEFAULT, &error);
if (!reply) {
LogMessage(X_ERROR, "systemd-logind: failed to take device %s: %s\n",
path, error.message);
goto cleanup;
}
if (!dbus_message_get_args(reply, &error,
DBUS_TYPE_UNIX_FD, &fd,
DBUS_TYPE_BOOLEAN, &paused,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: TakeDevice %s: %s\n",
path, error.message);
goto cleanup;
}
*paused_ret = paused;
LogMessage(X_INFO, "systemd-logind: got fd for %s %u:%u fd %d paused %d\n",
path, major, minor, fd, paused);
cleanup:
if (msg)
dbus_message_unref(msg);
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
return fd;
}
@@ -180,61 +178,61 @@ systemd_logind_release_fd(int _major, int _minor, int fd)
* and minor, otherwise other InputInfo's are still referencing the fd. */
pInfo = systemd_logind_find_info_ptr_by_devnum(xf86InputDevs, major, minor);
while (pInfo) {
matches++;
pInfo = systemd_logind_find_info_ptr_by_devnum(pInfo->next, major, minor);
}
if (matches > 1) {
LogMessage(X_INFO, "systemd-logind: not releasing fd for %u:%u, still in use\n", major, minor);
return;
}
LogMessage(X_INFO, "systemd-logind: releasing fd for %u:%u\n", major, minor);
dbus_error_init(&error);
msg = dbus_message_new_method_call("org.freedesktop.login1", info->session,
"org.freedesktop.login1.Session", "ReleaseDevice");
if (!msg) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major,
DBUS_TYPE_UINT32, &minor,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(info->conn, msg,
- DBUS_TIMEOUT, &error);
+ DBUS_TIMEOUT_USE_DEFAULT, &error);
if (!reply)
LogMessage(X_ERROR, "systemd-logind: failed to release device: %s\n",
error.message);
cleanup:
if (msg)
dbus_message_unref(msg);
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
close:
if (fd != -1)
close(fd);
}
int
systemd_logind_controls_session(void)
{
return logind_info.session ? 1 : 0;
}
void
systemd_logind_vtenter(void)
{
struct systemd_logind_info *info = &logind_info;
InputInfoPtr pInfo;
int i;
if (!info->session)
return; /* Not using systemd-logind */
@@ -262,61 +260,61 @@ systemd_logind_vtenter(void)
/* Do delayed input probing, this must be done after the above enabling */
xf86InputEnableVTProbe();
}
static void
systemd_logind_ack_pause(struct systemd_logind_info *info,
dbus_int32_t minor, dbus_int32_t major)
{
DBusError error;
DBusMessage *msg = NULL;
DBusMessage *reply = NULL;
dbus_error_init(&error);
msg = dbus_message_new_method_call("org.freedesktop.login1", info->session,
"org.freedesktop.login1.Session", "PauseDeviceComplete");
if (!msg) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &major,
DBUS_TYPE_UINT32, &minor,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(info->conn, msg,
- DBUS_TIMEOUT, &error);
+ DBUS_TIMEOUT_USE_DEFAULT, &error);
if (!reply)
LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n",
error.message);
cleanup:
if (msg)
dbus_message_unref(msg);
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
}
static DBusHandlerResult
message_filter(DBusConnection * connection, DBusMessage * message, void *data)
{
struct systemd_logind_info *info = data;
struct xf86_platform_device *pdev = NULL;
InputInfoPtr pInfo = NULL;
int ack = 0, pause = 0, fd = -1;
DBusError error;
dbus_int32_t major, minor;
char *pause_str;
if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL)
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
dbus_error_init(&error);
if (dbus_message_is_signal(message,
"org.freedesktop.DBus", "NameOwnerChanged")) {
@@ -430,96 +428,96 @@ message_filter(DBusConnection * connection, DBusMessage * message, void *data)
}
static void
connect_hook(DBusConnection *connection, void *data)
{
struct systemd_logind_info *info = data;
DBusError error;
DBusMessage *msg = NULL;
DBusMessage *reply = NULL;
dbus_int32_t arg;
char *session = NULL;
dbus_error_init(&error);
msg = dbus_message_new_method_call("org.freedesktop.login1",
"/org/freedesktop/login1", "org.freedesktop.login1.Manager",
"GetSessionByPID");
if (!msg) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
arg = getpid();
if (!dbus_message_append_args(msg, DBUS_TYPE_UINT32, &arg,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(connection, msg,
- DBUS_TIMEOUT, &error);
+ DBUS_TIMEOUT_USE_DEFAULT, &error);
if (!reply) {
LogMessage(X_ERROR, "systemd-logind: failed to get session: %s\n",
error.message);
goto cleanup;
}
dbus_message_unref(msg);
if (!dbus_message_get_args(reply, &error, DBUS_TYPE_OBJECT_PATH, &session,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: GetSessionByPID: %s\n",
error.message);
goto cleanup;
}
session = XNFstrdup(session);
dbus_message_unref(reply);
reply = NULL;
msg = dbus_message_new_method_call("org.freedesktop.login1",
session, "org.freedesktop.login1.Session", "TakeControl");
if (!msg) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
arg = FALSE; /* Don't forcibly take over over the session */
if (!dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &arg,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(connection, msg,
- DBUS_TIMEOUT, &error);
+ DBUS_TIMEOUT_USE_DEFAULT, &error);
if (!reply) {
LogMessage(X_ERROR, "systemd-logind: TakeControl failed: %s\n",
error.message);
goto cleanup;
}
dbus_bus_add_match(connection,
"type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus'",
&error);
if (dbus_error_is_set(&error)) {
LogMessage(X_ERROR, "systemd-logind: could not add match: %s\n",
error.message);
goto cleanup;
}
/*
* HdG: This is not useful with systemd <= 208 since the signal only
* contains invalidated property names there, rather than property, val
* pairs as it should. Instead we just use the first resume / pause now.
*/
#if 0
snprintf(match, sizeof(match),
"type='signal',sender='org.freedesktop.login1',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged',path='%s'",
session);
dbus_bus_add_match(connection, match, &error);
if (dbus_error_is_set(&error)) {
LogMessage(X_ERROR, "systemd-logind: could not add match: %s\n",
error.message);
goto cleanup;
}
@@ -537,61 +535,61 @@ connect_hook(DBusConnection *connection, void *data)
info->session = session;
info->vt_active = info->active = TRUE; /* The server owns the vt during init */
session = NULL;
cleanup:
free(session);
if (msg)
dbus_message_unref(msg);
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
}
static void
systemd_logind_release_control(struct systemd_logind_info *info)
{
DBusError error;
DBusMessage *msg = NULL;
DBusMessage *reply = NULL;
dbus_error_init(&error);
msg = dbus_message_new_method_call("org.freedesktop.login1",
info->session, "org.freedesktop.login1.Session", "ReleaseControl");
if (!msg) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(info->conn, msg,
- DBUS_TIMEOUT, &error);
+ DBUS_TIMEOUT_USE_DEFAULT, &error);
if (!reply) {
LogMessage(X_ERROR, "systemd-logind: ReleaseControl failed: %s\n",
error.message);
goto cleanup;
}
cleanup:
if (msg)
dbus_message_unref(msg);
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
}
static void
disconnect_hook(void *data)
{
struct systemd_logind_info *info = data;
free(info->session);
info->session = NULL;
info->conn = NULL;
}
static struct dbus_core_hook core_hook = {
.connect = connect_hook,
.disconnect = disconnect_hook,
.data = &logind_info,
};
--
2.3.3

90
systemd-logind-filter-out-non-signal-messages-from.patch
View File

@ -1,90 +0,0 @@
From e90798c142dedc4fd296936b69fe34a40d0aa35a Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 10 Apr 2015 14:19:50 -0400
Subject: [PATCH] systemd-logind: filter out non-signal messages from message
filter
It's possible to receive a message reply in the message filter if a
previous message call timed out locally before the reply arrived.
The message_filter function only handles signals, at the moment, and
does not properly handle message replies.
This commit changes the message_filter function to filter out all
non-signal messages, including spurious message replies.
https://bugzilla.redhat.com/show_bug.cgi?id=1209347
---
hw/xfree86/os-support/linux/systemd-logind.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c
index 49758f4..57c87c0 100644
--- a/hw/xfree86/os-support/linux/systemd-logind.c
+++ b/hw/xfree86/os-support/linux/systemd-logind.c
@@ -286,60 +286,63 @@ systemd_logind_ack_pause(struct systemd_logind_info *info,
DBUS_TYPE_INVALID)) {
LogMessage(X_ERROR, "systemd-logind: out of memory\n");
goto cleanup;
}
reply = dbus_connection_send_with_reply_and_block(info->conn, msg,
DBUS_TIMEOUT, &error);
if (!reply)
LogMessage(X_ERROR, "systemd-logind: failed to ack pause: %s\n",
error.message);
cleanup:
if (msg)
dbus_message_unref(msg);
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
}
static DBusHandlerResult
message_filter(DBusConnection * connection, DBusMessage * message, void *data)
{
struct systemd_logind_info *info = data;
struct xf86_platform_device *pdev = NULL;
InputInfoPtr pInfo = NULL;
int ack = 0, pause = 0, fd = -1;
DBusError error;
dbus_int32_t major, minor;
char *pause_str;
+ if (dbus_message_get_type (message) != DBUS_MESSAGE_TYPE_SIGNAL)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
dbus_error_init(&error);
if (dbus_message_is_signal(message,
"org.freedesktop.DBus", "NameOwnerChanged")) {
char *name, *old_owner, *new_owner;
dbus_message_get_args(message, &error,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_STRING, &old_owner,
DBUS_TYPE_STRING, &new_owner, DBUS_TYPE_INVALID);
if (dbus_error_is_set(&error)) {
LogMessage(X_ERROR, "systemd-logind: NameOwnerChanged: %s\n",
error.message);
dbus_error_free(&error);
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
}
if (name && strcmp(name, "org.freedesktop.login1") == 0)
FatalError("systemd-logind disappeared (stopped/restarted?)\n");
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
}
if (strcmp(dbus_message_get_path(message), info->session) != 0)
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
if (dbus_message_is_signal(message, "org.freedesktop.login1.Session",
"PauseDevice")) {
if (!dbus_message_get_args(message, &error,
DBUS_TYPE_UINT32, &major,
--
2.3.3

34
xorg-x11-server.spec
View File

@ -44,8 +44,8 @@
Summary: X.Org X11 X server Summary: X.Org X11 X server
Name: xorg-x11-server Name: xorg-x11-server
Version: 1.17.1 Version: 1.17.2
Release: 16%{?gitdate:.%{gitdate}}%{dist} Release: 1%{?gitdate:.%{gitdate}}%{dist}
URL: http://www.x.org URL: http://www.x.org
License: MIT License: MIT
Group: User Interface/X Group: User Interface/X
@ -85,13 +85,6 @@ Patch5002: xserver-1.4.99-ssh-isnt-local.patch
Patch6030: xserver-1.6.99-right-of.patch Patch6030: xserver-1.6.99-right-of.patch
#Patch6044: xserver-1.6.99-hush-prerelease-warning.patch #Patch6044: xserver-1.6.99-hush-prerelease-warning.patch
# https://bugzilla.gnome.org/show_bug.cgi?id=737226
Patch6045: 0001-present-make-unflip-work-when-the-flip-window-is-des.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1209347
Patch6055: systemd-logind-filter-out-non-signal-messages-from.patch
Patch6056: systemd-logind-dont-second-guess-D-Bus-default-tim.patch
Patch7025: 0001-Always-install-vbe-and-int10-sdk-headers.patch Patch7025: 0001-Always-install-vbe-and-int10-sdk-headers.patch
# do not upstream - do not even use here yet # do not upstream - do not even use here yet
@ -100,40 +93,20 @@ Patch7027: xserver-autobind-hotplug.patch
# submitted: http://lists.x.org/archives/xorg-devel/2013-October/037996.html # submitted: http://lists.x.org/archives/xorg-devel/2013-October/037996.html
Patch9100: exa-only-draw-valid-trapezoids.patch Patch9100: exa-only-draw-valid-trapezoids.patch
# submitted upstream: regression in 1.17.0
Patch9200: 0001-os-access-fix-regression-in-server-interpreted-auth.patch
# because the display-managers are not ready yet, do not upstream # because the display-managers are not ready yet, do not upstream
Patch10000: 0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch Patch10000: 0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch
# Fix build with gcc5, submitted upstream, likely needs a better fix
Patch10001: 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
Patch10002: 0001-int10-Fix-mapping-the-interrupt-vector.patch
Patch10003: 0001-include-Fix-endianness-setup.patch
# rhbz1203780, submitted upstream # rhbz1203780, submitted upstream
Patch10004: 0001-linux-Add-linux_parse_vt_settings-and-linux_get_keep.patch Patch10004: 0001-linux-Add-linux_parse_vt_settings-and-linux_get_keep.patch
Patch10005: 0002-linux-Add-a-may_fail-paramter-to-linux_parse_vt_sett.patch Patch10005: 0002-linux-Add-a-may_fail-paramter-to-linux_parse_vt_sett.patch
Patch10006: 0003-systemd-logind-Only-use-systemd-logind-integration-t.patch Patch10006: 0003-systemd-logind-Only-use-systemd-logind-integration-t.patch
# rhbz1205725, submitted upstream
Patch10007: 0001-modesetting-Fix-software-cursor-fallback.patch
# rhbz1208992: Mouse cursor doesn't move when moving the physical mouse # rhbz1208992: Mouse cursor doesn't move when moving the physical mouse
# slowly. # slowly.
# already upstream # already upstream
Patch10010: 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch Patch10010: 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
Patch10011: 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch Patch10011: 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
# glamor fix from RHEL7 fix sent upstream
Patch10020: 0001-glamor-don-t-do-render-ops-with-matching-source-dest.patch
# CVE-2015-3164
Patch201531640: 0001-xwayland-Enable-access-control-on-open-sockets-CVE-2.patch
Patch201531641: 0002-os-support-new-implicit-local-user-access-mode-CVE-2.patch
Patch201531642: 0003-xwayland-default-to-local-user-if-no-xauth-file-give.patch
%global moduledir %{_libdir}/xorg/modules %global moduledir %{_libdir}/xorg/modules
%global drimoduledir %{_libdir}/dri %global drimoduledir %{_libdir}/dri
%global sdkdir %{_includedir}/xorg %global sdkdir %{_includedir}/xorg
@ -671,6 +644,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%changelog %changelog
* Tue Jun 16 2015 Adam Jackson <ajax@redhat.com> 1.17.2-1
- xserver 1.17.2
* Tue Jun 16 2015 Dave Airlie <airlied@redhat.com> 1.17.1-16 * Tue Jun 16 2015 Dave Airlie <airlied@redhat.com> 1.17.1-16
- fix bug with glamor and overlapping copies - fix bug with glamor and overlapping copies