From 4edb4ea6365f86aa57be1c4dc22dbbb2b39b9b28 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Mon, 10 Dec 2007 20:23:39 +0000 Subject: [PATCH] * Mon Dec 10 2007 Adam Jackson 1.4.99.1-0.13 - xserver-1.4.99-alloca-poison.patch: Fatal error on {DE,}ALLOCATE_LOCAL so we don't build broken drivers. - xserver-1.4.99-ssh-isnt-local.patch: Try harder to disable MIT-SHM for ssh-forwarded connections. --- xorg-x11-server.spec | 13 +++++++- xserver-1.4.99-alloca-poison.patch | 27 +++++++++++++++++ xserver-1.4.99-ssh-isnt-local.patch | 47 +++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 xserver-1.4.99-alloca-poison.patch create mode 100644 xserver-1.4.99-ssh-isnt-local.patch diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 8e97b1e..74b4e64 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -20,7 +20,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server Version: 1.4.99.1 -Release: 0.12%{?dist} +Release: 0.13%{?dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -66,7 +66,12 @@ Patch4004: xserver-1.4.99-xephyr-dri.patch Patch4005: xserver-1.4.99-openchrome.patch # Trivial things to never merge upstream ever +# This should be fixed in the kernel. Patch5000: xserver-1.4.99-apm-typedefs.patch +# Don't merge this without protecting the gccisms. +Patch5001: xserver-1.4.99-alloca-poison.patch +# This really could be done prettier. +Patch5002: xserver-1.4.99-ssh-isnt-local.patch %define moduledir %{_libdir}/xorg/modules %define drimoduledir %{_libdir}/dri @@ -524,6 +529,12 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Dec 10 2007 Adam Jackson 1.4.99.1-0.13 +- xserver-1.4.99-alloca-poison.patch: Fatal error on {DE,}ALLOCATE_LOCAL + so we don't build broken drivers. +- xserver-1.4.99-ssh-isnt-local.patch: Try harder to disable MIT-SHM for + ssh-forwarded connections. + * Mon Dec 03 2007 Adam Jackson 1.4.99.1-0.12 - xserver-1.4.99-apm-typedefs.patch: Temporary hack for broken kernels that don't publish the /dev/apm_bios types. diff --git a/xserver-1.4.99-alloca-poison.patch b/xserver-1.4.99-alloca-poison.patch new file mode 100644 index 0000000..5fa874a --- /dev/null +++ b/xserver-1.4.99-alloca-poison.patch @@ -0,0 +1,27 @@ +From d8f0b7e388f61a9ae528466dafac1bdfaf5b77ca Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Mon, 10 Dec 2007 15:25:01 -0500 +Subject: [PATCH] Poison {DE,}ALLOCATE_LOCAL so we don't build broken drivers. + +--- + include/os.h | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/include/os.h b/include/os.h +index c53a9ea..0960d0c 100644 +--- a/include/os.h ++++ b/include/os.h +@@ -50,6 +50,10 @@ SOFTWARE. + #define OS_H + + #include "misc.h" ++ ++#pragma GCC poison ALLOCATE_LOCAL ++#pragma GCC poison DEALLOCATE_LOCAL ++ + #include + + #define NullFID ((FID) 0) +-- +1.5.2.4 + diff --git a/xserver-1.4.99-ssh-isnt-local.patch b/xserver-1.4.99-ssh-isnt-local.patch new file mode 100644 index 0000000..2ccc83d --- /dev/null +++ b/xserver-1.4.99-ssh-isnt-local.patch @@ -0,0 +1,47 @@ +From 4306b434038de7e2b17d3c4a6cfd87db469d3bda Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Mon, 10 Dec 2007 11:26:57 -0500 +Subject: [PATCH] Hack for proper MIT-SHM rejection for ssh-forwarded clients. + +--- + Xext/shm.c | 15 +++++++++++++++ + 1 files changed, 15 insertions(+), 0 deletions(-) + +diff --git a/Xext/shm.c b/Xext/shm.c +index 5937a03..5376c19 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -381,8 +381,20 @@ shm_access(ClientPtr client, SHMPERM_TYPE *perm, int readonly) + mode_t mask; + int uidset = 0, gidset = 0; + LocalClientCredRec *lcc; ++ Bool is_ssh = FALSE; + + if (GetLocalClientCreds(client, &lcc) != -1) { ++#ifdef linux ++ if (lcc->fieldsSet & LCC_PID_SET) { ++ /* ssh isn't actually a local client */ ++ char exe[64], buf[64]; ++ ++ snprintf(exe, 64, "/proc/%d/exe", lcc->pid); ++ readlink(exe, buf, 64); ++ if (strstr(buf, "/ssh")) ++ is_ssh = TRUE; ++ } ++#endif + + if (lcc->fieldsSet & LCC_UID_SET) { + uid = lcc->euid; +@@ -401,6 +413,9 @@ shm_access(ClientPtr client, SHMPERM_TYPE *perm, int readonly) + } + #endif + FreeLocalClientCreds(lcc); ++ ++ if (is_ssh) ++ return -1; + + if (uidset) { + /* User id 0 always gets access */ +-- +1.5.3.4 +