* Mon Dec 10 2007 Adam Jackson <ajax@redhat.com> 1.4.99.1-0.13

- xserver-1.4.99-alloca-poison.patch: Fatal error on {DE,}ALLOCATE_LOCAL so we don't build broken drivers. - xserver-1.4.99-ssh-isnt-local.patch: Try harder to disable MIT-SHM for ssh-forwarded connections.
2007-12-10 20:23:39 +00:00 · 2007-12-10 20:23:39 +00:00 · 4edb4ea636
commit 4edb4ea636
parent 13ddb2e60b
3 changed files with 86 additions and 1 deletions
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@ -20,7 +20,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.4.99.1
-Release:   0.12%{?dist}
+Release:   0.13%{?dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@ -66,7 +66,12 @@ Patch4004: xserver-1.4.99-xephyr-dri.patch
 Patch4005: xserver-1.4.99-openchrome.patch

 # Trivial things to never merge upstream ever
+# This should be fixed in the kernel.
 Patch5000: xserver-1.4.99-apm-typedefs.patch
+# Don't merge this without protecting the gccisms.
+Patch5001: xserver-1.4.99-alloca-poison.patch
+# This really could be done prettier.
+Patch5002: xserver-1.4.99-ssh-isnt-local.patch

 %define moduledir	%{_libdir}/xorg/modules
 %define drimoduledir	%{_libdir}/dri
@ -524,6 +529,12 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Mon Dec 10 2007 Adam Jackson <ajax@redhat.com> 1.4.99.1-0.13
+- xserver-1.4.99-alloca-poison.patch: Fatal error on {DE,}ALLOCATE_LOCAL
+  so we don't build broken drivers.
+- xserver-1.4.99-ssh-isnt-local.patch: Try harder to disable MIT-SHM for
+  ssh-forwarded connections.
+
 * Mon Dec 03 2007 Adam Jackson <ajax@redhat.com> 1.4.99.1-0.12
 - xserver-1.4.99-apm-typedefs.patch: Temporary hack for broken kernels that
  don't publish the /dev/apm_bios types.
--- a/xserver-1.4.99-alloca-poison.patch
+++ b/xserver-1.4.99-alloca-poison.patch
@ -0,0 +1,27 @@
+From d8f0b7e388f61a9ae528466dafac1bdfaf5b77ca Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Mon, 10 Dec 2007 15:25:01 -0500
+Subject: [PATCH] Poison {DE,}ALLOCATE_LOCAL so we don't build broken drivers.
+
+---
+ include/os.h |    4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/include/os.h b/include/os.h
+index c53a9ea..0960d0c 100644
+--- a/include/os.h
+++ b/include/os.h
+@@ -50,6 +50,10 @@ SOFTWARE.
+ #define OS_H
+ 
+ #include "misc.h"
+
+#pragma GCC poison ALLOCATE_LOCAL
+#pragma GCC poison DEALLOCATE_LOCAL
+
+ #include <stdarg.h>
+ 
+ #define NullFID ((FID) 0)
+-- 
+1.5.2.4
+
--- a/xserver-1.4.99-ssh-isnt-local.patch
+++ b/xserver-1.4.99-ssh-isnt-local.patch
@ -0,0 +1,47 @@
+From 4306b434038de7e2b17d3c4a6cfd87db469d3bda Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Mon, 10 Dec 2007 11:26:57 -0500
+Subject: [PATCH] Hack for proper MIT-SHM rejection for ssh-forwarded clients.
+
+---
+ Xext/shm.c |   15 +++++++++++++++
+ 1 files changed, 15 insertions(+), 0 deletions(-)
+
+diff --git a/Xext/shm.c b/Xext/shm.c
+index 5937a03..5376c19 100644
+--- a/Xext/shm.c
+++ b/Xext/shm.c
+@@ -381,8 +381,20 @@ shm_access(ClientPtr client, SHMPERM_TYPE *perm, int readonly)
+     mode_t mask;
+     int uidset = 0, gidset = 0;
+     LocalClientCredRec *lcc;
+    Bool is_ssh = FALSE;
+     
+     if (GetLocalClientCreds(client, &lcc) != -1) {
+#ifdef linux
+	if (lcc->fieldsSet & LCC_PID_SET) {
+	    /* ssh isn't actually a local client */
+	    char exe[64], buf[64];
+
+	    snprintf(exe, 64, "/proc/%d/exe", lcc->pid);
+	    readlink(exe, buf, 64);
+	    if (strstr(buf, "/ssh"))
+		is_ssh = TRUE;
+	}
+#endif
+ 
+ 	if (lcc->fieldsSet & LCC_UID_SET) {
+ 	    uid = lcc->euid;
+@@ -401,6 +413,9 @@ shm_access(ClientPtr client, SHMPERM_TYPE *perm, int readonly)
+ 	}
+ #endif
+ 	FreeLocalClientCreds(lcc);
+
+	if (is_ssh)
+	    return -1;
+ 	
+ 	if (uidset) {
+ 	    /* User id 0 always gets access */
+-- 
+1.5.3.4
+