import xorg-x11-server-1.20.10-1.el8
This commit is contained in:
parent
eb237a978c
commit
de740dbd80
|
@ -1 +1 @@
|
|||
SOURCES/xorg-server-1.20.8.tar.bz2
|
||||
SOURCES/xorg-server-1.20.10.tar.bz2
|
||||
|
|
|
@ -1 +1 @@
|
|||
077d081f912faf11c87ea1c9d0e29490961b0cd4 SOURCES/xorg-server-1.20.8.tar.bz2
|
||||
e698b30adb781dfe0e7bee0aa489ea9df404a5db SOURCES/xorg-server-1.20.10.tar.bz2
|
||||
|
|
|
@ -1,183 +0,0 @@
|
|||
From 1d3a1092c30af660b1366fcd344af745590aa29f Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Tue, 18 Aug 2020 14:46:32 +0200
|
||||
Subject: [PATCH xserver] Correct bounds checking in XkbSetNames()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2020-14345 / ZDI 11428
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
(cherry picked from commit 11f22a3bf694d7061d552c99898d843bcdaf0cf1)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 48 insertions(+)
|
||||
|
||||
diff --git a/xkb/xkb.c b/xkb/xkb.c
|
||||
index 3162574a4..2139da7ee 100644
|
||||
--- a/xkb/xkb.c
|
||||
+++ b/xkb/xkb.c
|
||||
@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT;
|
||||
#define CHK_REQ_KEY_RANGE(err,first,num,r) \
|
||||
CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue)
|
||||
|
||||
+static Bool
|
||||
+_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) {
|
||||
+ char *cstuff = (char *)stuff;
|
||||
+ char *cfrom = (char *)from;
|
||||
+ char *cto = (char *)to;
|
||||
+
|
||||
+ return cfrom < cto &&
|
||||
+ cfrom >= cstuff &&
|
||||
+ cfrom < cstuff + ((size_t)client->req_len << 2) &&
|
||||
+ cto >= cstuff &&
|
||||
+ cto <= cstuff + ((size_t)client->req_len << 2);
|
||||
+}
|
||||
+
|
||||
/***====================================================================***/
|
||||
|
||||
int
|
||||
@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
client->errorValue = _XkbErrCode2(0x04, stuff->firstType);
|
||||
return BadAccess;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes))
|
||||
+ return BadLength;
|
||||
old = tmp;
|
||||
tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
}
|
||||
width = (CARD8 *) tmp;
|
||||
tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels));
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, width, tmp))
|
||||
+ return BadLength;
|
||||
type = &xkb->map->types[stuff->firstKTLevel];
|
||||
for (i = 0; i < stuff->nKTLevels; i++, type++) {
|
||||
if (width[i] == 0)
|
||||
@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
type->num_levels, width[i]);
|
||||
return BadMatch;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i]))
|
||||
+ return BadLength;
|
||||
tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
client->errorValue = bad;
|
||||
@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
client->errorValue = 0x08;
|
||||
return BadMatch;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
|
||||
+ tmp + Ones(stuff->indicators)))
|
||||
+ return BadLength;
|
||||
tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators,
|
||||
client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
client->errorValue = 0x09;
|
||||
return BadMatch;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
|
||||
+ tmp + Ones(stuff->virtualMods)))
|
||||
+ return BadLength;
|
||||
tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods,
|
||||
(CARD32) stuff->virtualMods,
|
||||
client->swapped, &bad);
|
||||
@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
client->errorValue = 0x0a;
|
||||
return BadMatch;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
|
||||
+ tmp + Ones(stuff->groupNames)))
|
||||
+ return BadLength;
|
||||
tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups,
|
||||
(CARD32) stuff->groupNames,
|
||||
client->swapped, &bad);
|
||||
@@ -4141,9 +4169,14 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
stuff->nKeys);
|
||||
return BadValue;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys))
|
||||
+ return BadLength;
|
||||
tmp += stuff->nKeys;
|
||||
}
|
||||
if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) {
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
|
||||
+ tmp + (stuff->nKeyAliases * 2)))
|
||||
+ return BadLength;
|
||||
tmp += stuff->nKeyAliases * 2;
|
||||
}
|
||||
if (stuff->which & XkbRGNamesMask) {
|
||||
@@ -4151,6 +4184,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
|
||||
client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups);
|
||||
return BadValue;
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp,
|
||||
+ tmp + stuff->nRadioGroups))
|
||||
+ return BadLength;
|
||||
tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
client->errorValue = bad;
|
||||
@@ -4344,6 +4380,8 @@ ProcXkbSetNames(ClientPtr client)
|
||||
/* check device-independent stuff */
|
||||
tmp = (CARD32 *) &stuff[1];
|
||||
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
|
||||
+ return BadLength;
|
||||
if (stuff->which & XkbKeycodesNameMask) {
|
||||
tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4351,6 +4389,8 @@ ProcXkbSetNames(ClientPtr client)
|
||||
return BadAtom;
|
||||
}
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
|
||||
+ return BadLength;
|
||||
if (stuff->which & XkbGeometryNameMask) {
|
||||
tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4358,6 +4398,8 @@ ProcXkbSetNames(ClientPtr client)
|
||||
return BadAtom;
|
||||
}
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
|
||||
+ return BadLength;
|
||||
if (stuff->which & XkbSymbolsNameMask) {
|
||||
tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4365,6 +4407,8 @@ ProcXkbSetNames(ClientPtr client)
|
||||
return BadAtom;
|
||||
}
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
|
||||
+ return BadLength;
|
||||
if (stuff->which & XkbPhysSymbolsNameMask) {
|
||||
tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4372,6 +4416,8 @@ ProcXkbSetNames(ClientPtr client)
|
||||
return BadAtom;
|
||||
}
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
|
||||
+ return BadLength;
|
||||
if (stuff->which & XkbTypesNameMask) {
|
||||
tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
@@ -4379,6 +4425,8 @@ ProcXkbSetNames(ClientPtr client)
|
||||
return BadAtom;
|
||||
}
|
||||
}
|
||||
+ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
|
||||
+ return BadLength;
|
||||
if (stuff->which & XkbCompatNameMask) {
|
||||
tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
|
||||
if (!tmp) {
|
||||
--
|
||||
2.28.0
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From eff3f6cdd398bfac040351e99e64baf3bf64fa2e Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Tue, 18 Aug 2020 14:49:04 +0200
|
||||
Subject: [PATCH xserver] Fix XIChangeHierarchy() integer underflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2020-14346 / ZDI-CAN-11429
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
(cherry picked from commit 1e3392b07923987c6c9d09cf75b24f397b59bd5e)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
Xi/xichangehierarchy.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
|
||||
index cbdd91258..504defe56 100644
|
||||
--- a/Xi/xichangehierarchy.c
|
||||
+++ b/Xi/xichangehierarchy.c
|
||||
@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
|
||||
if (!stuff->num_changes)
|
||||
return rc;
|
||||
|
||||
- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
|
||||
+ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
|
||||
|
||||
any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
|
||||
while (stuff->num_changes--) {
|
||||
--
|
||||
2.28.0
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
From 705d7213935820d9f56563ee9e17aa9beb365c1e Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Tue, 18 Aug 2020 14:55:01 +0200
|
||||
Subject: [PATCH xserver] Fix XRecordRegisterClients() Integer underflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2020-14362 ZDI-CAN-11574
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
(cherry picked from commit 24acad216aa0fc2ac451c67b2b86db057a032050)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
record/record.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/record/record.c b/record/record.c
|
||||
index f0b739b0c..05d751ac2 100644
|
||||
--- a/record/record.c
|
||||
+++ b/record/record.c
|
||||
@@ -2499,7 +2499,7 @@ SProcRecordQueryVersion(ClientPtr client)
|
||||
} /* SProcRecordQueryVersion */
|
||||
|
||||
static int _X_COLD
|
||||
-SwapCreateRegister(xRecordRegisterClientsReq * stuff)
|
||||
+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
|
||||
{
|
||||
int i;
|
||||
XID *pClientID;
|
||||
@@ -2509,13 +2509,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff)
|
||||
swapl(&stuff->nRanges);
|
||||
pClientID = (XID *) &stuff[1];
|
||||
if (stuff->nClients >
|
||||
- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq))
|
||||
+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq))
|
||||
return BadLength;
|
||||
for (i = 0; i < stuff->nClients; i++, pClientID++) {
|
||||
swapl(pClientID);
|
||||
}
|
||||
if (stuff->nRanges >
|
||||
- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)
|
||||
+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
|
||||
- stuff->nClients)
|
||||
return BadLength;
|
||||
RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
|
||||
@@ -2530,7 +2530,7 @@ SProcRecordCreateContext(ClientPtr client)
|
||||
|
||||
swaps(&stuff->length);
|
||||
REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq);
|
||||
- if ((status = SwapCreateRegister((void *) stuff)) != Success)
|
||||
+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
|
||||
return status;
|
||||
return ProcRecordCreateContext(client);
|
||||
} /* SProcRecordCreateContext */
|
||||
@@ -2543,7 +2543,7 @@ SProcRecordRegisterClients(ClientPtr client)
|
||||
|
||||
swaps(&stuff->length);
|
||||
REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq);
|
||||
- if ((status = SwapCreateRegister((void *) stuff)) != Success)
|
||||
+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
|
||||
return status;
|
||||
return ProcRecordRegisterClients(client);
|
||||
} /* SProcRecordRegisterClients */
|
||||
--
|
||||
2.28.0
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From 5b384e7678c5a155dd8752f018c8292153c1295e Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Tue, 18 Aug 2020 14:52:29 +0200
|
||||
Subject: [PATCH xserver] Fix XkbSelectEvents() integer underflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2020-14361 ZDI-CAN 11573
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
(cherry picked from commit 90304b3c2018a6b8f4a79de86364d2af15cb9ad8)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
xkb/xkbSwap.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c
|
||||
index 1c1ed5ff4..50cabb90e 100644
|
||||
--- a/xkb/xkbSwap.c
|
||||
+++ b/xkb/xkbSwap.c
|
||||
@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
|
||||
register unsigned bit, ndx, maskLeft, dataLeft, size;
|
||||
|
||||
from.c8 = (CARD8 *) &stuff[1];
|
||||
- dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
|
||||
+ dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
|
||||
maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
|
||||
for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
|
||||
if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
|
||||
--
|
||||
2.28.0
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Sat, 25 Jul 2020 19:33:50 +0200
|
||||
Subject: [PATCH] fix for ZDI-11426
|
||||
|
||||
Avoid leaking un-initalized memory to clients by zeroing the
|
||||
whole pixmap on initial allocation.
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
---
|
||||
dix/pixmap.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dix/pixmap.c b/dix/pixmap.c
|
||||
index 1186d7dbb..5a0146bbb 100644
|
||||
--- a/dix/pixmap.c
|
||||
+++ b/dix/pixmap.c
|
||||
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
|
||||
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
|
||||
return NullPixmap;
|
||||
|
||||
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
|
||||
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
|
||||
if (!pPixmap)
|
||||
return NullPixmap;
|
||||
|
||||
--
|
||||
2.25.4
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
From 85d9f7932353b6e0986796dbb09b7f778f9cc9aa Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Fri, 24 Jul 2020 18:21:05 +0200
|
||||
Subject: [PATCH xserver] glamor: Fix glamor_poly_fill_rect_gl
|
||||
xRectangle::width/height handling
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
(Using GLSL 1.30 or newer)
|
||||
|
||||
The width/height members of xRectangle are unsigned, but they were
|
||||
being interpreted as signed when converting to floating point for the
|
||||
vertex shader, producing incorrect drawing for values > 32767.
|
||||
|
||||
Solve this by passing through the values as integers, and masking off
|
||||
the upper 16 bits in the vertex shader (which could be 1 due to sign
|
||||
extension).
|
||||
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
glamor/glamor_rects.c | 11 ++++++-----
|
||||
1 file changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/glamor/glamor_rects.c b/glamor/glamor_rects.c
|
||||
index 6cbb040c1..5cac40d49 100644
|
||||
--- a/glamor/glamor_rects.c
|
||||
+++ b/glamor/glamor_rects.c
|
||||
@@ -27,9 +27,10 @@
|
||||
static const glamor_facet glamor_facet_polyfillrect_130 = {
|
||||
.name = "poly_fill_rect",
|
||||
.version = 130,
|
||||
- .vs_vars = "attribute vec4 primitive;\n",
|
||||
- .vs_exec = (" vec2 pos = primitive.zw * vec2(gl_VertexID&1, (gl_VertexID&2)>>1);\n"
|
||||
- GLAMOR_POS(gl_Position, (primitive.xy + pos))),
|
||||
+ .vs_vars = "attribute ivec4 primitive;\n",
|
||||
+ .vs_exec = (" vec2 pos = vec2(primitive.zw & ivec2(0xffff));\n"
|
||||
+ " pos *= vec2(gl_VertexID&1, (gl_VertexID&2)>>1);\n"
|
||||
+ GLAMOR_POS(gl_Position, (vec2(primitive.xy) + pos))),
|
||||
};
|
||||
|
||||
static const glamor_facet glamor_facet_polyfillrect_120 = {
|
||||
@@ -81,8 +82,8 @@ glamor_poly_fill_rect_gl(DrawablePtr drawable,
|
||||
|
||||
glEnableVertexAttribArray(GLAMOR_VERTEX_POS);
|
||||
glVertexAttribDivisor(GLAMOR_VERTEX_POS, 1);
|
||||
- glVertexAttribPointer(GLAMOR_VERTEX_POS, 4, GL_SHORT, GL_FALSE,
|
||||
- 4 * sizeof (short), vbo_offset);
|
||||
+ glVertexAttribIPointer(GLAMOR_VERTEX_POS, 4, GL_SHORT,
|
||||
+ 4 * sizeof (short), vbo_offset);
|
||||
|
||||
memcpy(v, prect, nrect * sizeof (xRectangle));
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
From f32c851a0ba41f5d8d0f8c869bc394858de721df Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Thu, 25 Jun 2020 18:09:27 +0200
|
||||
Subject: [PATCH xserver 1/4] present/wnmd: Keep pixmap pointer in
|
||||
present_wnmd_clear_window_flip
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The comment was incorrect: Any reference held by the window (see
|
||||
present_wnmd_execute) is in addition to the one in struct present_vblank
|
||||
(see present_vblank_create). So if we don't drop the latter, the pixmap
|
||||
will be leaked.
|
||||
|
||||
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
||||
(cherry picked from commit bc9dd1c71c3722284ffaa7183f4119151b25a44f)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
present/present_screen.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/present/present_screen.c b/present/present_screen.c
|
||||
index c7e37c5fd..c435f55f4 100644
|
||||
--- a/present/present_screen.c
|
||||
+++ b/present/present_screen.c
|
||||
@@ -122,8 +122,6 @@ present_wnmd_clear_window_flip(WindowPtr window)
|
||||
|
||||
xorg_list_for_each_entry_safe(vblank, tmp, &window_priv->idle_queue, event_queue) {
|
||||
present_pixmap_idle(vblank->pixmap, vblank->window, vblank->serial, vblank->idle_fence);
|
||||
- /* The pixmap will be destroyed by freeing the window resources. */
|
||||
- vblank->pixmap = NULL;
|
||||
present_vblank_destroy(vblank);
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -1,173 +0,0 @@
|
|||
From 139868f3e82a3e7b7b17f3a5a2e07c4b04d81728 Mon Sep 17 00:00:00 2001
|
||||
From: Aaron Ma <aaron.ma@canonical.com>
|
||||
Date: Thu, 30 Jul 2020 11:02:39 +0200
|
||||
Subject: [PATCH xserver] xfree86: add drm modes on non-GTF panels
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
EDID1.4 replaced GTF Bit with Continuous or Non-Continuous Frequency Display.
|
||||
|
||||
Check the "Display Range Limits Descriptor" for GTF support.
|
||||
If panel doesn't support GTF, then add gtf modes.
|
||||
|
||||
Otherwise X will only show the modes in "Detailed Timing Descriptor".
|
||||
|
||||
V2: Coding style changes.
|
||||
V3: Coding style changes, remove unused variate.
|
||||
V4: remove unused variate.
|
||||
|
||||
BugLink: https://gitlab.freedesktop.org/drm/intel/issues/313
|
||||
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
|
||||
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
||||
(cherry picked from commit 6a79a737e2c0bc730ee693b4ea4a1530c108be4e)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
hw/xfree86/ddc/edid.h | 17 +++++++++++-
|
||||
hw/xfree86/ddc/interpret_edid.c | 27 +++++++++++++++++++
|
||||
hw/xfree86/ddc/xf86DDC.h | 3 +++
|
||||
.../drivers/modesetting/drmmode_display.c | 2 +-
|
||||
hw/xfree86/modes/xf86Crtc.c | 3 +--
|
||||
5 files changed, 48 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/xfree86/ddc/edid.h b/hw/xfree86/ddc/edid.h
|
||||
index 750e4270b..b884d8212 100644
|
||||
--- a/hw/xfree86/ddc/edid.h
|
||||
+++ b/hw/xfree86/ddc/edid.h
|
||||
@@ -262,6 +262,10 @@
|
||||
#define MAX_H (_MAX_H(c) + _MAX_H_OFFSET(c))
|
||||
#define _MAX_CLOCK(x) x[9]
|
||||
#define MAX_CLOCK _MAX_CLOCK(c)
|
||||
+#define _DEFAULT_GTF(x) (x[10] == 0x00)
|
||||
+#define DEFAULT_GTF _DEFAULT_GTF(c)
|
||||
+#define _RANGE_LIMITS_ONLY(x) (x[10] == 0x01)
|
||||
+#define RANGE_LIMITS_ONLY _RANGE_LIMITS_ONLY(c)
|
||||
#define _HAVE_2ND_GTF(x) (x[10] == 0x02)
|
||||
#define HAVE_2ND_GTF _HAVE_2ND_GTF(c)
|
||||
#define _F_2ND_GTF(x) (x[12] * 2)
|
||||
@@ -477,6 +481,16 @@ struct detailed_timings {
|
||||
#define DS_VENDOR 0x101
|
||||
#define DS_VENDOR_MAX 0x110
|
||||
|
||||
+/*
|
||||
+ * Display range limit Descriptor of EDID version1, reversion 4
|
||||
+ */
|
||||
+typedef enum {
|
||||
+ DR_DEFAULT_GTF,
|
||||
+ DR_LIMITS_ONLY,
|
||||
+ DR_SECONDARY_GTF,
|
||||
+ DR_CVT_SUPPORTED = 4,
|
||||
+} DR_timing_flags;
|
||||
+
|
||||
struct monitor_ranges {
|
||||
int min_v;
|
||||
int max_v;
|
||||
@@ -495,6 +509,7 @@ struct monitor_ranges {
|
||||
char supported_blanking;
|
||||
char supported_scaling;
|
||||
int preferred_refresh; /* in hz */
|
||||
+ DR_timing_flags display_range_timing_flags;
|
||||
};
|
||||
|
||||
struct whitePoints {
|
||||
@@ -524,7 +539,7 @@ struct detailed_monitor_section {
|
||||
Uchar serial[13];
|
||||
Uchar ascii_data[13];
|
||||
Uchar name[13];
|
||||
- struct monitor_ranges ranges; /* 56 */
|
||||
+ struct monitor_ranges ranges; /* 60 */
|
||||
struct std_timings std_t[5]; /* 80 */
|
||||
struct whitePoints wp[2]; /* 32 */
|
||||
/* color management data */
|
||||
diff --git a/hw/xfree86/ddc/interpret_edid.c b/hw/xfree86/ddc/interpret_edid.c
|
||||
index 17a8f81c0..19630471c 100644
|
||||
--- a/hw/xfree86/ddc/interpret_edid.c
|
||||
+++ b/hw/xfree86/ddc/interpret_edid.c
|
||||
@@ -672,6 +672,9 @@ get_monitor_ranges(Uchar * c, struct monitor_ranges *r)
|
||||
r->max_clock = 0;
|
||||
if (MAX_CLOCK != 0xff) /* is specified? */
|
||||
r->max_clock = MAX_CLOCK * 10 + 5;
|
||||
+
|
||||
+ r->display_range_timing_flags = c[10];
|
||||
+
|
||||
if (HAVE_2ND_GTF) {
|
||||
r->gtf_2nd_f = F_2ND_GTF;
|
||||
r->gtf_2nd_c = C_2ND_GTF;
|
||||
@@ -751,6 +754,30 @@ validate_version(int scrnIndex, struct edid_version *r)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
+Bool
|
||||
+gtf_supported(xf86MonPtr mon)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ if (!mon)
|
||||
+ return FALSE;
|
||||
+
|
||||
+ if ((mon->ver.version == 1) && (mon->ver.revision < 4)) {
|
||||
+ if (mon->features.msc & 0x1)
|
||||
+ return TRUE;
|
||||
+ } else {
|
||||
+ for (i = 0; i < DET_TIMINGS; i++) {
|
||||
+ struct detailed_monitor_section *det_timing_des = &(mon->det_mon[i]);
|
||||
+ if (det_timing_des && (det_timing_des->type == DS_RANGES) &&
|
||||
+ (det_timing_des->section.ranges.display_range_timing_flags == DR_DEFAULT_GTF
|
||||
+ || det_timing_des->section.ranges.display_range_timing_flags == DR_SECONDARY_GTF))
|
||||
+ return TRUE;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return FALSE;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Returns true if HDMI, false if definitely not or unknown.
|
||||
*/
|
||||
diff --git a/hw/xfree86/ddc/xf86DDC.h b/hw/xfree86/ddc/xf86DDC.h
|
||||
index 7d81ab911..6eb2f0ba2 100644
|
||||
--- a/hw/xfree86/ddc/xf86DDC.h
|
||||
+++ b/hw/xfree86/ddc/xf86DDC.h
|
||||
@@ -48,6 +48,9 @@ extern _X_EXPORT Bool xf86SetDDCproperties(ScrnInfoPtr pScreen, xf86MonPtr DDC);
|
||||
extern _X_EXPORT Bool
|
||||
xf86MonitorIsHDMI(xf86MonPtr mon);
|
||||
|
||||
+extern _X_EXPORT Bool
|
||||
+gtf_supported(xf86MonPtr mon);
|
||||
+
|
||||
extern _X_EXPORT DisplayModePtr
|
||||
FindDMTMode(int hsize, int vsize, int refresh, Bool rb);
|
||||
|
||||
diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c
|
||||
index 59abb6cc7..9dd8c5573 100644
|
||||
--- a/hw/xfree86/drivers/modesetting/drmmode_display.c
|
||||
+++ b/hw/xfree86/drivers/modesetting/drmmode_display.c
|
||||
@@ -2439,7 +2439,7 @@ drmmode_output_add_gtf_modes(xf86OutputPtr output, DisplayModePtr Modes)
|
||||
int max_x = 0, max_y = 0;
|
||||
float max_vrefresh = 0.0;
|
||||
|
||||
- if (mon && GTF_SUPPORTED(mon->features.msc))
|
||||
+ if (mon && gtf_supported(mon))
|
||||
return Modes;
|
||||
|
||||
if (!has_panel_fitter(output))
|
||||
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
|
||||
index 37a45bb3a..17d4ef103 100644
|
||||
--- a/hw/xfree86/modes/xf86Crtc.c
|
||||
+++ b/hw/xfree86/modes/xf86Crtc.c
|
||||
@@ -1719,11 +1719,10 @@ xf86ProbeOutputModes(ScrnInfoPtr scrn, int maxX, int maxY)
|
||||
|
||||
if (edid_monitor) {
|
||||
struct det_monrec_parameter p;
|
||||
- struct disp_features *features = &edid_monitor->features;
|
||||
struct cea_data_block *hdmi_db;
|
||||
|
||||
/* if display is not continuous-frequency, don't add default modes */
|
||||
- if (!GTF_SUPPORTED(features->msc))
|
||||
+ if (!gtf_supported(edid_monitor))
|
||||
add_default_modes = FALSE;
|
||||
|
||||
p.mon_rec = &mon_rec;
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -1,84 +0,0 @@
|
|||
From 23c55ec32973e0a75d723e3f37769dd711c9c59c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Wed, 22 Jul 2020 18:20:14 +0200
|
||||
Subject: [PATCH xserver] xwayland: Hold a pixmap reference in struct
|
||||
xwl_present_event
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In the log of the commit below, I claimed this wasn't necessary on the
|
||||
1.20 branch, but this turned out to be wrong: It meant that
|
||||
event->buffer could already be destroyed in xwl_present_free_event,
|
||||
resulting in use-after-free and likely a crash.
|
||||
|
||||
Fixes: 22c0808ac88f "xwayland: Free all remaining events in
|
||||
xwl_present_cleanup"
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
hw/xwayland/xwayland-present.c | 17 +++++++++++++----
|
||||
hw/xwayland/xwayland.h | 2 +-
|
||||
2 files changed, 14 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
|
||||
index 2cec63f59..f003170a9 100644
|
||||
--- a/hw/xwayland/xwayland-present.c
|
||||
+++ b/hw/xwayland/xwayland-present.c
|
||||
@@ -117,8 +117,16 @@ xwl_present_free_event(struct xwl_present_event *event)
|
||||
if (!event)
|
||||
return;
|
||||
|
||||
- if (event->buffer)
|
||||
- wl_buffer_set_user_data(event->buffer, NULL);
|
||||
+ if (event->pixmap) {
|
||||
+ if (!event->buffer_released) {
|
||||
+ struct wl_buffer *buffer =
|
||||
+ xwl_glamor_pixmap_get_wl_buffer(event->pixmap, NULL);
|
||||
+
|
||||
+ wl_buffer_set_user_data(buffer, NULL);
|
||||
+ }
|
||||
+
|
||||
+ dixDestroyPixmap(event->pixmap, event->pixmap->drawable.id);
|
||||
+ }
|
||||
|
||||
xorg_list_del(&event->list);
|
||||
free(event);
|
||||
@@ -348,7 +356,7 @@ xwl_present_queue_vblank(WindowPtr present_window,
|
||||
return BadAlloc;
|
||||
|
||||
event->event_id = event_id;
|
||||
- event->buffer = NULL;
|
||||
+ event->pixmap = NULL;
|
||||
event->xwl_present_window = xwl_present_window;
|
||||
event->target_msc = msc;
|
||||
|
||||
@@ -453,11 +461,12 @@ xwl_present_flip(WindowPtr present_window,
|
||||
if (!event)
|
||||
return FALSE;
|
||||
|
||||
+ pixmap->refcnt++;
|
||||
buffer = xwl_glamor_pixmap_get_wl_buffer(pixmap, &buffer_created);
|
||||
|
||||
event->event_id = event_id;
|
||||
event->xwl_present_window = xwl_present_window;
|
||||
- event->buffer = buffer;
|
||||
+ event->pixmap = pixmap;
|
||||
event->target_msc = target_msc;
|
||||
event->pending = TRUE;
|
||||
event->abort = FALSE;
|
||||
diff --git a/hw/xwayland/xwayland.h b/hw/xwayland/xwayland.h
|
||||
index bc5836ec4..b9495b313 100644
|
||||
--- a/hw/xwayland/xwayland.h
|
||||
+++ b/hw/xwayland/xwayland.h
|
||||
@@ -215,7 +215,7 @@ struct xwl_present_event {
|
||||
Bool buffer_released;
|
||||
|
||||
struct xwl_present_window *xwl_present_window;
|
||||
- struct wl_buffer *buffer;
|
||||
+ PixmapPtr pixmap;
|
||||
|
||||
struct xorg_list list;
|
||||
};
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
From 732507ed3255dff3970c5f92bd6ea13bf877e637 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Thu, 25 Jun 2020 18:11:31 +0200
|
||||
Subject: [PATCH xserver 2/4] present/wnmd: Free flip_queue entries in
|
||||
present_wnmd_clear_window_flip
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
When present_wnmd_clear_window_flip is done, present_destroy_window
|
||||
frees struct present_window_priv, and the events in the flip queue
|
||||
become unreachable. So if we don't free them first, they're leaked.
|
||||
|
||||
Also drop the call to present_wnmd_set_abort_flip, which just sets a
|
||||
flag in struct present_window_priv and thus can't have any observable
|
||||
effect after present_destroy_window.
|
||||
|
||||
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1042
|
||||
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
||||
(cherry picked from commit 1bdedc8dbb9d035b85444c2558a137470ff52113)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
present/present_screen.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/present/present_screen.c b/present/present_screen.c
|
||||
index c435f55f4..bfd30b8ba 100644
|
||||
--- a/present/present_screen.c
|
||||
+++ b/present/present_screen.c
|
||||
@@ -115,9 +115,9 @@ present_wnmd_clear_window_flip(WindowPtr window)
|
||||
present_window_priv_ptr window_priv = present_window_priv(window);
|
||||
present_vblank_ptr vblank, tmp;
|
||||
|
||||
- if (window_priv->flip_pending) {
|
||||
- present_wnmd_set_abort_flip(window);
|
||||
- window_priv->flip_pending->window = NULL;
|
||||
+ xorg_list_for_each_entry_safe(vblank, tmp, &window_priv->flip_queue, event_queue) {
|
||||
+ present_pixmap_idle(vblank->pixmap, vblank->window, vblank->serial, vblank->idle_fence);
|
||||
+ present_vblank_destroy(vblank);
|
||||
}
|
||||
|
||||
xorg_list_for_each_entry_safe(vblank, tmp, &window_priv->idle_queue, event_queue) {
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -1,94 +0,0 @@
|
|||
From 99e9854c5fab7114b26c272088d9202548da55bf Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Fri, 19 Jun 2020 18:14:35 +0200
|
||||
Subject: [PATCH xserver 3/4] xwayland: Always use xwl_present_free_event for
|
||||
freeing Present events
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Minor cleanup, and will make the next change simpler. No functional
|
||||
change intended.
|
||||
|
||||
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
||||
(cherry picked from commit 1beffba699e2cc3f23039d2177c025bc127966de)
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
hw/xwayland/xwayland-present.c | 27 ++++++++++++---------------
|
||||
1 file changed, 12 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
|
||||
index 5ba7dce08..492e4a876 100644
|
||||
--- a/hw/xwayland/xwayland-present.c
|
||||
+++ b/hw/xwayland/xwayland-present.c
|
||||
@@ -111,6 +111,13 @@ xwl_present_reset_timer(struct xwl_present_window *xwl_present_window)
|
||||
}
|
||||
}
|
||||
|
||||
+static void
|
||||
+xwl_present_free_event(struct xwl_present_event *event)
|
||||
+{
|
||||
+ xorg_list_del(&event->list);
|
||||
+ free(event);
|
||||
+}
|
||||
+
|
||||
void
|
||||
xwl_present_cleanup(WindowPtr window)
|
||||
{
|
||||
@@ -128,17 +135,15 @@ xwl_present_cleanup(WindowPtr window)
|
||||
}
|
||||
|
||||
/* Clear remaining events */
|
||||
- xorg_list_for_each_entry_safe(event, tmp, &xwl_present_window->event_list, list) {
|
||||
- xorg_list_del(&event->list);
|
||||
- free(event);
|
||||
- }
|
||||
+ xorg_list_for_each_entry_safe(event, tmp, &xwl_present_window->event_list, list)
|
||||
+ xwl_present_free_event(event);
|
||||
|
||||
/* Clear remaining buffer releases and inform Present about free ressources */
|
||||
event = xwl_present_window->sync_flip;
|
||||
xwl_present_window->sync_flip = NULL;
|
||||
if (event) {
|
||||
if (event->buffer_released) {
|
||||
- free(event);
|
||||
+ xwl_present_free_event(event);
|
||||
} else {
|
||||
event->pending = FALSE;
|
||||
event->abort = TRUE;
|
||||
@@ -160,13 +165,6 @@ xwl_present_cleanup(WindowPtr window)
|
||||
free(xwl_present_window);
|
||||
}
|
||||
|
||||
-static void
|
||||
-xwl_present_free_event(struct xwl_present_event *event)
|
||||
-{
|
||||
- xorg_list_del(&event->list);
|
||||
- free(event);
|
||||
-}
|
||||
-
|
||||
static void
|
||||
xwl_present_buffer_release(void *data, struct wl_buffer *buffer)
|
||||
{
|
||||
@@ -216,7 +214,7 @@ xwl_present_msc_bump(struct xwl_present_window *xwl_present_window)
|
||||
/* If the buffer was already released, clean up now */
|
||||
present_wnmd_event_notify(xwl_present_window->window, event->event_id,
|
||||
xwl_present_window->ust, msc);
|
||||
- free(event);
|
||||
+ xwl_present_free_event(event);
|
||||
} else {
|
||||
xorg_list_add(&event->list, &xwl_present_window->release_queue);
|
||||
}
|
||||
@@ -392,8 +390,7 @@ xwl_present_abort_vblank(WindowPtr present_window,
|
||||
|
||||
xorg_list_for_each_entry_safe(event, tmp, &xwl_present_window->event_list, list) {
|
||||
if (event->event_id == event_id) {
|
||||
- xorg_list_del(&event->list);
|
||||
- free(event);
|
||||
+ xwl_present_free_event(event);
|
||||
return;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
From 1466a4fdfa8156dd4fd8b6ee6acd1b44f72ee3b1 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Fri, 19 Jun 2020 18:10:18 +0200
|
||||
Subject: [PATCH xserver 4/4] xwayland: Free all remaining events in
|
||||
xwl_present_cleanup
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
At the end of xwl_present_cleanup, these events aren't reachable
|
||||
anymore, so if we don't free them first, they're leaked.
|
||||
|
||||
(cherry picked from commit 64565ea344fef0171497952ef75f019cb420fe3b)
|
||||
|
||||
v2:
|
||||
* Simpler backport, no need to keep a reference to the pixmap on the
|
||||
1.20 branch.
|
||||
|
||||
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
||||
---
|
||||
hw/xwayland/xwayland-present.c | 26 +++++++++++---------------
|
||||
1 file changed, 11 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
|
||||
index 492e4a876..2cec63f59 100644
|
||||
--- a/hw/xwayland/xwayland-present.c
|
||||
+++ b/hw/xwayland/xwayland-present.c
|
||||
@@ -114,6 +114,12 @@ xwl_present_reset_timer(struct xwl_present_window *xwl_present_window)
|
||||
static void
|
||||
xwl_present_free_event(struct xwl_present_event *event)
|
||||
{
|
||||
+ if (!event)
|
||||
+ return;
|
||||
+
|
||||
+ if (event->buffer)
|
||||
+ wl_buffer_set_user_data(event->buffer, NULL);
|
||||
+
|
||||
xorg_list_del(&event->list);
|
||||
free(event);
|
||||
}
|
||||
@@ -138,21 +144,10 @@ xwl_present_cleanup(WindowPtr window)
|
||||
xorg_list_for_each_entry_safe(event, tmp, &xwl_present_window->event_list, list)
|
||||
xwl_present_free_event(event);
|
||||
|
||||
- /* Clear remaining buffer releases and inform Present about free ressources */
|
||||
- event = xwl_present_window->sync_flip;
|
||||
- xwl_present_window->sync_flip = NULL;
|
||||
- if (event) {
|
||||
- if (event->buffer_released) {
|
||||
- xwl_present_free_event(event);
|
||||
- } else {
|
||||
- event->pending = FALSE;
|
||||
- event->abort = TRUE;
|
||||
- }
|
||||
- }
|
||||
- xorg_list_for_each_entry_safe(event, tmp, &xwl_present_window->release_queue, list) {
|
||||
- xorg_list_del(&event->list);
|
||||
- event->abort = TRUE;
|
||||
- }
|
||||
+ xwl_present_free_event(xwl_present_window->sync_flip);
|
||||
+
|
||||
+ xorg_list_for_each_entry_safe(event, tmp, &xwl_present_window->release_queue, list)
|
||||
+ xwl_present_free_event(event);
|
||||
|
||||
/* Clear timer */
|
||||
xwl_present_free_timer(xwl_present_window);
|
||||
@@ -353,6 +348,7 @@ xwl_present_queue_vblank(WindowPtr present_window,
|
||||
return BadAlloc;
|
||||
|
||||
event->event_id = event_id;
|
||||
+ event->buffer = NULL;
|
||||
event->xwl_present_window = xwl_present_window;
|
||||
event->target_msc = msc;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -45,8 +45,8 @@
|
|||
|
||||
Summary: X.Org X11 X server
|
||||
Name: xorg-x11-server
|
||||
Version: 1.20.8
|
||||
Release: 9%{?gitdate:.%{gitdate}}%{?dist}
|
||||
Version: 1.20.10
|
||||
Release: 1%{?gitdate:.%{gitdate}}%{?dist}
|
||||
URL: http://www.x.org
|
||||
License: MIT
|
||||
Group: User Interface/X
|
||||
|
@ -99,13 +99,6 @@ Patch15: 0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
|
|||
Patch16: 0001-xfree86-try-harder-to-span-on-multihead.patch
|
||||
Patch18: 0001-mustard-Work-around-broken-fbdev-headers.patch
|
||||
|
||||
# Xwayland / Present leak fixes from
|
||||
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/459
|
||||
Patch20: 0001-present-wnmd-Keep-pixmap-pointer-in-present_wnmd_cle.patch
|
||||
Patch21: 0002-present-wnmd-Free-flip_queue-entries-in-present_wnmd.patch
|
||||
Patch22: 0003-xwayland-Always-use-xwl_present_free_event-for-freei.patch
|
||||
Patch23: 0004-xwayland-Free-all-remaining-events-in-xwl_present_cl.patch
|
||||
|
||||
# fix to be upstreamed
|
||||
Patch100: 0001-linux-Make-platform-device-probe-less-fragile.patch
|
||||
Patch102: 0001-xfree86-ensure-the-readlink-buffer-is-null-terminate.patch
|
||||
|
@ -115,20 +108,6 @@ Patch200: 0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch
|
|||
Patch201: 0001-linux-Fix-platform-device-PCI-detection-for-complex-.patch
|
||||
Patch202: 0001-modesetting-Reduce-glamor-initialization-failed-mess.patch
|
||||
Patch203: 0001-xfree86-Only-switch-to-original-VT-if-it-is-active.patch
|
||||
Patch204: 0001-xwayland-Hold-a-pixmap-reference-in-struct-xwl_prese.patch
|
||||
Patch205: 0001-glamor-Fix-glamor_poly_fill_rect_gl-xRectangle-width.patch
|
||||
Patch206: 0001-xfree86-add-drm-modes-on-non-GTF-panels.patch
|
||||
|
||||
# CVE-2020-14345
|
||||
Patch301: 0001-Correct-bounds-checking-in-XkbSetNames.patch
|
||||
# CVE-2020-14346
|
||||
Patch302: 0001-Fix-XIChangeHierarchy-integer-underflow.patch
|
||||
# CVE-2020-14361
|
||||
Patch303: 0001-Fix-XkbSelectEvents-integer-underflow.patch
|
||||
# CVE-2020-14362
|
||||
Patch304: 0001-Fix-XRecordRegisterClients-Integer-underflow.patch
|
||||
# CVE-2020-14347
|
||||
Patch305: 0001-fix-for-ZDI-11426.patch
|
||||
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
BuildRequires: git
|
||||
|
@ -573,6 +552,14 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Dec 10 2020 Adam Jackson <ajax@redhat.com> - 1.20.10-1
|
||||
- xserver 1.20.10
|
||||
Resolves: #1891871
|
||||
|
||||
* Wed Dec 9 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-10
|
||||
- modesetting: keep going if a modeset fails on EnterVT
|
||||
Resolves: #1838392
|
||||
|
||||
* Mon Nov 16 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-9
|
||||
- CVE fix for: CVE-2020-14347 (#1862320)
|
||||
|
||||
|
|
Loading…
Reference in New Issue