rpms/xorg-x11-server
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:c10s
rpms:c9
rpms:c8-beta
rpms:imports/c8/xorg-x11-server-1.20.11-25.el8_10
rpms:imports/c9-beta/xorg-x11-server-1.20.11-26.el9
rpms:imports/c8/xorg-x11-server-1.20.11-24.el8_10
rpms:imports/c10s/xorg-x11-server-1.20.14-36.el10
rpms:imports/c8/xorg-x11-server-1.20.11-23.el8_10
rpms:imports/c9/xorg-x11-server-1.20.11-24.el9
rpms:imports/c8-beta/xorg-x11-server-1.20.11-17.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-19.el9
rpms:imports/c8/xorg-x11-server-1.20.11-15.el8
rpms:imports/c9/xorg-x11-server-1.20.11-17.el9
rpms:imports/c9-beta/xorg-x11-server-1.20.11-17.el9
rpms:imports/c8-beta/xorg-x11-server-1.20.11-15.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-15.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-13.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-12.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-11.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-10.el8
rpms:imports/c9/xorg-x11-server-1.20.11-11.el9
rpms:imports/c8/xorg-x11-server-1.20.11-9.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-11.el9
rpms:imports/c8-beta/xorg-x11-server-1.20.11-9.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-9.el8
rpms:imports/c8/xorg-x11-server-1.20.11-5.el8_6.2
rpms:imports/c8s/xorg-x11-server-1.20.11-8.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-5.el8_6.1
rpms:imports/c9/xorg-x11-server-1.20.11-10.el9
rpms:imports/c8/xorg-x11-server-1.20.11-5.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.11-5.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-10.el9
rpms:imports/c8s/xorg-x11-server-1.20.11-5.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-7.el9
rpms:imports/c8s/xorg-x11-server-1.20.11-4.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-6.el9
rpms:imports/c9-beta/xorg-x11-server-1.20.11-5.el9
rpms:imports/c9-beta/xorg-x11-server-1.20.11-4.el9_b
rpms:imports/c8/xorg-x11-server-1.20.11-2.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.11-2.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.10-1.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.8-3.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.6-2.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.3-5.2.el8_0
rpms:imports/c8s/xorg-x11-server-1.20.11-2.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-1.el8
rpms:imports/c8s/xorg-x11-server-1.20.10-1.el8
rpms:imports/c8s/xorg-x11-server-1.20.8-9.el8
rpms:imports/c8s/xorg-x11-server-1.20.8-8.el8
rpms:imports/c8/xorg-x11-server-1.20.10-1.el8
rpms:imports/c8/xorg-x11-server-1.20.8-6.1.el8_3
rpms:imports/c8/xorg-x11-server-1.20.8-6.el8
rpms:imports/c8/xorg-x11-server-1.20.6-3.el8
rpms:imports/c8/xorg-x11-server-1.20.3-11.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c8
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:c10s
rpms:c9
rpms:c8-beta
rpms:imports/c8/xorg-x11-server-1.20.11-25.el8_10
rpms:imports/c9-beta/xorg-x11-server-1.20.11-26.el9
rpms:imports/c8/xorg-x11-server-1.20.11-24.el8_10
rpms:imports/c10s/xorg-x11-server-1.20.14-36.el10
rpms:imports/c8/xorg-x11-server-1.20.11-23.el8_10
rpms:imports/c9/xorg-x11-server-1.20.11-24.el9
rpms:imports/c8-beta/xorg-x11-server-1.20.11-17.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-19.el9
rpms:imports/c8/xorg-x11-server-1.20.11-15.el8
rpms:imports/c9/xorg-x11-server-1.20.11-17.el9
rpms:imports/c9-beta/xorg-x11-server-1.20.11-17.el9
rpms:imports/c8-beta/xorg-x11-server-1.20.11-15.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-15.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-13.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-12.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-11.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-10.el8
rpms:imports/c9/xorg-x11-server-1.20.11-11.el9
rpms:imports/c8/xorg-x11-server-1.20.11-9.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-11.el9
rpms:imports/c8-beta/xorg-x11-server-1.20.11-9.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-9.el8
rpms:imports/c8/xorg-x11-server-1.20.11-5.el8_6.2
rpms:imports/c8s/xorg-x11-server-1.20.11-8.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-5.el8_6.1
rpms:imports/c9/xorg-x11-server-1.20.11-10.el9
rpms:imports/c8/xorg-x11-server-1.20.11-5.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.11-5.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-10.el9
rpms:imports/c8s/xorg-x11-server-1.20.11-5.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-7.el9
rpms:imports/c8s/xorg-x11-server-1.20.11-4.el8
rpms:imports/c9-beta/xorg-x11-server-1.20.11-6.el9
rpms:imports/c9-beta/xorg-x11-server-1.20.11-5.el9
rpms:imports/c9-beta/xorg-x11-server-1.20.11-4.el9_b
rpms:imports/c8/xorg-x11-server-1.20.11-2.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.11-2.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.10-1.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.8-3.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.6-2.el8
rpms:imports/c8-beta/xorg-x11-server-1.20.3-5.2.el8_0
rpms:imports/c8s/xorg-x11-server-1.20.11-2.el8
rpms:imports/c8s/xorg-x11-server-1.20.11-1.el8
rpms:imports/c8s/xorg-x11-server-1.20.10-1.el8
rpms:imports/c8s/xorg-x11-server-1.20.8-9.el8
rpms:imports/c8s/xorg-x11-server-1.20.8-8.el8
rpms:imports/c8/xorg-x11-server-1.20.10-1.el8
rpms:imports/c8/xorg-x11-server-1.20.8-6.1.el8_3
rpms:imports/c8/xorg-x11-server-1.20.8-6.el8
rpms:imports/c8/xorg-x11-server-1.20.6-3.el8
rpms:imports/c8/xorg-x11-server-1.20.3-11.el8

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

85 changed files with 579 additions and 3168 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +0,0 @@
SOURCES/xorg-server-1.20.11.tar.bz2

1
.xorg-x11-server.metadata
View File

@ -1 +0,0 @@
86ae4add5719e6026a569f5559d51e8707171d5d SOURCES/xorg-server-1.20.11.tar.bz2

0
SOURCES/0001-randr-avoid-integer-truncation-in-length-check-of-Pr.patch → 0001-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
View File

0
SOURCES/0001-render-Avoid-possible-double-free-in-ProcRenderAddGl.patch → 0001-render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
View File

90
0001-render-Fix-build-with-gcc-12.patch Normal file
View File

@ -0,0 +1,90 @@
From 53173fdab492f0f638f6616fcf01af0b9ea6338d Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 20 Jan 2022 10:20:38 +0100
Subject: [PATCH xserver] render: Fix build with gcc 12
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The xserver fails to compile with the latest gcc 12:
render/picture.c: In function CreateSolidPicture:
render/picture.c:874:26: error: array subscript union _SourcePict[0] is partly outside array bounds of unsigned char[16] [-Werror=array-bounds]
874 | pPicture->pSourcePict->type = SourcePictTypeSolidFill;
| ^~
render/picture.c:868:45: note: object of size 16 allocated by malloc
868 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictSolidFill));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
render/picture.c: In function CreateLinearGradientPicture:
render/picture.c:906:26: error: array subscript union _SourcePict[0] is partly outside array bounds of unsigned char[32] [-Werror=array-bounds]
906 | pPicture->pSourcePict->linear.type = SourcePictTypeLinear;
| ^~
render/picture.c:899:45: note: object of size 32 allocated by malloc
899 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictLinearGradient));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
render/picture.c: In function CreateConicalGradientPicture:
render/picture.c:989:26: error: array subscript union _SourcePict[0] is partly outside array bounds of unsigned char[32] [-Werror=array-bounds]
989 | pPicture->pSourcePict->conical.type = SourcePictTypeConical;
| ^~
render/picture.c:982:45: note: object of size 32 allocated by malloc
982 | pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictConicalGradient));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
ninja: build stopped: subcommand failed.
This is because gcc 12 has become stricter and raises a warning now.
Fix the warning/error by allocating enough memory to store the union
struct.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Michel Dänzer <mdaenzer@redhat.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1256
(cherry picked from commit c6b0dcb82d4db07a2f32c09a8c09c85a5f57248e)
---
render/picture.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/render/picture.c b/render/picture.c
index afa0d258f..2be4b1954 100644
--- a/render/picture.c
+++ b/render/picture.c
@@ -865,7 +865,7 @@ CreateSolidPicture(Picture pid, xRenderColor * color, int *error)
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictSolidFill));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
@@ -896,7 +896,7 @@ CreateLinearGradientPicture(Picture pid, xPointFixed * p1, xPointFixed * p2,
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictLinearGradient));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
@@ -936,7 +936,7 @@ CreateRadialGradientPicture(Picture pid, xPointFixed * inner,
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictRadialGradient));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
@@ -979,7 +979,7 @@ CreateConicalGradientPicture(Picture pid, xPointFixed * center, xFixed angle,
}
pPicture->id = pid;
- pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(PictConicalGradient));
+ pPicture->pSourcePict = (SourcePictPtr) malloc(sizeof(SourcePict));
if (!pPicture->pSourcePict) {
*error = BadAlloc;
free(pPicture);
--
2.34.1

34
0001-xf86-Accept-devices-with-the-simpledrm-driver.patch Normal file
View File

@ -0,0 +1,34 @@
From b9218fadf3c09d83566549279d68886d8258f79c Mon Sep 17 00:00:00 2001
From: nerdopolis <rbos@rbos>
Date: Thu, 30 Sep 2021 08:51:18 -0400
Subject: [PATCH] xf86: Accept devices with the 'simpledrm' driver.
SimpleDRM 'devices' are a fallback device, and do not have a busid
so they are getting skipped. This will allow simpledrm to work
with the modesetting driver
---
hw/xfree86/common/xf86platformBus.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/xfree86/common/xf86platformBus.c b/hw/xfree86/common/xf86platformBus.c
index 0e0a995ac..45028f7a6 100644
--- a/hw/xfree86/common/xf86platformBus.c
+++ b/hw/xfree86/common/xf86platformBus.c
@@ -557,8 +557,13 @@ xf86platformProbeDev(DriverPtr drvp)
}
else {
/* for non-seat0 servers assume first device is the master */
- if (ServerIsNotSeat0())
+ if (ServerIsNotSeat0()) {
break;
+ } else {
+ /* Accept the device if the driver is simpledrm */
+ if (strcmp(xf86_platform_devices[j].attribs->driver, "simpledrm") == 0)
+ break;
+ }
if (xf86IsPrimaryPlatform(&xf86_platform_devices[j]))
break;
--
2.35.1

0
SOURCES/0001-xf86-dri2-Use-va_gl-as-vdpau_driver-for-Intel-i965-G.patch → 0001-xf86-dri2-Use-va_gl-as-vdpau_driver-for-Intel-i965-G.patch
View File

0
SOURCES/0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch → 0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch
View File

0
SOURCES/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch → 0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
View File

0
SOURCES/0001-xkb-proof-GetCountedString-against-request-length-at.patch → 0001-xkb-proof-GetCountedString-against-request-length-at.patch
View File

11
SOURCES/0001-xkb-switch-to-array-index-loops-to-moving-pointers.patch → 0001-xkb-switch-to-array-index-loops-to-moving-pointers.patch
View File

@ -1,4 +1,4 @@
From c9b379ec5a1a34692af06056925bd0fc5f809713 Mon Sep 17 00:00:00 2001
From f1070c01d616c5f21f939d5ebc533738779451ac Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 5 Jul 2022 12:40:47 +1000
Subject: [PATCH xserver 1/3] xkb: switch to array index loops to moving
@ -11,16 +11,15 @@ No functional changes.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit f1070c01d616c5f21f939d5ebc533738779451ac)
---
xkb/xkb.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index d056c698c..684394d77 100644
index a29262c24..64e52611e 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -5372,16 +5372,16 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5368,16 +5368,16 @@ _CheckSetSections(XkbGeometryPtr geom,
row->left = rWire->left;
row->vertical = rWire->vertical;
kWire = (xkbKeyWireDesc *) &rWire[1];
@ -42,7 +41,7 @@ index d056c698c..684394d77 100644
if (key->shape_ndx >= geom->num_shapes) {
client->errorValue = _XkbErrCode3(0x10, key->shape_ndx,
geom->num_shapes);
@@ -5393,7 +5393,7 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5389,7 +5389,7 @@ _CheckSetSections(XkbGeometryPtr geom,
return BadMatch;
}
}
@ -51,7 +50,7 @@ index d056c698c..684394d77 100644
}
wire = (char *) rWire;
if (sWire->nDoodads > 0) {
@@ -5458,16 +5458,16 @@ _CheckSetShapes(XkbGeometryPtr geom,
@@ -5454,16 +5454,16 @@ _CheckSetShapes(XkbGeometryPtr geom,
return BadAlloc;
ol->corner_radius = olWire->cornerRadius;
ptWire = (xkbPointWireDesc *) &olWire[1];

0
SOURCES/0002-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch → 0002-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
View File

0
SOURCES/0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch → 0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
View File

0
SOURCES/0002-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch → 0002-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
View File

0
SOURCES/0002-mi-reset-the-PointerWindows-reference-on-screen-swit.patch → 0002-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
View File

27
SOURCES/0002-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch → 0002-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
View File

@ -1,4 +1,4 @@
From 45a0af83129eb7dc244c5118360afc1972a686c7 Mon Sep 17 00:00:00 2001
From dd8caf39e9e15d8f302e54045dd08d8ebf1025dc Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 5 Jul 2022 09:50:41 +1000
Subject: [PATCH xserver 2/3] xkb: swap XkbSetDeviceInfo and
@ -32,16 +32,15 @@ Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Introduced in c06e27b2f6fd9f7b9f827623a48876a225264132
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit dd8caf39e9e15d8f302e54045dd08d8ebf1025dc)
---
xkb/xkb.c | 46 +++++++++++++++++++++++++---------------------
1 file changed, 25 insertions(+), 21 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 684394d77..36464a770 100644
index 64e52611e..34b2c290b 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -6554,7 +6554,8 @@ ProcXkbGetDeviceInfo(ClientPtr client)
@@ -6550,7 +6550,8 @@ ProcXkbGetDeviceInfo(ClientPtr client)
static char *
CheckSetDeviceIndicators(char *wire,
DeviceIntPtr dev,
@ -51,7 +50,7 @@ index 684394d77..36464a770 100644
{
xkbDeviceLedsWireDesc *ledWire;
int i;
@@ -6562,6 +6563,11 @@ CheckSetDeviceIndicators(char *wire,
@@ -6558,6 +6559,11 @@ CheckSetDeviceIndicators(char *wire,
ledWire = (xkbDeviceLedsWireDesc *) wire;
for (i = 0; i < num; i++) {
@ -63,7 +62,7 @@ index 684394d77..36464a770 100644
if (client->swapped) {
swaps(&ledWire->ledClass);
swaps(&ledWire->ledID);
@@ -6589,6 +6595,11 @@ CheckSetDeviceIndicators(char *wire,
@@ -6585,6 +6591,11 @@ CheckSetDeviceIndicators(char *wire,
atomWire = (CARD32 *) &ledWire[1];
if (nNames > 0) {
for (n = 0; n < nNames; n++) {
@ -75,7 +74,7 @@ index 684394d77..36464a770 100644
if (client->swapped) {
swapl(atomWire);
}
@@ -6600,6 +6611,10 @@ CheckSetDeviceIndicators(char *wire,
@@ -6596,6 +6607,10 @@ CheckSetDeviceIndicators(char *wire,
mapWire = (xkbIndicatorMapWireDesc *) atomWire;
if (nMaps > 0) {
for (n = 0; n < nMaps; n++) {
@ -86,7 +85,7 @@ index 684394d77..36464a770 100644
if (client->swapped) {
swaps(&mapWire->virtualMods);
swapl(&mapWire->ctrls);
@@ -6651,11 +6666,6 @@ SetDeviceIndicators(char *wire,
@@ -6647,11 +6662,6 @@ SetDeviceIndicators(char *wire,
xkbIndicatorMapWireDesc *mapWire;
XkbSrvLedInfoPtr sli;
@ -98,7 +97,7 @@ index 684394d77..36464a770 100644
namec = mapc = statec = 0;
sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID,
XkbXI_IndicatorMapsMask);
@@ -6674,10 +6684,6 @@ SetDeviceIndicators(char *wire,
@@ -6670,10 +6680,6 @@ SetDeviceIndicators(char *wire,
memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom));
for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
if (ledWire->namesPresent & bit) {
@ -109,7 +108,7 @@ index 684394d77..36464a770 100644
sli->names[n] = (Atom) *atomWire;
if (sli->names[n] == None)
ledWire->namesPresent &= ~bit;
@@ -6695,10 +6701,6 @@ SetDeviceIndicators(char *wire,
@@ -6691,10 +6697,6 @@ SetDeviceIndicators(char *wire,
if (ledWire->mapsPresent) {
for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) {
if (ledWire->mapsPresent & bit) {
@ -120,7 +119,7 @@ index 684394d77..36464a770 100644
sli->maps[n].flags = mapWire->flags;
sli->maps[n].which_groups = mapWire->whichGroups;
sli->maps[n].groups = mapWire->groups;
@@ -6734,13 +6736,17 @@ SetDeviceIndicators(char *wire,
@@ -6730,13 +6732,17 @@ SetDeviceIndicators(char *wire,
}
static int
@ -139,7 +138,7 @@ index 684394d77..36464a770 100644
if (!dev->button) {
client->errorValue = _XkbErrCode2(XkbErr_BadClass, ButtonClass);
return XkbKeyboardErrorCode;
@@ -6751,13 +6757,13 @@ _XkbSetDeviceInfo(ClientPtr client, DeviceIntPtr dev,
@@ -6747,13 +6753,13 @@ _XkbSetDeviceInfo(ClientPtr client, DeviceIntPtr dev,
dev->button->numButtons);
return BadMatch;
}
@ -155,7 +154,7 @@ index 684394d77..36464a770 100644
if (status != Success)
return status;
}
@@ -6768,8 +6774,8 @@ _XkbSetDeviceInfo(ClientPtr client, DeviceIntPtr dev,
@@ -6764,8 +6770,8 @@ _XkbSetDeviceInfo(ClientPtr client, DeviceIntPtr dev,
}
static int
@ -166,7 +165,7 @@ index 684394d77..36464a770 100644
{
char *wire;
xkbExtensionDeviceNotify ed;
@@ -6793,8 +6799,6 @@ _XkbSetDeviceInfoCheck(ClientPtr client, DeviceIntPtr dev,
@@ -6789,8 +6795,6 @@ _XkbSetDeviceInfoCheck(ClientPtr client, DeviceIntPtr dev,
if (stuff->firstBtn + stuff->nBtns > nBtns)
return BadValue;
sz = stuff->nBtns * SIZEOF(xkbActionWireDesc);

0
SOURCES/0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch → 0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
View File

0
SOURCES/0003-Xquartz-ProcAppleDRICreatePixmap-needs-to-use-unswap.patch → 0003-Xquartz-ProcAppleDRICreatePixmap-needs-to-use-unswap.patch
View File

0
SOURCES/0003-dix-fix-DeviceStateNotify-event-calculation.patch → 0003-dix-fix-DeviceStateNotify-event-calculation.patch
View File

33
SOURCES/0003-xkb-add-request-length-validation-for-XkbSetGeometry.patch → 0003-xkb-add-request-length-validation-for-XkbSetGeometry.patch
View File

@ -1,4 +1,4 @@
From bd134231e282d9eb126b6fdaa40bb383180fa72b Mon Sep 17 00:00:00 2001
From 6907b6ea2b4ce949cb07271f5b678d5966d9df42 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 5 Jul 2022 11:11:06 +1000
Subject: [PATCH xserver 3/3] xkb: add request length validation for
@ -17,16 +17,15 @@ This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 6907b6ea2b4ce949cb07271f5b678d5966d9df42)
---
xkb/xkb.c | 43 ++++++++++++++++++++++++++++++++++++++-----
1 file changed, 38 insertions(+), 5 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 36464a770..27d19793e 100644
index 34b2c290b..4692895db 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -5160,7 +5160,7 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
@@ -5156,7 +5156,7 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
}
static Status
@ -35,7 +34,7 @@ index 36464a770..27d19793e 100644
XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client)
{
char *wire;
@@ -5171,6 +5171,9 @@ _CheckSetDoodad(char **wire_inout,
@@ -5167,6 +5167,9 @@ _CheckSetDoodad(char **wire_inout,
Status status;
dWire = (xkbDoodadWireDesc *) (*wire_inout);
@ -45,7 +44,7 @@ index 36464a770..27d19793e 100644
any = dWire->any;
wire = (char *) &dWire[1];
if (client->swapped) {
@@ -5273,7 +5276,7 @@ _CheckSetDoodad(char **wire_inout,
@@ -5269,7 +5272,7 @@ _CheckSetDoodad(char **wire_inout,
}
static Status
@ -54,7 +53,7 @@ index 36464a770..27d19793e 100644
XkbGeometryPtr geom, XkbSectionPtr section, ClientPtr client)
{
register int r;
@@ -5284,6 +5287,9 @@ _CheckSetOverlay(char **wire_inout,
@@ -5280,6 +5283,9 @@ _CheckSetOverlay(char **wire_inout,
wire = *wire_inout;
olWire = (xkbOverlayWireDesc *) wire;
@ -64,7 +63,7 @@ index 36464a770..27d19793e 100644
if (client->swapped) {
swapl(&olWire->name);
}
@@ -5295,6 +5301,9 @@ _CheckSetOverlay(char **wire_inout,
@@ -5291,6 +5297,9 @@ _CheckSetOverlay(char **wire_inout,
xkbOverlayKeyWireDesc *kWire;
XkbOverlayRowPtr row;
@ -74,7 +73,7 @@ index 36464a770..27d19793e 100644
if (rWire->rowUnder > section->num_rows) {
client->errorValue = _XkbErrCode4(0x20, r, section->num_rows,
rWire->rowUnder);
@@ -5303,6 +5312,9 @@ _CheckSetOverlay(char **wire_inout,
@@ -5299,6 +5308,9 @@ _CheckSetOverlay(char **wire_inout,
row = XkbAddGeomOverlayRow(ol, rWire->rowUnder, rWire->nKeys);
kWire = (xkbOverlayKeyWireDesc *) &rWire[1];
for (k = 0; k < rWire->nKeys; k++, kWire++) {
@ -84,7 +83,7 @@ index 36464a770..27d19793e 100644
if (XkbAddGeomOverlayKey(ol, row,
(char *) kWire->over,
(char *) kWire->under) == NULL) {
@@ -5336,6 +5348,9 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5332,6 +5344,9 @@ _CheckSetSections(XkbGeometryPtr geom,
register int r;
xkbRowWireDesc *rWire;
@ -94,7 +93,7 @@ index 36464a770..27d19793e 100644
if (client->swapped) {
swapl(&sWire->name);
swaps(&sWire->top);
@@ -5361,6 +5376,9 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5357,6 +5372,9 @@ _CheckSetSections(XkbGeometryPtr geom,
XkbRowPtr row;
xkbKeyWireDesc *kWire;
@ -104,7 +103,7 @@ index 36464a770..27d19793e 100644
if (client->swapped) {
swaps(&rWire->top);
swaps(&rWire->left);
@@ -5375,6 +5393,9 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5371,6 +5389,9 @@ _CheckSetSections(XkbGeometryPtr geom,
for (k = 0; k < rWire->nKeys; k++, kWire++) {
XkbKeyPtr key;
@ -114,7 +113,7 @@ index 36464a770..27d19793e 100644
key = XkbAddGeomKey(row);
if (!key)
return BadAlloc;
@@ -5400,7 +5421,7 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5396,7 +5417,7 @@ _CheckSetSections(XkbGeometryPtr geom,
register int d;
for (d = 0; d < sWire->nDoodads; d++) {
@ -123,7 +122,7 @@ index 36464a770..27d19793e 100644
if (status != Success)
return status;
}
@@ -5409,7 +5430,7 @@ _CheckSetSections(XkbGeometryPtr geom,
@@ -5405,7 +5426,7 @@ _CheckSetSections(XkbGeometryPtr geom,
register int o;
for (o = 0; o < sWire->nOverlays; o++) {
@ -132,7 +131,7 @@ index 36464a770..27d19793e 100644
if (status != Success)
return status;
}
@@ -5443,6 +5464,9 @@ _CheckSetShapes(XkbGeometryPtr geom,
@@ -5439,6 +5460,9 @@ _CheckSetShapes(XkbGeometryPtr geom,
xkbOutlineWireDesc *olWire;
XkbOutlinePtr ol;
@ -142,7 +141,7 @@ index 36464a770..27d19793e 100644
shape =
XkbAddGeomShape(geom, shapeWire->name, shapeWire->nOutlines);
if (!shape)
@@ -5453,12 +5477,18 @@ _CheckSetShapes(XkbGeometryPtr geom,
@@ -5449,12 +5473,18 @@ _CheckSetShapes(XkbGeometryPtr geom,
XkbPointPtr pt;
xkbPointWireDesc *ptWire;
@ -161,7 +160,7 @@ index 36464a770..27d19793e 100644
pt->x = ptWire->x;
pt->y = ptWire->y;
if (client->swapped) {
@@ -5564,12 +5594,15 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
@@ -5560,12 +5590,15 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
return status;
for (i = 0; i < req->nDoodads; i++) {

27
SOURCES/0004-Xi-disallow-passive-grabs-with-a-detail-255.patch → 0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
View File

@ -27,14 +27,14 @@ Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
---
Xi/xipassivegrab.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
Xi/xipassivegrab.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
index 65d5870f6f..89a591098a 100644
index 2769fb7c94..c9ac2f8553 100644
--- a/Xi/xipassivegrab.c
+++ b/Xi/xipassivegrab.c
@@ -133,6 +133,12 @@ ProcXIPassiveGrabDevice(ClientPtr client)
@@ -137,6 +137,12 @@ ProcXIPassiveGrabDevice(ClientPtr client)
return BadValue;
}
@ -47,7 +47,24 @@ index 65d5870f6f..89a591098a 100644
if (XICheckInvalidMaskBits(client, (unsigned char *) &stuff[1],
stuff->mask_len * 4) != Success)
return BadValue;
@@ -313,6 +319,12 @@ ProcXIPassiveUngrabDevice(ClientPtr client)
@@ -207,14 +213,8 @@ ProcXIPassiveGrabDevice(ClientPtr client)
&param, XI2, &mask);
break;
case XIGrabtypeKeycode:
- /* XI2 allows 32-bit keycodes but thanks to XKB we can never
- * implement this. Just return an error for all keycodes that
- * cannot work anyway */
- if (stuff->detail > 255)
- status = XIAlreadyGrabbed;
- else
- status = GrabKey(client, dev, mod_dev, stuff->detail,
- &param, XI2, &mask);
+ status = GrabKey(client, dev, mod_dev, stuff->detail,
+ &param, XI2, &mask);
break;
case XIGrabtypeEnter:
case XIGrabtypeFocusIn:
@@ -334,6 +334,12 @@ ProcXIPassiveUngrabDevice(ClientPtr client)
return BadValue;
}

0
SOURCES/0004-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch → 0004-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
View File

0
SOURCES/0004-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch → 0004-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
View File

0
SOURCES/0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch → 0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
View File

0
SOURCES/0005-Xi-flush-hierarchy-events-after-adding-removing-mast.patch → 0005-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
View File

0
SOURCES/0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch → 0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
View File

0
SOURCES/0006-Xi-do-not-keep-linked-list-pointer-during-recursion.patch → 0006-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
View File

0
SOURCES/0007-dix-when-disabling-a-master-float-disabled-slaved-de.patch → 0007-dix-when-disabling-a-master-float-disabled-slaved-de.patch
View File

0
SOURCES/0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch → 0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
View File

0
SOURCES/0008-Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch → 0008-Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
View File

0
SOURCES/0008-glx-Call-XACE-hooks-on-the-GLX-buffer.patch → 0008-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
View File

0
SOURCES/0009-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch → 0009-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
View File

0
SOURCES/06_use-intel-only-on-pre-gen4.diff → 06_use-intel-only-on-pre-gen4.diff
View File

30
Makefile Normal file
View File

@ -0,0 +1,30 @@
# Makefile for source rpm: xorg-x11-server
# $Id$
NAME := xorg-x11-server
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attempt a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)
ifeq ($(MAKECMDGOALS),me a sandwich)
.PHONY :: me a sandwich
me a:
@:
sandwich:
@[ `id -u` -ne 0 ] && echo "What? Make it yourself." || echo Okay.
endif

37
SOURCES/0001-Always-install-vbe-and-int10-sdk-headers.patch
View File

@ -1,37 +0,0 @@
From e96a83d9b1b5a52a41213c7a4840dc96b4f5b06f Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 15 Aug 2012 12:35:21 -0400
Subject: [PATCH] Always install vbe and int10 sdk headers
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
hw/xfree86/Makefile.am | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
index b876b79..a170b58 100644
--- a/hw/xfree86/Makefile.am
+++ b/hw/xfree86/Makefile.am
@@ -26,17 +26,9 @@ if VGAHW
VGAHW_SUBDIR = vgahw
endif
-if VBE
-VBE_SUBDIR = vbe
-endif
-
-if INT10MODULE
-INT10_SUBDIR = int10
-endif
-
-SUBDIRS = common ddc x86emu $(INT10_SUBDIR) os-support parser \
+SUBDIRS = common ddc x86emu int10 os-support parser \
ramdac $(VGAHW_SUBDIR) loader modes $(DRI_SUBDIR) \
- $(DRI2_SUBDIR) . $(VBE_SUBDIR) i2c dixmods xkb \
+ $(DRI2_SUBDIR) . vbe i2c dixmods xkb \
fbdevhw shadowfb exa $(XF86UTILS_SUBDIR) doc man \
$(GLAMOR_EGL_SUBDIR) drivers
--
2.13.6

41
SOURCES/0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch
View File

@ -1,41 +0,0 @@
From 38ae53c94a88c7bd5877c72a12582b60865e07ff Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Thu, 17 Apr 2014 15:50:44 +0200
Subject: [PATCH] Fedora hack: Make the suid-root wrapper start the server with
root rights
Do NOT upstream.
Since most display managers are not ready yet to start Xorg in way which will
keep it working without root-rights, see:
https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights
Just keep starting X as root for now, but do it through the wrapper, by
overriding the needs_root_rights = -1 (auto) default and setting it to 1.
We set a special environment variable when starting X in a way where root
rights are not needed (from gdm and startx) and keep the upstream
needs_root_rights = -1 (auto) default in that case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
hw/xfree86/xorg-wrapper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c
index 4c37cfc..ae5d27f 100644
--- a/hw/xfree86/xorg-wrapper.c
+++ b/hw/xfree86/xorg-wrapper.c
@@ -198,6 +198,9 @@ int main(int argc, char *argv[])
int needs_root_rights = -1;
char *const empty_envp[1] = { NULL, };
+ if (getenv("XORG_RUN_AS_USER_OK") == NULL)
+ needs_root_rights = 1;
+
progname = argv[0];
parse_config(&allowed, &needs_root_rights);
--
2.4.3

31
SOURCES/0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch
View File

@ -1,31 +0,0 @@
From e50c85f4ebf559a3bac4817b41074c43d4691779 Mon Sep 17 00:00:00 2001
From: Eric Anholt <eric@anholt.net>
Date: Fri, 26 Oct 2018 17:47:30 -0700
Subject: [PATCH xserver] Fix segfault on probing a non-PCI platform device on
a system with PCI.
Some Broadcom set-top-box boards have PCI busses, but the GPU is still
probed through DT. We would dereference a null busid here in that
case.
Signed-off-by: Eric Anholt <eric@anholt.net>
---
hw/xfree86/common/xf86platformBus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xfree86/common/xf86platformBus.c b/hw/xfree86/common/xf86platformBus.c
index cef47da03..dadbac6c8 100644
--- a/hw/xfree86/common/xf86platformBus.c
+++ b/hw/xfree86/common/xf86platformBus.c
@@ -289,7 +289,7 @@ xf86platformProbe(void)
for (i = 0; i < xf86_num_platform_devices; i++) {
char *busid = xf86_platform_odev_attributes(i)->busid;
- if (pci && (strncmp(busid, "pci:", 4) == 0)) {
+ if (pci && busid && (strncmp(busid, "pci:", 4) == 0)) {
platform_find_pci_info(&xf86_platform_devices[i], busid);
}
--
2.14.4

45
SOURCES/0001-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapped-le.patch
View File

@ -1,45 +0,0 @@
From 96798fc1967491c80a4d0c8d9e0a80586cb2152b Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri, 22 Mar 2024 18:51:45 -0700
Subject: [PATCH 1/4] Xi: ProcXIGetSelectedEvents needs to use unswapped length
to send reply
CVE-2024-31080
Reported-by: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762
Fixes: 53e821ab4 ("Xi: add request processing for XIGetSelectedEvents.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
---
Xi/xiselectev.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c
index edcb8a0d3..ac1494987 100644
--- a/Xi/xiselectev.c
+++ b/Xi/xiselectev.c
@@ -349,6 +349,7 @@ ProcXIGetSelectedEvents(ClientPtr client)
InputClientsPtr others = NULL;
xXIEventMask *evmask = NULL;
DeviceIntPtr dev;
+ uint32_t length;
REQUEST(xXIGetSelectedEventsReq);
REQUEST_SIZE_MATCH(xXIGetSelectedEventsReq);
@@ -418,10 +419,12 @@ ProcXIGetSelectedEvents(ClientPtr client)
}
}
+ /* save the value before SRepXIGetSelectedEvents swaps it */
+ length = reply.length;
WriteReplyToClient(client, sizeof(xXIGetSelectedEventsReply), &reply);
if (reply.num_masks)
- WriteToClient(client, reply.length * 4, buffer);
+ WriteToClient(client, length * 4, buffer);
free(buffer);
return Success;
--
2.44.0

77
SOURCES/0001-Xi-allocate-enough-XkbActions-for-our-buttons.patch
View File

@ -1,77 +0,0 @@
From a7bda3080d2b44eae668cdcec7a93095385b9652 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 28 Nov 2023 15:19:04 +1000
Subject: [PATCH xserver] Xi: allocate enough XkbActions for our buttons
button->xkb_acts is supposed to be an array sufficiently large for all
our buttons, not just a single XkbActions struct. Allocating
insufficient memory here means when we memcpy() later in
XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
leading to the usual security ooopsiedaisies.
CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
(cherry picked from commit 0c1a93d319558fe3ab2d94f51d174b4f93810afd)
---
Xi/exevents.c | 12 ++++++------
dix/devices.c | 10 ++++++++++
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/Xi/exevents.c b/Xi/exevents.c
index dcd4efb3bc..54ea11a938 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
}
if (from->button->xkb_acts) {
- if (!to->button->xkb_acts) {
- to->button->xkb_acts = calloc(1, sizeof(XkbAction));
- if (!to->button->xkb_acts)
- FatalError("[Xi] not enough memory for xkb_acts.\n");
- }
+ size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
+ to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
+ maxbuttons,
+ sizeof(XkbAction));
+ memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
memcpy(to->button->xkb_acts, from->button->xkb_acts,
- sizeof(XkbAction));
+ from->button->numButtons * sizeof(XkbAction));
}
else {
free(to->button->xkb_acts);
diff --git a/dix/devices.c b/dix/devices.c
index 5bf956ead4..15e46a9a5f 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2525,6 +2525,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
if (master->button && master->button->numButtons != maxbuttons) {
int i;
+ int last_num_buttons = master->button->numButtons;
+
DeviceChangedEvent event = {
.header = ET_Internal,
.type = ET_DeviceChanged,
@@ -2535,6 +2537,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
};
master->button->numButtons = maxbuttons;
+ if (last_num_buttons < maxbuttons) {
+ master->button->xkb_acts = xnfreallocarray(master->button->xkb_acts,
+ maxbuttons,
+ sizeof(XkbAction));
+ memset(&master->button->xkb_acts[last_num_buttons],
+ 0,
+ (maxbuttons - last_num_buttons) * sizeof(XkbAction));
+ }
memcpy(&event.buttons.names, master->button->labels, maxbuttons *
sizeof(Atom));
--
2.43.0

35
SOURCES/0001-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
View File

@ -1,35 +0,0 @@
From 7150ba655c0cc08fa6ded309b81265bb672f2869 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 25 Jan 2023 11:41:40 +1000
Subject: [PATCH xserver] Xi: fix potential use-after-free in
DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN 19596
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xi/exevents.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/Xi/exevents.c b/Xi/exevents.c
index 217baa9561..dcd4efb3bc 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
memcpy(to->button->xkb_acts, from->button->xkb_acts,
sizeof(XkbAction));
}
- else
+ else {
free(to->button->xkb_acts);
+ to->button->xkb_acts = NULL;
+ }
memcpy(to->button->labels, from->button->labels,
from->button->numButtons * sizeof(Atom));
--
2.39.0

80
SOURCES/0001-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
View File

@ -1,80 +0,0 @@
From a31ba141824a7649e11f0ef7673718ce559d6337 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 3 Oct 2023 11:53:05 +1000
Subject: [PATCH xserver 1/4] Xi/randr: fix handling of PropModeAppend/Prepend
The handling of appending/prepending properties was incorrect, with at
least two bugs: the property length was set to the length of the new
part only, i.e. appending or prepending N elements to a property with P
existing elements always resulted in the property having N elements
instead of N + P.
Second, when pre-pending a value to a property, the offset for the old
values was incorrect, leaving the new property with potentially
uninitalized values and/or resulting in OOB memory writes.
For example, prepending a 3 element value to a 5 element property would
result in this 8 value array:
[N, N, N, ?, ?, P, P, P ] P, P
^OOB write
The XI2 code is a copy/paste of the RandR code, so the bug exists in
both.
CVE-2023-5367, ZDI-CAN-22153
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
Xi/xiproperty.c | 4 ++--
randr/rrproperty.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
index 6ec419e870..563c4f31a5 100644
--- a/Xi/xiproperty.c
+++ b/Xi/xiproperty.c
@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
XIDestroyDeviceProperty(prop);
return BadAlloc;
}
- new_value.size = len;
+ new_value.size = total_len;
new_value.type = type;
new_value.format = format;
@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
case PropModePrepend:
new_data = new_value.data;
old_data = (void *) (((char *) new_value.data) +
- (prop_value->size * size_in_bytes));
+ (len * size_in_bytes));
break;
}
if (new_data)
diff --git a/randr/rrproperty.c b/randr/rrproperty.c
index c2fb9585c6..25469f57b2 100644
--- a/randr/rrproperty.c
+++ b/randr/rrproperty.c
@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
RRDestroyOutputProperty(prop);
return BadAlloc;
}
- new_value.size = len;
+ new_value.size = total_len;
new_value.type = type;
new_value.format = format;
@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
case PropModePrepend:
new_data = new_value.data;
old_data = (void *) (((char *) new_value.data) +
- (prop_value->size * size_in_bytes));
+ (len * size_in_bytes));
break;
}
if (new_data)
--
2.41.0

52
SOURCES/0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
View File

@ -1,52 +0,0 @@
From 8dba686dc277d6d262ad0c77b4632a5b276697ba Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 29 Nov 2022 12:55:45 +1000
Subject: [PATCH xserver 1/7] Xtest: disallow GenericEvents in
XTestSwapFakeInput
XTestSwapFakeInput assumes all events in this request are
sizeof(xEvent) and iterates through these in 32-byte increments.
However, a GenericEvent may be of arbitrary length longer than 32 bytes,
so any GenericEvent in this list would result in subsequent events to be
misparsed.
Additional, the swapped event is written into a stack-allocated struct
xEvent (size 32 bytes). For any GenericEvent longer than 32 bytes,
swapping the event may thus smash the stack like an avocado on toast.
Catch this case early and return BadValue for any GenericEvent.
Which is what would happen in unswapped setups anyway since XTest
doesn't support GenericEvent.
CVE-2022-46340, ZDI-CAN 19265
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
---
Xext/xtest.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Xext/xtest.c b/Xext/xtest.c
index bf27eb590b..2985a4ce6e 100644
--- a/Xext/xtest.c
+++ b/Xext/xtest.c
@@ -502,10 +502,11 @@ XTestSwapFakeInput(ClientPtr client, xReq * req)
nev = ((req->length << 2) - sizeof(xReq)) / sizeof(xEvent);
for (ev = (xEvent *) &req[1]; --nev >= 0; ev++) {
+ int evtype = ev->u.u.type & 0x177;
/* Swap event */
- proc = EventSwapVector[ev->u.u.type & 0177];
+ proc = EventSwapVector[evtype];
/* no swapping proc; invalid event type? */
- if (!proc || proc == NotImplemented) {
+ if (!proc || proc == NotImplemented || evtype == GenericEvent) {
client->errorValue = ev->u.u.type;
return BadValue;
}
--
2.38.1

293
SOURCES/0001-autobind-GPUs-to-the-screen.patch
View File

@ -1,293 +0,0 @@
From 471289fa1dc359555ceed6302f7d9605ab6be3ea Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Mon, 2 Apr 2018 16:49:02 -0400
Subject: [PATCH] autobind GPUs to the screen
This is a modified version of a patch we've been carry-ing in Fedora and
RHEL for years now. This patch automatically adds secondary GPUs to the
master as output sink / offload source making e.g. the use of
slave-outputs just work, with requiring the user to manually run
"xrandr --setprovideroutputsource" before he can hookup an external
monitor to his hybrid graphics laptop.
There is one problem with this patch, which is why it was not upstreamed
before. What to do when a secondary GPU gets detected really is a policy
decission (e.g. one may want to autobind PCI GPUs but not USB ones) and
as such should be under control of the Desktop Environment.
Unconditionally adding autobinding support to the xserver will result
in races between the DE dealing with the hotplug of a secondary GPU
and the server itself dealing with it.
However we've waited for years for any Desktop Environments to actually
start doing some sort of autoconfiguration of secondary GPUs and there
is still not a single DE dealing with this, so I believe that it is
time to upstream this now.
To avoid potential future problems if any DEs get support for doing
secondary GPU configuration themselves, the new autobind functionality
is made optional. Since no DEs currently support doing this themselves it
is enabled by default. When DEs grow support for doing this themselves
they can disable the servers autobinding through the servers cmdline or a
xorg.conf snippet.
Signed-off-by: Dave Airlie <airlied@gmail.com>
[hdegoede@redhat.com: Make configurable, fix with nvidia, submit upstream]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
hw/xfree86/common/xf86Config.c | 19 +++++++++++++++++++
hw/xfree86/common/xf86Globals.c | 2 ++
hw/xfree86/common/xf86Init.c | 20 ++++++++++++++++++++
hw/xfree86/common/xf86Priv.h | 1 +
hw/xfree86/common/xf86Privstr.h | 1 +
hw/xfree86/common/xf86platformBus.c | 4 ++++
hw/xfree86/man/Xorg.man | 7 +++++++
hw/xfree86/man/xorg.conf.man | 6 ++++++
randr/randrstr.h | 3 +++
randr/rrprovider.c | 22 ++++++++++++++++++++++
10 files changed, 85 insertions(+)
diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index 2c1d335..d7d7c2e 100644
--- a/hw/xfree86/common/xf86Config.c
+++ b/hw/xfree86/common/xf86Config.c
@@ -643,6 +643,7 @@ typedef enum {
FLAG_DRI2,
FLAG_USE_SIGIO,
FLAG_AUTO_ADD_GPU,
+ FLAG_AUTO_BIND_GPU,
FLAG_MAX_CLIENTS,
FLAG_IGLX,
FLAG_DEBUG,
@@ -699,6 +700,8 @@ static OptionInfoRec FlagOptions[] = {
{0}, FALSE},
{FLAG_AUTO_ADD_GPU, "AutoAddGPU", OPTV_BOOLEAN,
{0}, FALSE},
+ {FLAG_AUTO_BIND_GPU, "AutoBindGPU", OPTV_BOOLEAN,
+ {0}, FALSE},
{FLAG_MAX_CLIENTS, "MaxClients", OPTV_INTEGER,
{0}, FALSE },
{FLAG_IGLX, "IndirectGLX", OPTV_BOOLEAN,
@@ -779,6 +782,22 @@ configServerFlags(XF86ConfFlagsPtr flagsconf, XF86OptionPtr layoutopts)
}
xf86Msg(from, "%sutomatically adding GPU devices\n",
xf86Info.autoAddGPU ? "A" : "Not a");
+
+ if (xf86AutoBindGPUDisabled) {
+ xf86Info.autoBindGPU = FALSE;
+ from = X_CMDLINE;
+ }
+ else if (xf86IsOptionSet(FlagOptions, FLAG_AUTO_BIND_GPU)) {
+ xf86GetOptValBool(FlagOptions, FLAG_AUTO_BIND_GPU,
+ &xf86Info.autoBindGPU);
+ from = X_CONFIG;
+ }
+ else {
+ from = X_DEFAULT;
+ }
+ xf86Msg(from, "%sutomatically binding GPU devices\n",
+ xf86Info.autoBindGPU ? "A" : "Not a");
+
/*
* Set things up based on the config file information. Some of these
* settings may be overridden later when the command line options are
diff --git a/hw/xfree86/common/xf86Globals.c b/hw/xfree86/common/xf86Globals.c
index e890f05..7b27b4c 100644
--- a/hw/xfree86/common/xf86Globals.c
+++ b/hw/xfree86/common/xf86Globals.c
@@ -131,6 +131,7 @@ xf86InfoRec xf86Info = {
#else
.autoAddGPU = FALSE,
#endif
+ .autoBindGPU = TRUE,
};
const char *xf86ConfigFile = NULL;
@@ -191,6 +192,7 @@ Bool xf86FlipPixels = FALSE;
Gamma xf86Gamma = { 0.0, 0.0, 0.0 };
Bool xf86AllowMouseOpenFail = FALSE;
+Bool xf86AutoBindGPUDisabled = FALSE;
#ifdef XF86VIDMODE
Bool xf86VidModeDisabled = FALSE;
diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
index ea42ec9..ec255b6 100644
--- a/hw/xfree86/common/xf86Init.c
+++ b/hw/xfree86/common/xf86Init.c
@@ -76,6 +76,7 @@
#include "xf86DDC.h"
#include "xf86Xinput.h"
#include "xf86InPriv.h"
+#include "xf86Crtc.h"
#include "picturestr.h"
#include "randrstr.h"
#include "glxvndabi.h"
@@ -237,6 +238,19 @@ xf86PrivsElevated(void)
return PrivsElevated();
}
+static void
+xf86AutoConfigOutputDevices(void)
+{
+ int i;
+
+ if (!xf86Info.autoBindGPU)
+ return;
+
+ for (i = 0; i < xf86NumGPUScreens; i++)
+ RRProviderAutoConfigGpuScreen(xf86ScrnToScreen(xf86GPUScreens[i]),
+ xf86ScrnToScreen(xf86Screens[0]));
+}
+
static void
TrapSignals(void)
{
@@ -770,6 +784,8 @@ InitOutput(ScreenInfo * pScreenInfo, int argc, char **argv)
for (i = 0; i < xf86NumGPUScreens; i++)
AttachUnboundGPU(xf86Screens[0]->pScreen, xf86GPUScreens[i]->pScreen);
+ xf86AutoConfigOutputDevices();
+
xf86VGAarbiterWrapFunctions();
if (sigio_blocked)
input_unlock();
@@ -1278,6 +1294,10 @@ ddxProcessArgument(int argc, char **argv, int i)
xf86Info.iglxFrom = X_CMDLINE;
return 0;
}
+ if (!strcmp(argv[i], "-noautoBindGPU")) {
+ xf86AutoBindGPUDisabled = TRUE;
+ return 1;
+ }
/* OS-specific processing */
return xf86ProcessArgument(argc, argv, i);
diff --git a/hw/xfree86/common/xf86Priv.h b/hw/xfree86/common/xf86Priv.h
index 4fe2b5f..6566622 100644
--- a/hw/xfree86/common/xf86Priv.h
+++ b/hw/xfree86/common/xf86Priv.h
@@ -46,6 +46,7 @@
extern _X_EXPORT const char *xf86ConfigFile;
extern _X_EXPORT const char *xf86ConfigDir;
extern _X_EXPORT Bool xf86AllowMouseOpenFail;
+extern _X_EXPORT Bool xf86AutoBindGPUDisabled;
#ifdef XF86VIDMODE
extern _X_EXPORT Bool xf86VidModeDisabled;
diff --git a/hw/xfree86/common/xf86Privstr.h b/hw/xfree86/common/xf86Privstr.h
index 21c2e1f..6c71863 100644
--- a/hw/xfree86/common/xf86Privstr.h
+++ b/hw/xfree86/common/xf86Privstr.h
@@ -98,6 +98,7 @@ typedef struct {
Bool autoAddGPU;
const char *debug;
+ Bool autoBindGPU;
} xf86InfoRec, *xf86InfoPtr;
/* ISC's cc can't handle ~ of UL constants, so explicitly type cast them. */
diff --git a/hw/xfree86/common/xf86platformBus.c b/hw/xfree86/common/xf86platformBus.c
index cef47da..913a324 100644
--- a/hw/xfree86/common/xf86platformBus.c
+++ b/hw/xfree86/common/xf86platformBus.c
@@ -49,6 +49,7 @@
#include "Pci.h"
#include "xf86platformBus.h"
#include "xf86Config.h"
+#include "xf86Crtc.h"
#include "randrstr.h"
int platformSlotClaimed;
@@ -665,6 +666,9 @@ xf86platformAddDevice(int index)
}
/* attach unbound to 0 protocol screen */
AttachUnboundGPU(xf86Screens[0]->pScreen, xf86GPUScreens[i]->pScreen);
+ if (xf86Info.autoBindGPU)
+ RRProviderAutoConfigGpuScreen(xf86ScrnToScreen(xf86GPUScreens[i]),
+ xf86ScrnToScreen(xf86Screens[0]));
RRResourcesChanged(xf86Screens[0]->pScreen);
RRTellChanged(xf86Screens[0]->pScreen);
diff --git a/hw/xfree86/man/Xorg.man b/hw/xfree86/man/Xorg.man
index 13a9dc3..745f986 100644
--- a/hw/xfree86/man/Xorg.man
+++ b/hw/xfree86/man/Xorg.man
@@ -283,6 +283,13 @@ is a comma separated list of directories to search for
server modules. This option is only available when the server is run
as root (i.e, with real-uid 0).
.TP 8
+.B \-noautoBindGPU
+Disable automatically setting secondary GPUs up as output sinks and offload
+sources. This is equivalent to setting the
+.B AutoBindGPU
+xorg.conf(__filemansuffix__) file option. To
+.B false.
+.TP 8
.B \-nosilk
Disable Silken Mouse support.
.TP 8
diff --git a/hw/xfree86/man/xorg.conf.man b/hw/xfree86/man/xorg.conf.man
index 9589262..8d51e06 100644
--- a/hw/xfree86/man/xorg.conf.man
+++ b/hw/xfree86/man/xorg.conf.man
@@ -672,6 +672,12 @@ Enabled by default.
If this option is disabled, then no GPU devices will be added from the udev
backend. Enabled by default. (May need to be disabled to setup Xinerama).
.TP 7
+.BI "Option \*qAutoBindGPU\*q \*q" boolean \*q
+If enabled then secondary GPUs will be automatically set up as output-sinks and
+offload-sources. Making e.g. laptop outputs connected only to the secondary
+GPU directly available for use without needing to run
+"xrandr --setprovideroutputsource". Enabled by default.
+.TP 7
.BI "Option \*qLog\*q \*q" string \*q
This option controls whether the log is flushed and/or synced to disk after
each message.
diff --git a/randr/randrstr.h b/randr/randrstr.h
index f94174b..092d726 100644
--- a/randr/randrstr.h
+++ b/randr/randrstr.h
@@ -1039,6 +1039,9 @@ RRProviderLookup(XID id, RRProviderPtr *provider_p);
extern _X_EXPORT void
RRDeliverProviderEvent(ClientPtr client, WindowPtr pWin, RRProviderPtr provider);
+extern _X_EXPORT void
+RRProviderAutoConfigGpuScreen(ScreenPtr pScreen, ScreenPtr masterScreen);
+
/* rrproviderproperty.c */
extern _X_EXPORT void
diff --git a/randr/rrprovider.c b/randr/rrprovider.c
index e4bc2bf..e04c18f 100644
--- a/randr/rrprovider.c
+++ b/randr/rrprovider.c
@@ -485,3 +485,25 @@ RRDeliverProviderEvent(ClientPtr client, WindowPtr pWin, RRProviderPtr provider)
WriteEventsToClient(client, 1, (xEvent *) &pe);
}
+
+void
+RRProviderAutoConfigGpuScreen(ScreenPtr pScreen, ScreenPtr masterScreen)
+{
+ rrScrPrivPtr pScrPriv = rrGetScrPriv(pScreen);
+ rrScrPrivPtr masterPriv = rrGetScrPriv(masterScreen);
+ RRProviderPtr provider = pScrPriv->provider;
+ RRProviderPtr master_provider = masterPriv->provider;
+
+ if (!provider || !master_provider)
+ return;
+
+ if ((provider->capabilities & RR_Capability_SinkOutput) &&
+ (master_provider->capabilities & RR_Capability_SourceOutput)) {
+ pScrPriv->rrProviderSetOutputSource(pScreen, provider, master_provider);
+ RRInitPrimeSyncProps(pScreen);
+ }
+
+ if ((provider->capabilities & RR_Capability_SourceOffload) &&
+ (master_provider->capabilities & RR_Capability_SinkOffload))
+ pScrPriv->rrProviderSetOffloadSink(pScreen, provider, master_provider);
+}
--
2.16.2

42
SOURCES/0001-composite-Fix-use-after-free-of-the-COW.patch
View File

@ -1,42 +0,0 @@
From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 13 Mar 2023 11:08:47 +0100
Subject: [PATCH xserver] composite: Fix use-after-free of the COW
ZDI-CAN-19866/CVE-2023-1393
If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.
Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
---
composite/compwindow.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/composite/compwindow.c b/composite/compwindow.c
index 4e2494b86..b30da589e 100644
--- a/composite/compwindow.c
+++ b/composite/compwindow.c
@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
ret = (*pScreen->DestroyWindow) (pWin);
cs->DestroyWindow = pScreen->DestroyWindow;
pScreen->DestroyWindow = compDestroyWindow;
+
+ /* Did we just destroy the overlay window? */
+ if (pWin == cs->pOverlayWin)
+ cs->pOverlayWin = NULL;
+
/* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
return ret;
}
--
2.40.0

77
SOURCES/0001-dix-Fix-use-after-free-in-input-device-shutdown.patch
View File

@ -1,77 +0,0 @@
From 1801fe0ac3926882d47d7e1ad6c0518a2cdffd41 Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Sun, 19 Dec 2021 18:11:07 +0200
Subject: [PATCH] dix: Fix use after free in input device shutdown
This fixes access to freed heap memory via dev->master. E.g. when
running BarrierNotify.ReceivesNotifyEvents/7 test from
xorg-integration-tests:
==24736==ERROR: AddressSanitizer: heap-use-after-free on address
0x619000065020 at pc 0x55c450e2b9cf bp 0x7fffc532fd20 sp 0x7fffc532fd10
READ of size 4 at 0x619000065020 thread T0
#0 0x55c450e2b9ce in GetMaster ../../../dix/devices.c:2722
#1 0x55c450e9d035 in IsFloating ../../../dix/events.c:346
#2 0x55c4513209c6 in GetDeviceUse ../../../Xi/xiquerydevice.c:525
../../../Xi/xichangehierarchy.c:95
#4 0x55c450e3455c in RemoveDevice ../../../dix/devices.c:1204
../../../hw/xfree86/common/xf86Xinput.c:1142
#6 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
#7 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
#8 0x55c450e837ef in dix_main ../../../dix/main.c:302
#9 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
#11 0x55c450d0113d in _start (/usr/lib/xorg/Xorg+0x117713d)
0x619000065020 is located 160 bytes inside of 912-byte region
[0x619000064f80,0x619000065310)
freed by thread T0 here:
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55c450e19f1c in CloseDevice ../../../dix/devices.c:1014
#2 0x55c450e343a4 in RemoveDevice ../../../dix/devices.c:1186
../../../hw/xfree86/common/xf86Xinput.c:1142
#4 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
#5 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
#6 0x55c450e837ef in dix_main ../../../dix/main.c:302
#7 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
previously allocated by thread T0 here:
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
#1 0x55c450e1c57b in AddInputDevice ../../../dix/devices.c:259
#2 0x55c450e34840 in AllocDevicePair ../../../dix/devices.c:2755
#3 0x55c45130318f in add_master ../../../Xi/xichangehierarchy.c:152
../../../Xi/xichangehierarchy.c:465
#5 0x55c4512cb9f5 in ProcIDispatch ../../../Xi/extinit.c:390
#6 0x55c450e6a92b in Dispatch ../../../dix/dispatch.c:551
#7 0x55c450e834b7 in dix_main ../../../dix/main.c:272
#8 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
The problem is caused by dev->master being not reset when disabling the
device, which then causes dangling pointer when the master device itself
is being deleted when exiting whole server.
Note that RecalculateMasterButtons() requires dev->master to be still
valid, so we can reset it only at the end of function.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
---
dix/devices.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/dix/devices.c b/dix/devices.c
index e62c34c55..5f9ce1678 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -520,6 +520,7 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
}
RecalculateMasterButtons(dev);
+ dev->master = NULL;
return TRUE;
}
--
2.43.0

51
SOURCES/0001-dix-allocate-enough-space-for-logical-button-maps.patch
View File

@ -1,51 +0,0 @@
From 9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 14 Dec 2023 11:29:49 +1000
Subject: [PATCH 1/9] dix: allocate enough space for logical button maps
Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for
each logical button currently down. Since buttons can be arbitrarily mapped
to anything up to 255 make sure we have enough bits for the maximum mapping.
CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
---
Xi/xiquerypointer.c | 3 +--
dix/enterleave.c | 5 +++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Xi/xiquerypointer.c b/Xi/xiquerypointer.c
index 5b77b1a44..2b05ac5f3 100644
--- a/Xi/xiquerypointer.c
+++ b/Xi/xiquerypointer.c
@@ -149,8 +149,7 @@ ProcXIQueryPointer(ClientPtr client)
if (pDev->button) {
int i;
- rep.buttons_len =
- bytes_to_int32(bits_to_bytes(pDev->button->numButtons));
+ rep.buttons_len = bytes_to_int32(bits_to_bytes(256)); /* button map up to 255 */
rep.length += rep.buttons_len;
buttons = calloc(rep.buttons_len, 4);
if (!buttons)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 867ec7436..ded8679d7 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -784,8 +784,9 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail,
mouse = IsFloating(dev) ? dev : GetMaster(dev, MASTER_POINTER);
- /* XI 2 event */
- btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
+ /* XI 2 event contains the logical button map - maps are CARD8
+ * so we need 256 bits for the possibly maximum mapping */
+ btlen = (mouse->button) ? bits_to_bytes(256) : 0;
btlen = bytes_to_int32(btlen);
len = sizeof(xXIFocusInEvent) + btlen * 4;
--
2.43.0

33
SOURCES/0001-dix-fix-valuator-copy-paste-error-in-the-DeviceState.patch
View File

@ -1,33 +0,0 @@
From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 22 Jan 2024 14:22:12 +1000
Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
event
Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
---
dix/enterleave.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dix/enterleave.c b/dix/enterleave.c
index 7b7ba1098..c1e6ac600 100644
--- a/dix/enterleave.c
+++ b/dix/enterleave.c
@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
ev->first_valuator = first;
switch (ev->num_valuators) {
case 6:
- ev->valuator2 = v->axisVal[first + 5];
+ ev->valuator5 = v->axisVal[first + 5];
case 5:
- ev->valuator2 = v->axisVal[first + 4];
+ ev->valuator4 = v->axisVal[first + 4];
case 4:
- ev->valuator2 = v->axisVal[first + 3];
+ ev->valuator3 = v->axisVal[first + 3];
case 3:
ev->valuator2 = v->axisVal[first + 2];
case 2:
--
2.44.0

54
SOURCES/0001-ephyr-Fix-incompatible-pointer-type-build-error.patch
View File

@ -1,54 +0,0 @@
From e89edec497bac581ca9b614fb00c25365580f045 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Fri, 19 Jan 2024 13:05:51 +0100
Subject: [PATCH] ephyr: Fix incompatible pointer type build error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix a compilation error on 32 bits architectures with gcc 14:
ephyr_glamor_xv.c: In function ephyr_glamor_xv_init:
ephyr_glamor_xv.c:154:31: error: assignment to SetPortAttributeFuncPtr {aka int (*)(struct _KdScreenInfo *, long unsigned int, int, void *)} from incompatible pointer type int (*)(KdScreenInfo *, Atom, INT32, void *) {aka int (*)(struct _KdScreenInfo *, long unsigned int, long int, void *)} [-Wincompatible-pointer-types]
154 | adaptor->SetPortAttribute = ephyr_glamor_xv_set_port_attribute;
| ^
ephyr_glamor_xv.c:155:31: error: assignment to GetPortAttributeFuncPtr {aka int (*)(struct _KdScreenInfo *, long unsigned int, int *, void *)} from incompatible pointer type int (*)(KdScreenInfo *, Atom, INT32 *, void *) {aka int (*)(struct _KdScreenInfo *, long unsigned int, long int *, void *)} [-Wincompatible-pointer-types]
155 | adaptor->GetPortAttribute = ephyr_glamor_xv_get_port_attribute;
| ^
Build error logs:
https://koji.fedoraproject.org/koji/taskinfo?taskID=111964273
Signed-off-by: José Expósito <jexposit@redhat.com>
---
hw/kdrive/ephyr/ephyr_glamor_xv.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/kdrive/ephyr/ephyr_glamor_xv.c b/hw/kdrive/ephyr/ephyr_glamor_xv.c
index 4dd15cf41..b5eae48c8 100644
--- a/hw/kdrive/ephyr/ephyr_glamor_xv.c
+++ b/hw/kdrive/ephyr/ephyr_glamor_xv.c
@@ -50,16 +50,16 @@ ephyr_glamor_xv_stop_video(KdScreenInfo *screen, void *data, Bool cleanup)
static int
ephyr_glamor_xv_set_port_attribute(KdScreenInfo *screen,
- Atom attribute, INT32 value, void *data)
+ Atom attribute, int value, void *data)
{
- return glamor_xv_set_port_attribute(data, attribute, value);
+ return glamor_xv_set_port_attribute(data, attribute, (INT32)value);
}
static int
ephyr_glamor_xv_get_port_attribute(KdScreenInfo *screen,
- Atom attribute, INT32 *value, void *data)
+ Atom attribute, int *value, void *data)
{
- return glamor_xv_get_port_attribute(data, attribute, value);
+ return glamor_xv_get_port_attribute(data, attribute, (INT32 *)value);
}
static void
--
2.43.0

153
SOURCES/0001-hw-Rename-boolean-config-value-field-from-bool-to-bo.patch
View File

@ -1,153 +0,0 @@
From 454b3a826edb5fc6d0fea3a9cfd1a5e8fc568747 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Mon, 22 Jul 2019 13:51:06 -0400
Subject: [PATCH] hw: Rename boolean config value field from bool to boolean
"bool" conflicts with C++ (meh) and stdbool.h (ngh alright fine). This
is a driver-visible change and will likely break the build for mach64,
but it can be fixed by simply using xf86ReturnOptValBool like every
other driver.
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
hw/xfree86/common/xf86Opt.h | 2 +-
hw/xfree86/common/xf86Option.c | 10 +++++-----
hw/xwin/winconfig.c | 22 +++++++++++-----------
hw/xwin/winconfig.h | 2 +-
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/hw/xfree86/common/xf86Opt.h b/hw/xfree86/common/xf86Opt.h
index 3be2a0fc7..3046fbd41 100644
--- a/hw/xfree86/common/xf86Opt.h
+++ b/hw/xfree86/common/xf86Opt.h
@@ -41,7 +41,7 @@ typedef union {
unsigned long num;
const char *str;
double realnum;
- Bool bool;
+ Bool boolean;
OptFrequency freq;
} ValueUnion;
diff --git a/hw/xfree86/common/xf86Option.c b/hw/xfree86/common/xf86Option.c
index 06973bca3..ca538cc57 100644
--- a/hw/xfree86/common/xf86Option.c
+++ b/hw/xfree86/common/xf86Option.c
@@ -213,7 +213,7 @@ LookupBoolOption(XF86OptionPtr optlist, const char *name, int deflt,
o.name = name;
o.type = OPTV_BOOLEAN;
if (ParseOptionValue(-1, optlist, &o, markUsed))
- deflt = o.value.bool;
+ deflt = o.value.boolean;
return deflt;
}
@@ -474,7 +474,7 @@ xf86ShowUnusedOptions(int scrnIndex, XF86OptionPtr opt)
static Bool
GetBoolValue(OptionInfoPtr p, const char *s)
{
- return xf86getBoolValue(&p->value.bool, s);
+ return xf86getBoolValue(&p->value.boolean, s);
}
static Bool
@@ -678,7 +678,7 @@ ParseOptionValue(int scrnIndex, XF86OptionPtr options, OptionInfoPtr p,
if (markUsed)
xf86MarkOptionUsedByName(options, newn);
if (GetBoolValue(&opt, s)) {
- p->value.bool = !opt.value.bool;
+ p->value.boolean = !opt.value.boolean;
p->found = TRUE;
}
else {
@@ -869,7 +869,7 @@ xf86GetOptValBool(const OptionInfoRec * table, int token, Bool *value)
p = xf86TokenToOptinfo(table, token);
if (p && p->found) {
- *value = p->value.bool;
+ *value = p->value.boolean;
return TRUE;
}
else
@@ -883,7 +883,7 @@ xf86ReturnOptValBool(const OptionInfoRec * table, int token, Bool def)
p = xf86TokenToOptinfo(table, token);
if (p && p->found) {
- return p->value.bool;
+ return p->value.boolean;
}
else
return def;
diff --git a/hw/xwin/winconfig.c b/hw/xwin/winconfig.c
index 31894d2fb..646d69006 100644
--- a/hw/xwin/winconfig.c
+++ b/hw/xwin/winconfig.c
@@ -623,7 +623,7 @@ winSetBoolOption(void *optlist, const char *name, int deflt)
o.name = name;
o.type = OPTV_BOOLEAN;
if (ParseOptionValue(-1, optlist, &o))
- deflt = o.value.bool;
+ deflt = o.value.boolean;
return deflt;
}
@@ -918,7 +918,7 @@ ParseOptionValue(int scrnIndex, void *options, OptionInfoPtr p)
}
if ((s = winFindOptionValue(options, newn)) != NULL) {
if (GetBoolValue(&opt, s)) {
- p->value.bool = !opt.value.bool;
+ p->value.boolean = !opt.value.boolean;
p->found = TRUE;
}
else {
@@ -968,25 +968,25 @@ static Bool
GetBoolValue(OptionInfoPtr p, const char *s)
{
if (*s == 0) {
- p->value.bool = TRUE;
+ p->value.boolean = TRUE;
}
else {
if (winNameCompare(s, "1") == 0)
- p->value.bool = TRUE;
+ p->value.boolean = TRUE;
else if (winNameCompare(s, "on") == 0)
- p->value.bool = TRUE;
+ p->value.boolean = TRUE;
else if (winNameCompare(s, "true") == 0)
- p->value.bool = TRUE;
+ p->value.boolean = TRUE;
else if (winNameCompare(s, "yes") == 0)
- p->value.bool = TRUE;
+ p->value.boolean = TRUE;
else if (winNameCompare(s, "0") == 0)
- p->value.bool = FALSE;
+ p->value.boolean = FALSE;
else if (winNameCompare(s, "off") == 0)
- p->value.bool = FALSE;
+ p->value.boolean = FALSE;
else if (winNameCompare(s, "false") == 0)
- p->value.bool = FALSE;
+ p->value.boolean = FALSE;
else if (winNameCompare(s, "no") == 0)
- p->value.bool = FALSE;
+ p->value.boolean = FALSE;
}
return TRUE;
}
diff --git a/hw/xwin/winconfig.h b/hw/xwin/winconfig.h
index f079368c7..bd1f59650 100644
--- a/hw/xwin/winconfig.h
+++ b/hw/xwin/winconfig.h
@@ -199,7 +199,7 @@ typedef union {
unsigned long num;
char *str;
double realnum;
- Bool bool;
+ Bool boolean;
OptFrequency freq;
} ValueUnion;
--
2.43.0

214
SOURCES/0001-link-with-z-now.patch
View File

@ -1,214 +0,0 @@
From e84d6f25015d36202fd524b8b8d85d2324348ddb Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Mon, 19 Nov 2018 11:27:09 -0500
Subject: [PATCH] link with -z now
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
hw/dmx/Makefile.am | 2 +-
hw/kdrive/ephyr/Makefile.am | 2 +-
hw/vfb/Makefile.am | 2 +-
hw/xfree86/Makefile.am | 3 ++-
hw/xfree86/dixmods/Makefile.am | 6 +++---
hw/xfree86/exa/Makefile.am | 2 +-
hw/xfree86/fbdevhw/Makefile.am | 2 +-
hw/xfree86/int10/Makefile.am | 2 +-
hw/xfree86/shadowfb/Makefile.am | 2 +-
hw/xfree86/utils/cvt/Makefile.am | 1 +
hw/xfree86/utils/gtf/Makefile.am | 1 +
hw/xfree86/vgahw/Makefile.am | 2 +-
hw/xnest/Makefile.am | 2 +-
hw/xwayland/Makefile.am | 2 +-
14 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/hw/dmx/Makefile.am b/hw/dmx/Makefile.am
index eef84cb..9ab20cc 100644
--- a/hw/dmx/Makefile.am
+++ b/hw/dmx/Makefile.am
@@ -78,7 +78,7 @@ XDMX_LIBS = \
input/libdmxinput.a \
config/libdmxconfig.a
-Xdmx_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xdmx_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -Wl,-z,now -pie
Xdmx_DEPENDENCIES= $(XDMX_LIBS)
Xdmx_LDADD = $(XDMX_LIBS) $(XDMX_SYS_LIBS) $(XSERVER_SYS_LIBS)
diff --git a/hw/kdrive/ephyr/Makefile.am b/hw/kdrive/ephyr/Makefile.am
index d12559b..cc37add 100644
--- a/hw/kdrive/ephyr/Makefile.am
+++ b/hw/kdrive/ephyr/Makefile.am
@@ -78,7 +78,7 @@ Xephyr_LDADD = \
Xephyr_DEPENDENCIES = @KDRIVE_LOCAL_LIBS@ $(XEPHYR_GLAMOR_LIB)
-Xephyr_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xephyr_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -W,-z,now -pie
relink:
$(AM_V_at)rm -f $(bin_PROGRAMS) && $(MAKE) $(bin_PROGRAMS)
diff --git a/hw/vfb/Makefile.am b/hw/vfb/Makefile.am
index 7033397..c09a9c9 100644
--- a/hw/vfb/Makefile.am
+++ b/hw/vfb/Makefile.am
@@ -20,7 +20,7 @@ XVFB_LIBS = \
Xvfb_LDADD = $(XVFB_LIBS) $(XVFB_SYS_LIBS) $(XSERVER_SYS_LIBS)
Xvfb_DEPENDENCIES = $(XVFB_LIBS)
-Xvfb_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xvfb_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -Wl,-z,now -pie
relink:
$(AM_V_at)rm -f Xvfb$(EXEEXT) && $(MAKE) Xvfb$(EXEEXT)
diff --git a/hw/xfree86/Makefile.am b/hw/xfree86/Makefile.am
index 32f98b5..5955148 100644
--- a/hw/xfree86/Makefile.am
+++ b/hw/xfree86/Makefile.am
@@ -78,12 +78,13 @@ Xorg_LDADD = \
$(XSERVER_SYS_LIBS)
Xorg_DEPENDENCIES = $(LOCAL_LIBS)
-Xorg_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xorg_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -Wl,-z,now -pie
if SUID_WRAPPER
wrapexecdir = $(SUID_WRAPPER_DIR)
wrapexec_PROGRAMS = Xorg.wrap
Xorg_wrap_SOURCES = xorg-wrapper.c
+Xorg_wrap_LDFLAGS = -Wl,-z,now -pie
endif
BUILT_SOURCES = xorg.conf.example
diff --git a/hw/xfree86/dixmods/Makefile.am b/hw/xfree86/dixmods/Makefile.am
index 856659f..6ab101b 100644
--- a/hw/xfree86/dixmods/Makefile.am
+++ b/hw/xfree86/dixmods/Makefile.am
@@ -17,17 +17,17 @@ AM_CPPFLAGS = @XORG_INCS@ \
-I$(top_srcdir)/miext/shadow \
-I$(top_srcdir)/glx
-libfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+libfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG) -Wl,-z,now
libfb_la_LIBADD = $(top_builddir)/fb/libfb.la
libfb_la_SOURCES = fbmodule.c
libfb_la_CFLAGS = $(AM_CFLAGS)
-libwfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+libwfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG) -Wl,-z,now
libwfb_la_LIBADD = $(top_builddir)/fb/libwfb.la
libwfb_la_SOURCES = fbmodule.c
libwfb_la_CFLAGS = $(AM_CFLAGS) -DFB_ACCESS_WRAPPER
-libglx_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+libglx_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG) -Wl,-z,now
libglx_la_LIBADD = $(top_builddir)/glx/libglx.la $(GLX_SYS_LIBS)
if DRI2
libglx_la_LIBADD += $(top_builddir)/glx/libglxdri.la
diff --git a/hw/xfree86/exa/Makefile.am b/hw/xfree86/exa/Makefile.am
index ccbb305..7bf7137 100644
--- a/hw/xfree86/exa/Makefile.am
+++ b/hw/xfree86/exa/Makefile.am
@@ -2,7 +2,7 @@ SUBDIRS = man
module_LTLIBRARIES = libexa.la
-libexa_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+libexa_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG) -Wl,-z,now
AM_CPPFLAGS = \
$(XORG_INCS) \
diff --git a/hw/xfree86/fbdevhw/Makefile.am b/hw/xfree86/fbdevhw/Makefile.am
index 37cd88c..895cfab 100644
--- a/hw/xfree86/fbdevhw/Makefile.am
+++ b/hw/xfree86/fbdevhw/Makefile.am
@@ -2,7 +2,7 @@ SUBDIRS = man
module_LTLIBRARIES = libfbdevhw.la
-libfbdevhw_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+libfbdevhw_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG) -Wl,-z,now
if FBDEVHW
libfbdevhw_la_SOURCES = fbdevhw.c
diff --git a/hw/xfree86/int10/Makefile.am b/hw/xfree86/int10/Makefile.am
index 66cb14d..aad47a1 100644
--- a/hw/xfree86/int10/Makefile.am
+++ b/hw/xfree86/int10/Makefile.am
@@ -4,7 +4,7 @@ sdk_HEADERS = xf86int10.h
EXTRA_CFLAGS =
-libint10_la_LDFLAGS = -avoid-version
+libint10_la_LDFLAGS = -avoid-version -Wl,-z,now
libint10_la_LIBADD = $(PCIACCESS_LIBS)
COMMON_SOURCES = \
diff --git a/hw/xfree86/shadowfb/Makefile.am b/hw/xfree86/shadowfb/Makefile.am
index 67fb2e4..a8c2d59 100644
--- a/hw/xfree86/shadowfb/Makefile.am
+++ b/hw/xfree86/shadowfb/Makefile.am
@@ -1,5 +1,5 @@
module_LTLIBRARIES = libshadowfb.la
-libshadowfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG)
+libshadowfb_la_LDFLAGS = -module -avoid-version $(LD_NO_UNDEFINED_FLAG) -Wl,-z,now
libshadowfb_la_SOURCES = sfbmodule.c shadowfb.c
libshadowfb_la_LIBADD = $(PIXMAN_LIBS)
diff --git a/hw/xfree86/utils/cvt/Makefile.am b/hw/xfree86/utils/cvt/Makefile.am
index 26abeb4..19b0eba 100644
--- a/hw/xfree86/utils/cvt/Makefile.am
+++ b/hw/xfree86/utils/cvt/Makefile.am
@@ -33,3 +33,4 @@ cvt_SOURCES = cvt.c \
$(top_srcdir)/os/xprintf.c
cvt_CFLAGS = $(DIX_CFLAGS) $(XORG_CFLAGS)
+cvt_LDFLAGS = -Wl,-z,now -pie
diff --git a/hw/xfree86/utils/gtf/Makefile.am b/hw/xfree86/utils/gtf/Makefile.am
index f77bf60..f520fb9 100644
--- a/hw/xfree86/utils/gtf/Makefile.am
+++ b/hw/xfree86/utils/gtf/Makefile.am
@@ -25,3 +25,4 @@ bin_PROGRAMS = gtf
gtf_SOURCES = gtf.c
gtf_CFLAGS = $(XORG_CFLAGS)
gtf_LDADD = -lm
+gtf_LDFLAGS = -Wl,-z,now -pie
diff --git a/hw/xfree86/vgahw/Makefile.am b/hw/xfree86/vgahw/Makefile.am
index b8196a6..37ac499 100644
--- a/hw/xfree86/vgahw/Makefile.am
+++ b/hw/xfree86/vgahw/Makefile.am
@@ -1,5 +1,5 @@
module_LTLIBRARIES = libvgahw.la
-libvgahw_la_LDFLAGS = -avoid-version
+libvgahw_la_LDFLAGS = -avoid-version -Wl,-z,now
libvgahw_la_LIBADD = $(PCIACCESS_LIBS)
libvgahw_la_SOURCES = vgaHW.c vgaHWmodule.c
AM_CPPFLAGS = $(XORG_INCS) -I$(srcdir)/../ddc -I$(srcdir)/../i2c
diff --git a/hw/xnest/Makefile.am b/hw/xnest/Makefile.am
index c77da64..185803c 100644
--- a/hw/xnest/Makefile.am
+++ b/hw/xnest/Makefile.am
@@ -51,7 +51,7 @@ Xnest_SOURCES = $(SRCS)
Xnest_DEPENDENCIES = $(XNEST_LIBS)
Xnest_LDADD = $(XNEST_LIBS) $(XNEST_SYS_LIBS) $(XSERVER_SYS_LIBS)
-Xnest_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xnest_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -Wl,-z,now -pie
EXTRA_DIST = icon \
screensaver
diff --git a/hw/xwayland/Makefile.am b/hw/xwayland/Makefile.am
index bc1cb85..2f70cd1 100644
--- a/hw/xwayland/Makefile.am
+++ b/hw/xwayland/Makefile.am
@@ -28,7 +28,7 @@ Xwayland_LDADD = \
$(XWAYLAND_SYS_LIBS) \
$(top_builddir)/Xext/libXvidmode.la \
$(XSERVER_SYS_LIBS)
-Xwayland_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG)
+Xwayland_LDFLAGS = $(LD_EXPORT_SYMBOLS_FLAG) -Wl,-z,now -pie
Xwayland_built_sources =
--
2.19.1

45
SOURCES/0001-linux-Fix-platform-device-PCI-detection-for-complex-.patch
View File

@ -1,45 +0,0 @@
From b6e18eb57f3dd104704d0a5ec3d2f051645b9068 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Wed, 19 Jun 2019 14:23:56 -0400
Subject: [PATCH xserver] linux: Fix platform device PCI detection for complex
bus topologies
Suppose you're in a Hyper-V guest and are trying to use PCI passthrough.
The ID_PATH that udev will construct for that looks something like
"acpi-VMBUS:00-pci-b8c8:00:00.0", and obviously looking for "pci-" in
the first four characters of that is going to not work.
Instead, strstr. I suppose it's possible you could have _multiple_ PCI
buses in the path, in which case you'd want strrstr, if that were a
thing.
---
config/udev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/udev.c b/config/udev.c
index 314acba6ce..6e11aa3b88 100644
--- a/config/udev.c
+++ b/config/udev.c
@@ -474,7 +474,7 @@ config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path
config_odev_probe_proc_ptr probe_callback)
{
struct OdevAttributes *attribs = config_odev_allocate_attributes();
- const char *value;
+ const char *value, *str;
attribs->path = XNFstrdup(path);
attribs->syspath = XNFstrdup(syspath);
@@ -482,8 +482,8 @@ config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path
attribs->minor = minor;
value = udev_device_get_property_value(udev_device, "ID_PATH");
- if (value && !strncmp(value, "pci-", 4)) {
- attribs->busid = XNFstrdup(value);
+ if (value && (str = strstr(value, "pci-"))) {
+ attribs->busid = XNFstrdup(str);
attribs->busid[3] = ':';
}
--
2.21.0

129
SOURCES/0001-linux-Make-platform-device-probe-less-fragile.patch
View File

@ -1,129 +0,0 @@
From 28320833d61af76dc3b77b985c69706f3e021836 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Tue, 18 Sep 2018 14:37:51 -0400
Subject: [PATCH xserver] linux: Make platform device probe less fragile
At the point where xf86BusProbe runs we haven't yet taken our own VT,
which means we can't perform drm "master" operations on the device. This
is tragic, because we need master to fish the bus id string out of the
kernel, which we can only do after drmSetInterfaceVersion, which for
some reason stores that string on the device not the file handle and
thus needs master access.
Fortunately we know the format of the busid string, and it happens to
almost be the same as the ID_PATH variable from udev. Use that instead
and stop calling drmSetInterfaceVersion.
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
config/udev.c | 17 ++++++++++++-----
hw/xfree86/os-support/linux/lnx_platform.c | 13 ++-----------
2 files changed, 14 insertions(+), 16 deletions(-)
diff --git a/config/udev.c b/config/udev.c
index 3a73189e25..8c6c4b6665 100644
--- a/config/udev.c
+++ b/config/udev.c
@@ -56,7 +56,7 @@ static struct udev_monitor *udev_monitor;
#ifdef CONFIG_UDEV_KMS
static void
-config_udev_odev_setup_attribs(const char *path, const char *syspath,
+config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path, const char *syspath,
int major, int minor,
config_odev_probe_proc_ptr probe_callback);
#endif
@@ -128,7 +128,7 @@ device_added(struct udev_device *udev_device)
LogMessage(X_INFO, "config/udev: Adding drm device (%s)\n", path);
- config_udev_odev_setup_attribs(path, syspath, major(devnum),
+ config_udev_odev_setup_attribs(udev_device, path, syspath, major(devnum),
minor(devnum), NewGPUDeviceRequest);
return;
}
@@ -322,7 +322,7 @@ device_removed(struct udev_device *device)
LogMessage(X_INFO, "config/udev: removing GPU device %s %s\n",
syspath, path);
- config_udev_odev_setup_attribs(path, syspath, major(devnum),
+ config_udev_odev_setup_attribs(device, path, syspath, major(devnum),
minor(devnum), DeleteGPUDeviceRequest);
/* Retry vtenter after a drm node removal */
systemd_logind_vtenter();
@@ -465,17 +465,24 @@ config_udev_fini(void)
#ifdef CONFIG_UDEV_KMS
static void
-config_udev_odev_setup_attribs(const char *path, const char *syspath,
+config_udev_odev_setup_attribs(struct udev_device *udev_device, const char *path, const char *syspath,
int major, int minor,
config_odev_probe_proc_ptr probe_callback)
{
struct OdevAttributes *attribs = config_odev_allocate_attributes();
+ const char *value;
attribs->path = XNFstrdup(path);
attribs->syspath = XNFstrdup(syspath);
attribs->major = major;
attribs->minor = minor;
+ value = udev_device_get_property_value(udev_device, "ID_PATH");
+ if (value && !strncmp(value, "pci-", 4)) {
+ attribs->busid = XNFstrdup(value);
+ attribs->busid[3] = ':';
+ }
+
/* ownership of attribs is passed to probe layer */
probe_callback(attribs);
}
@@ -516,7 +523,7 @@ config_udev_odev_probe(config_odev_probe_proc_ptr probe_callback)
else if (!check_seat(udev_device))
goto no_probe;
- config_udev_odev_setup_attribs(path, syspath, major(devnum),
+ config_udev_odev_setup_attribs(udev_device, path, syspath, major(devnum),
minor(devnum), probe_callback);
no_probe:
udev_device_unref(udev_device);
diff --git a/hw/xfree86/os-support/linux/lnx_platform.c b/hw/xfree86/os-support/linux/lnx_platform.c
index 70374ace88..0eb6d22875 100644
--- a/hw/xfree86/os-support/linux/lnx_platform.c
+++ b/hw/xfree86/os-support/linux/lnx_platform.c
@@ -30,6 +30,8 @@ get_drm_info(struct OdevAttributes *attribs, char *path, int delayed_index)
int err = 0;
Bool paused, server_fd = FALSE;
+ LogMessage(X_INFO, "Platform probe for %s\n", attribs->syspath);
+
fd = systemd_logind_take_fd(attribs->major, attribs->minor, path, &paused);
if (fd != -1) {
if (paused) {
@@ -53,13 +55,6 @@ get_drm_info(struct OdevAttributes *attribs, char *path, int delayed_index)
sv.drm_dd_major = -1; /* Don't care */
sv.drm_dd_minor = -1; /* Don't care */
- err = drmSetInterfaceVersion(fd, &sv);
- if (err) {
- xf86Msg(X_ERROR, "%s: failed to set DRM interface version 1.4: %s\n",
- path, strerror(-err));
- goto out;
- }
-
/* for a delayed probe we've already added the device */
if (delayed_index == -1) {
xf86_add_platform_device(attribs, FALSE);
@@ -69,10 +64,6 @@ get_drm_info(struct OdevAttributes *attribs, char *path, int delayed_index)
if (server_fd)
xf86_platform_devices[delayed_index].flags |= XF86_PDEV_SERVER_FD;
- buf = drmGetBusid(fd);
- xf86_platform_odev_attributes(delayed_index)->busid = XNFstrdup(buf);
- drmFreeBusid(buf);
-
v = drmGetVersion(fd);
if (!v) {
xf86Msg(X_ERROR, "%s: failed to query DRM version\n", path);
--
2.19.0

37
SOURCES/0001-modesetting-Reduce-glamor-initialization-failed-mess.patch
View File

@ -1,37 +0,0 @@
From 41e265988a0b6ec456ddd562253e0f82a7c2ede2 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Fri, 27 Sep 2019 11:43:52 -0400
Subject: [PATCH xserver] modesetting: Reduce "glamor initialization failed"
message to X_INFO
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This might be an error or not, for example refusing to work on llvmpipe
is normal and expected. glamor_egl_init() will print X_ERROR messages if
appropriate, so we don't need to here.
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit cbdde938cbaf604741cd057fac743859ada342ec)
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
---
hw/xfree86/drivers/modesetting/driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c
index 2aaea5f7d..783d53eaa 100644
--- a/hw/xfree86/drivers/modesetting/driver.c
+++ b/hw/xfree86/drivers/modesetting/driver.c
@@ -772,7 +772,7 @@ try_enable_glamor(ScrnInfoPtr pScrn)
xf86DrvMsg(pScrn->scrnIndex, X_INFO, "glamor initialized\n");
ms->drmmode.glamor = TRUE;
} else {
- xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
+ xf86DrvMsg(pScrn->scrnIndex, X_INFO,
"glamor initialization failed\n");
}
} else {
--
2.26.2

28
SOURCES/0001-mustard-Add-DRI2-fallback-driver-mappings-for-i965-a.patch
View File

@ -1,28 +0,0 @@
From efb4bc5b3da511d128144840d7eb3cf3c7cfa0ae Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Tue, 3 Sep 2019 12:10:37 -0400
Subject: [PATCH] mustard: Add DRI2 fallback driver mappings for i965 and
radeonsi
---
hw/xfree86/dri2/pci_ids/pci_id_driver_map.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h b/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h
index 689a570..3825f52 100644
--- a/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h
+++ b/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h
@@ -45,8 +45,10 @@ static const struct {
int num_chips_ids;
} driver_map[] = {
{ 0x8086, "i965", "va_gl", i965_chip_ids, ARRAY_SIZE(i965_chip_ids) },
+ { 0x8086, "i965", "va_gl", NULL, -1 },
{ 0x1002, "r600","r600", r600_chip_ids, ARRAY_SIZE(r600_chip_ids) },
{ 0x1002, "radeonsi", "radeonsi", radeonsi_chip_ids, ARRAY_SIZE(radeonsi_chip_ids) },
+ { 0x1002, "radeonsi", "radeonsi", NULL, -1 },
{ 0x10de, "nouveau", "nouveau", NULL, -1 },
{ 0x1af4, "virtio_gpu", "virtio_gpu", virtio_gpu_chip_ids, ARRAY_SIZE(virtio_gpu_chip_ids) },
{ 0x15ad, "vmwgfx", "vmwgfx", vmwgfx_chip_ids, ARRAY_SIZE(vmwgfx_chip_ids) },
--
2.23.0

278
SOURCES/0001-mustard-Don-t-probe-for-drivers-not-shipped-in-RHEL8.patch
View File

@ -1,278 +0,0 @@
From b6e50ece375b6b1fbe053b30b52fc40dde5c682b Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Tue, 13 Nov 2018 10:11:36 -0500
Subject: [PATCH] mustard: Don't probe for drivers not shipped in RHEL8
As with RHEL7, this is mostly to keep spurious probe messages out of the
X log and prevent questions like "why isn't it loading mga on my
G200SE" or "why isn't it loading radeon_dri.so on my RN50".
---
hw/xfree86/common/xf86pciBus.c | 162 --------------------
hw/xfree86/dri2/pci_ids/pci_id_driver_map.h | 32 ----
2 files changed, 194 deletions(-)
diff --git a/hw/xfree86/common/xf86pciBus.c b/hw/xfree86/common/xf86pciBus.c
index b7f9999..398ed45 100644
--- a/hw/xfree86/common/xf86pciBus.c
+++ b/hw/xfree86/common/xf86pciBus.c
@@ -1074,107 +1074,12 @@ xf86VideoPtrToDriverList(struct pci_device *dev, XF86MatchedDrivers *md)
const char *driverList[5] = { NULL, NULL, NULL, NULL, NULL };
switch (dev->vendor_id) {
- /* AMD Geode LX */
- case 0x1022:
- if (dev->device_id == 0x2081)
- driverList[0] = "geode";
- break;
- /* older Geode products acquired by AMD still carry an NSC vendor_id */
- case 0x100b:
- if (dev->device_id == 0x0030) {
- /* NSC Geode GX2 specifically */
- driverList[0] = "geode";
- /* GX2 support started its life in the NSC tree and was later
- forked by AMD for GEODE so we keep it as a backup */
- driverList[1] = "nsc";
- }
- else
- /* other NSC variant e.g. 0x0104 (SC1400), 0x0504 (SCx200) */
- driverList[0] = "nsc";
- break;
- /* Cyrix Geode GX1 */
- case 0x1078:
- if (dev->device_id == 0x0104)
- driverList[0] = "cyrix";
- break;
- case 0x1142:
- driverList[0] = "apm";
- break;
- case 0xedd8:
- driverList[0] = "ark";
- break;
- case 0x1a03:
- driverList[0] = "ast";
- break;
case 0x1002:
driverList[0] = "ati";
break;
- case 0x102c:
- driverList[0] = "chips";
- break;
- case 0x1013:
- driverList[0] = "cirrus";
- break;
- case 0x3d3d:
- driverList[0] = "glint";
- break;
- case 0x105d:
- driverList[0] = "i128";
- break;
case 0x8086:
switch (dev->device_id)
{
- /* Intel i740 */
- case 0x00d1:
- case 0x7800:
- driverList[0] = "i740";
- break;
- /* GMA500/Poulsbo */
- case 0x8108:
- case 0x8109:
- /* Try psb driver on Poulsbo - if available */
- driverList[0] = "psb";
- driverList[1] = "psb_drv";
- break;
- /* GMA600/Oaktrail */
- case 0x4100:
- case 0x4101:
- case 0x4102:
- case 0x4103:
- case 0x4104:
- case 0x4105:
- case 0x4106:
- case 0x4107:
- /* Atom E620/Oaktrail */
- case 0x4108:
- /* Medfield */
- case 0x0130:
- case 0x0131:
- case 0x0132:
- case 0x0133:
- case 0x0134:
- case 0x0135:
- case 0x0136:
- case 0x0137:
- /* GMA 3600/CDV */
- case 0x0be0:
- case 0x0be1:
- case 0x0be2:
- case 0x0be3:
- case 0x0be4:
- case 0x0be5:
- case 0x0be6:
- case 0x0be7:
- case 0x0be8:
- case 0x0be9:
- case 0x0bea:
- case 0x0beb:
- case 0x0bec:
- case 0x0bed:
- case 0x0bee:
- case 0x0bef:
- /* Use fbdev/vesa driver on Oaktrail, Medfield, CDV */
- break;
/* Default to intel only on pre-gen4 chips */
case 0x3577:
case 0x2562:
@@ -1196,14 +1101,7 @@ xf86VideoPtrToDriverList(struct pci_device *dev, XF86MatchedDrivers *md)
break;
}
break;
- case 0x102b:
- driverList[0] = "mga";
- break;
- case 0x10c8:
- driverList[0] = "neomagic";
- break;
case 0x10de:
- case 0x12d2:
{
int idx = 0;
@@ -1229,77 +1127,17 @@ xf86VideoPtrToDriverList(struct pci_device *dev, XF86MatchedDrivers *md)
driverList[idx++] = "nouveau";
#endif
- driverList[idx++] = "nv";
break;
}
- case 0x1106:
- driverList[0] = "openchrome";
- break;
case 0x1b36:
driverList[0] = "qxl";
break;
- case 0x1163:
- driverList[0] = "rendition";
- break;
- case 0x5333:
- switch (dev->device_id) {
- case 0x88d0:
- case 0x88d1:
- case 0x88f0:
- case 0x8811:
- case 0x8812:
- case 0x8814:
- case 0x8901:
- driverList[0] = "s3";
- break;
- case 0x5631:
- case 0x883d:
- case 0x8a01:
- case 0x8a10:
- case 0x8c01:
- case 0x8c03:
- case 0x8904:
- case 0x8a13:
- driverList[0] = "s3virge";
- break;
- default:
- driverList[0] = "savage";
- break;
- }
- break;
- case 0x1039:
- driverList[0] = "sis";
- break;
- case 0x126f:
- driverList[0] = "siliconmotion";
- break;
- case 0x121a:
- if (dev->device_id < 0x0003)
- driverList[0] = "voodoo";
- else
- driverList[0] = "tdfx";
- break;
- case 0x1011:
- driverList[0] = "tga";
- break;
- case 0x1023:
- driverList[0] = "trident";
- break;
- case 0x100c:
- driverList[0] = "tseng";
- break;
case 0x80ee:
driverList[0] = "vboxvideo";
break;
case 0x15ad:
driverList[0] = "vmware";
break;
- case 0x18ca:
- if (dev->device_id == 0x47)
- driverList[0] = "xgixp";
- else
- driverList[0] = "xgi";
- break;
default:
break;
}
diff --git a/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h b/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h
index 7036d10..689a570 100644
--- a/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h
+++ b/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h
@@ -7,38 +7,12 @@
#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
#endif
-static const int i915_chip_ids[] = {
-#define CHIPSET(chip, desc, name) chip,
-#include "pci_ids/i915_pci_ids.h"
-#undef CHIPSET
-};
-
static const int i965_chip_ids[] = {
#define CHIPSET(chip, family, name) chip,
#include "pci_ids/i965_pci_ids.h"
#undef CHIPSET
};
-#ifndef DRIVER_MAP_GALLIUM_ONLY
-static const int r100_chip_ids[] = {
-#define CHIPSET(chip, name, family) chip,
-#include "pci_ids/radeon_pci_ids.h"
-#undef CHIPSET
-};
-
-static const int r200_chip_ids[] = {
-#define CHIPSET(chip, name, family) chip,
-#include "pci_ids/r200_pci_ids.h"
-#undef CHIPSET
-};
-#endif
-
-static const int r300_chip_ids[] = {
-#define CHIPSET(chip, name, family) chip,
-#include "pci_ids/r300_pci_ids.h"
-#undef CHIPSET
-};
-
static const int r600_chip_ids[] = {
#define CHIPSET(chip, name, family) chip,
#include "pci_ids/r600_pci_ids.h"
@@ -70,13 +44,7 @@ static const struct {
const int *chip_ids;
int num_chips_ids;
} driver_map[] = {
- { 0x8086, "i915", "i915", i915_chip_ids, ARRAY_SIZE(i915_chip_ids) },
{ 0x8086, "i965", "va_gl", i965_chip_ids, ARRAY_SIZE(i965_chip_ids) },
-#ifndef DRIVER_MAP_GALLIUM_ONLY
- { 0x1002, "radeon", "radeon", r100_chip_ids, ARRAY_SIZE(r100_chip_ids) },
- { 0x1002, "r200", "r200", r200_chip_ids, ARRAY_SIZE(r200_chip_ids) },
-#endif
- { 0x1002, "r300", "r300", r300_chip_ids, ARRAY_SIZE(r300_chip_ids) },
{ 0x1002, "r600","r600", r600_chip_ids, ARRAY_SIZE(r600_chip_ids) },
{ 0x1002, "radeonsi", "radeonsi", radeonsi_chip_ids, ARRAY_SIZE(radeonsi_chip_ids) },
{ 0x10de, "nouveau", "nouveau", NULL, -1 },
--
2.19.1

34
SOURCES/0001-mustard-Work-around-broken-fbdev-headers.patch
View File

@ -1,34 +0,0 @@
From a4fc2f3a55776018eda20e09c11b3710f8f0e542 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Fri, 26 Oct 2018 14:16:17 -0400
Subject: [PATCH xserver] mustard: Work around broken fbdev headers
This configure check is somewhat pointless as we have our own copy of
the fbdev ioctl declarations. There's also a bug in the version of the
kernel headers I happen to want to build against, where an IS_ENABLED()
escaped into uapi like it oughtn't.
Nerf the test so we build the right fbdevhw code.
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
configure.ac | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 57a2331024..2b8477ed61 100644
--- a/configure.ac
+++ b/configure.ac
@@ -197,8 +197,7 @@ AC_CHECK_HEADERS([linux/agpgart.h sys/agpio.h sys/agpgart.h], AGP=yes)
AM_CONDITIONAL(AGP, [test "x$AGP" = xyes])
dnl fbdev header
-AC_CHECK_HEADERS([linux/fb.h], FBDEV=yes)
-AM_CONDITIONAL(FBDEVHW, [test "x$FBDEV" = xyes])
+AM_CONDITIONAL(FBDEVHW, true)
dnl FreeBSD kldload support (sys/linker.h)
AC_CHECK_HEADERS([sys/linker.h],
--
2.19.1

43
SOURCES/0001-present-Check-for-NULL-to-prevent-crash.patch
View File

@ -1,43 +0,0 @@
From 94b4a3d45451d29e9539ea234ce8b5e9ed58546c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C5=82a=C5=BCej=20Szczygie=C5=82?= <spaz16@wp.pl>
Date: Thu, 13 Jan 2022 00:47:27 +0100
Subject: [PATCH xserver] present: Check for NULL to prevent crash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1275
Signed-off-by: Błażej Szczygieł <spaz16@wp.pl>
Tested-by: Aaron Plattner <aplattner@nvidia.com>
(cherry picked from commit 22d5818851967408bb7c903cb345b7ca8766094c)
---
present/present_scmd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/present/present_scmd.c b/present/present_scmd.c
index 3c68e690b..11391adbb 100644
--- a/present/present_scmd.c
+++ b/present/present_scmd.c
@@ -168,6 +168,9 @@ present_scmd_get_crtc(present_screen_priv_ptr screen_priv, WindowPtr window)
if (!screen_priv->info)
return NULL;
+ if (!screen_priv->info->get_crtc)
+ return NULL;
+
return (*screen_priv->info->get_crtc)(window);
}
@@ -206,6 +209,9 @@ present_flush(WindowPtr window)
if (!screen_priv->info)
return;
+ if (!screen_priv->info->flush)
+ return;
+
(*screen_priv->info->flush) (window);
}
--
2.34.1

105
SOURCES/0001-present-Send-a-PresentConfigureNotify-event-for-dest.patch
View File

@ -1,105 +0,0 @@
From b98fc07d3442a289c6bef82df50dd0a2d01de71a Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Thu, 2 Feb 2023 12:26:27 -0500
Subject: [PATCH xserver] present: Send a PresentConfigureNotify event for
destroyed windows
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This enables fixing a deadlock case on the client side, where the client
ends up blocked waiting for a Present event that will never come because
the window was destroyed. The new PresentWindowDestroyed flag allows the
client to avoid blocking indefinitely.
Signed-off-by: Adam Jackson <ajax@redhat.com>
See-also: https://gitlab.freedesktop.org/mesa/mesa/-/issues/116
See-also: https://gitlab.freedesktop.org/mesa/mesa/-/issues/6685
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit 462b06033e66a32308d940eb5fc47f5e4c914dc0)
---
present/present_event.c | 5 +++--
present/present_priv.h | 7 ++++++-
present/present_screen.c | 11 ++++++++++-
3 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/present/present_event.c b/present/present_event.c
index 435b26b70..849732dc8 100644
--- a/present/present_event.c
+++ b/present/present_event.c
@@ -102,7 +102,8 @@ present_event_swap(xGenericEvent *from, xGenericEvent *to)
}
void
-present_send_config_notify(WindowPtr window, int x, int y, int w, int h, int bw, WindowPtr sibling)
+present_send_config_notify(WindowPtr window, int x, int y, int w, int h,
+ int bw, WindowPtr sibling, CARD32 flags)
{
present_window_priv_ptr window_priv = present_window_priv(window);
@@ -122,7 +123,7 @@ present_send_config_notify(WindowPtr window, int x, int y, int w, int h, int bw,
.off_y = 0,
.pixmap_width = w,
.pixmap_height = h,
- .pixmap_flags = 0
+ .pixmap_flags = flags
};
present_event_ptr event;
diff --git a/present/present_priv.h b/present/present_priv.h
index 6ebd009a2..4ad729864 100644
--- a/present/present_priv.h
+++ b/present/present_priv.h
@@ -43,6 +43,11 @@
#define DebugPresent(x)
#endif
+/* XXX this belongs in presentproto */
+#ifndef PresentWindowDestroyed
+#define PresentWindowDestroyed (1 << 0)
+#endif
+
extern int present_request;
extern DevPrivateKeyRec present_screen_private_key;
@@ -307,7 +312,7 @@ void
present_free_events(WindowPtr window);
void
-present_send_config_notify(WindowPtr window, int x, int y, int w, int h, int bw, WindowPtr sibling);
+present_send_config_notify(WindowPtr window, int x, int y, int w, int h, int bw, WindowPtr sibling, CARD32 flags);
void
present_send_complete_notify(WindowPtr window, CARD8 kind, CARD8 mode, CARD32 serial, uint64_t ust, uint64_t msc);
diff --git a/present/present_screen.c b/present/present_screen.c
index 15684eda4..2c29aafd2 100644
--- a/present/present_screen.c
+++ b/present/present_screen.c
@@ -93,6 +93,15 @@ present_destroy_window(WindowPtr window)
present_screen_priv_ptr screen_priv = present_screen_priv(screen);
present_window_priv_ptr window_priv = present_window_priv(window);
+ present_send_config_notify(window,
+ window->drawable.x,
+ window->drawable.y,
+ window->drawable.width,
+ window->drawable.height,
+ window->borderWidth,
+ window->nextSib,
+ PresentWindowDestroyed);
+
if (window_priv) {
present_clear_window_notifies(window);
present_free_events(window);
@@ -123,7 +132,7 @@ present_config_notify(WindowPtr window,
ScreenPtr screen = window->drawable.pScreen;
present_screen_priv_ptr screen_priv = present_screen_priv(screen);
- present_send_config_notify(window, x, y, w, h, bw, sibling);
+ present_send_config_notify(window, x, y, w, h, bw, sibling, 0);
unwrap(screen_priv, screen, ConfigNotify);
if (screen->ConfigNotify)
--
2.40.0

35
SOURCES/0001-record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
View File

@ -1,35 +0,0 @@
From acc50e6097d51fec0c6c34d84c35018a50c52d5a Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Tue, 14 Dec 2021 15:00:00 +0200
Subject: [PATCH xserver 1/4] record: Fix out of bounds access in
SwapCreateRegister()
ZDI-CAN-14952, CVE-2021-4011
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit e56f61c79fc3cee26d83cda0f84ae56d5979f768)
---
record/record.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/record/record.c b/record/record.c
index 05d751ac2..a8aec23bd 100644
--- a/record/record.c
+++ b/record/record.c
@@ -2515,8 +2515,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
swapl(pClientID);
}
if (stuff->nRanges >
- client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- - stuff->nClients)
+ (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
+ - stuff->nClients) / bytes_to_int32(sz_xRecordRange))
return BadLength;
RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
return Success;
--
2.33.1

167
SOURCES/0001-xf86-logind-Fix-drm_drop_master-before-vt_reldisp.patch
View File

@ -1,167 +0,0 @@
From dafe5f6358edd557d89bb63265d6df2e1249f106 Mon Sep 17 00:00:00 2001
From: Jocelyn Falempe <jfalempe@redhat.com>
Date: Thu, 18 Nov 2021 14:45:42 +0100
Subject: [PATCH] xf86/logind: fix call systemd_logind_vtenter after receiving
drm device resume
logind send the resume event for input devices and drm device,
in any order. if we call vt_enter before logind resume the drm device,
it leads to a driver error, because logind has not done the
DRM_IOCTL_SET_MASTER on it.
Keep the old workaround to make sure we call systemd_logind_vtenter at
least once if there are no platform device
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
xf86/logind: Fix drm_drop_master before vt_reldisp
When switching to VT, the ioctl DRM_DROP_MASTER must be done before
the ioctl VT_RELDISP. Otherwise the kernel can't change the modesetting
reliably, and this leads to the console not showing up in some cases, like
after unplugging a docking station with a DP or HDMI monitor.
Before doing the VT_RELDISP, send a dbus message to logind, to
pause the drm device, so logind will do the ioctl DRM_DROP_MASTER.
With this patch, it changes the order logind will send the resume
event, and drm will be sent last instead of first.
so there is a also fix to call systemd_logind_vtenter() at the right time.
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
xf86/logind: Fix compilation error when built without logind/platform bus
This was introduced by commit 8eb1396d
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1269
Fixes: da9d012a9 - xf86/logind: Fix drm_drop_master before vt_reldisp
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
xf86/logind: fix missing call to vtenter if the platform device is not paused
If there is one platform device, which is not paused nor resumed,
systemd_logind_vtenter() will never get called.
This break suspend/resume, and switching to VT on system with Nvidia
proprietary driver.
This is a regression introduced by f5bd039633fa83
So now call systemd_logind_vtenter() if there are no paused
platform devices.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1271
Fixes: f5bd0396 - xf86/logind: fix call systemd_logind_vtenter after receiving drm device resume
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Tested-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
---
hw/xfree86/common/xf86Events.c | 4 ++
hw/xfree86/os-support/linux/systemd-logind.c | 41 +++++++++++++++++---
include/systemd-logind.h | 2 +
3 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/hw/xfree86/common/xf86Events.c b/hw/xfree86/common/xf86Events.c
index 8a800bd8f..b683d233b 100644
--- a/hw/xfree86/common/xf86Events.c
+++ b/hw/xfree86/common/xf86Events.c
@@ -393,6 +393,10 @@ xf86VTLeave(void)
for (i = 0; i < xf86NumGPUScreens; i++)
xf86GPUScreens[i]->LeaveVT(xf86GPUScreens[i]);
+ if (systemd_logind_controls_session()) {
+ systemd_logind_drop_master();
+ }
+
if (!xf86VTSwitchAway())
goto switch_failed;
diff --git a/hw/xfree86/os-support/linux/systemd-logind.c b/hw/xfree86/os-support/linux/systemd-logind.c
index 13784d15c..bd7a341f0 100644
--- a/hw/xfree86/os-support/linux/systemd-logind.c
+++ b/hw/xfree86/os-support/linux/systemd-logind.c
@@ -302,6 +302,37 @@ cleanup:
dbus_error_free(&error);
}
+/*
+ * Send a message to logind, to pause the drm device
+ * and ensure the drm_drop_master is done before
+ * VT_RELDISP when switching VT
+ */
+void systemd_logind_drop_master(void)
+{
+ int i;
+ for (i = 0; i < xf86_num_platform_devices; i++) {
+ if (xf86_platform_devices[i].flags & XF86_PDEV_SERVER_FD) {
+ dbus_int32_t major, minor;
+ struct systemd_logind_info *info = &logind_info;
+
+ xf86_platform_devices[i].flags |= XF86_PDEV_PAUSED;
+ major = xf86_platform_odev_attributes(i)->major;
+ minor = xf86_platform_odev_attributes(i)->minor;
+ systemd_logind_ack_pause(info, minor, major);
+ }
+ }
+}
+
+static Bool are_platform_devices_resumed(void) {
+ int i;
+ for (i = 0; i < xf86_num_platform_devices; i++) {
+ if (xf86_platform_devices[i].flags & XF86_PDEV_PAUSED) {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
static DBusHandlerResult
message_filter(DBusConnection * connection, DBusMessage * message, void *data)
{
@@ -417,14 +448,14 @@ message_filter(DBusConnection * connection, DBusMessage * message, void *data)
/* info->vt_active gets set by systemd_logind_vtenter() */
info->active = TRUE;
- if (pdev)
+ if (pdev) {
pdev->flags &= ~XF86_PDEV_PAUSED;
- else
+ } else
systemd_logind_set_input_fd_for_all_devs(major, minor, fd,
info->vt_active);
-
- /* Always call vtenter(), in case there are only legacy video devs */
- systemd_logind_vtenter();
+ /* Call vtenter if all platform devices are resumed, or if there are no platform device */
+ if (are_platform_devices_resumed())
+ systemd_logind_vtenter();
}
return DBUS_HANDLER_RESULT_HANDLED;
}
diff --git a/include/systemd-logind.h b/include/systemd-logind.h
index a4067d097..5c04d0130 100644
--- a/include/systemd-logind.h
+++ b/include/systemd-logind.h
@@ -33,6 +33,7 @@ int systemd_logind_take_fd(int major, int minor, const char *path, Bool *paus);
void systemd_logind_release_fd(int major, int minor, int fd);
int systemd_logind_controls_session(void);
void systemd_logind_vtenter(void);
+void systemd_logind_drop_master(void);
#else
#define systemd_logind_init()
#define systemd_logind_fini()
@@ -40,6 +41,7 @@ void systemd_logind_vtenter(void);
#define systemd_logind_release_fd(major, minor, fd) close(fd)
#define systemd_logind_controls_session() 0
#define systemd_logind_vtenter()
+#define systemd_logind_drop_master()
#endif
#endif
--
2.33.1

27
SOURCES/0001-xfree86-Don-t-autoconfigure-vesa-or-fbdev.patch
View File

@ -1,27 +0,0 @@
From e4dce2bfaf4a61dd8a8ac099638489d4fdff9024 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Tue, 29 May 2018 15:05:10 -0400
Subject: [PATCH] xfree86: Don't autoconfigure vesa or fbdev
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
hw/xfree86/loader/loadmod.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/xfree86/loader/loadmod.c b/hw/xfree86/loader/loadmod.c
index a6356bd..1c1c2b1 100644
--- a/hw/xfree86/loader/loadmod.c
+++ b/hw/xfree86/loader/loadmod.c
@@ -383,6 +383,9 @@ LoaderListDir(const char *subdir, const char **patternlist)
strcpy(fp, dp->d_name);
if (!(stat(buf, &stat_buf) == 0 && S_ISREG(stat_buf.st_mode)))
continue;
+ if (!strcmp(subdir, "drivers") &&
+ (strstr(dp->d_name, "vesa") || strstr(dp->d_name, "fbdev")))
+ continue;
for (p = patterns; p->pattern; p++) {
if (regexec(&p->rex, dp->d_name, 2, match, 0) == 0 &&
match[1].rm_so != -1) {
--
2.17.0

27
SOURCES/0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
View File

@ -1,27 +0,0 @@
From 1070ffa0953e9200688fc8fae11e3ab0680b86f2 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Tue, 9 Oct 2018 12:28:48 -0400
Subject: [PATCH xserver] xfree86: LeaveVT from xf86CrtcCloseScreen
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
---
hw/xfree86/modes/xf86Crtc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
index 37a45bb3af..45d325f4d2 100644
--- a/hw/xfree86/modes/xf86Crtc.c
+++ b/hw/xfree86/modes/xf86Crtc.c
@@ -776,6 +776,8 @@ xf86CrtcCloseScreen(ScreenPtr screen)
crtc->randr_crtc = NULL;
}
+ scrn->LeaveVT(scrn);
+
screen->CloseScreen = config->CloseScreen;
xf86RotateCloseScreen(screen);
--
2.19.0

136
SOURCES/0001-xfree86-Only-switch-to-original-VT-if-it-is-active.patch
View File

@ -1,136 +0,0 @@
From ff91c696ff8f5f56da40e107cb5c321539758a81 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Tue, 16 Oct 2018 09:32:13 +0200
Subject: [PATCH xserver] xfree86: Only switch to original VT if it is active.
If the X server is terminated while its VT is not active, it should
not change the current VT.
v2: Query current state in xf86CloseConsole using VT_GETSTATE instead of
keeping track in xf86VTEnter/xf86VTLeave/etc.
---
hw/xfree86/os-support/linux/lnx_init.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/hw/xfree86/os-support/linux/lnx_init.c b/hw/xfree86/os-support/linux/lnx_init.c
index 039dc4a4d..358d89f0f 100644
--- a/hw/xfree86/os-support/linux/lnx_init.c
+++ b/hw/xfree86/os-support/linux/lnx_init.c
@@ -272,101 +272,111 @@ xf86OpenConsole(void)
xf86SetConsoleHandler(drain_console, NULL);
}
nTty = tty_attr;
nTty.c_iflag = (IGNPAR | IGNBRK) & (~PARMRK) & (~ISTRIP);
nTty.c_oflag = 0;
nTty.c_cflag = CREAD | CS8;
nTty.c_lflag = 0;
nTty.c_cc[VTIME] = 0;
nTty.c_cc[VMIN] = 1;
cfsetispeed(&nTty, 9600);
cfsetospeed(&nTty, 9600);
tcsetattr(xf86Info.consoleFd, TCSANOW, &nTty);
}
}
else { /* serverGeneration != 1 */
if (!xf86Info.ShareVTs && xf86Info.autoVTSwitch) {
/* now get the VT */
if (!switch_to(xf86Info.vtno, "xf86OpenConsole"))
FatalError("xf86OpenConsole: Switching VT failed\n");
}
}
}
#pragma GCC diagnostic pop
void
xf86CloseConsole(void)
{
struct vt_mode VT;
+ struct vt_stat vts;
int ret;
if (xf86Info.ShareVTs) {
close(xf86Info.consoleFd);
return;
}
/*
* unregister the drain_console handler
* - what to do if someone else changed it in the meantime?
*/
xf86SetConsoleHandler(NULL, NULL);
/* Back to text mode ... */
SYSCALL(ret = ioctl(xf86Info.consoleFd, KDSETMODE, KD_TEXT));
if (ret < 0)
xf86Msg(X_WARNING, "xf86CloseConsole: KDSETMODE failed: %s\n",
strerror(errno));
SYSCALL(ioctl(xf86Info.consoleFd, KDSKBMODE, tty_mode));
tcsetattr(xf86Info.consoleFd, TCSANOW, &tty_attr);
SYSCALL(ret = ioctl(xf86Info.consoleFd, VT_GETMODE, &VT));
if (ret < 0)
xf86Msg(X_WARNING, "xf86CloseConsole: VT_GETMODE failed: %s\n",
strerror(errno));
else {
/* set dflt vt handling */
VT.mode = VT_AUTO;
SYSCALL(ret = ioctl(xf86Info.consoleFd, VT_SETMODE, &VT));
if (ret < 0)
xf86Msg(X_WARNING, "xf86CloseConsole: VT_SETMODE failed: %s\n",
strerror(errno));
}
if (xf86Info.autoVTSwitch) {
/*
- * Perform a switch back to the active VT when we were started
- */
+ * Perform a switch back to the active VT when we were started if our
+ * vt is active now.
+ */
if (activeVT >= 0) {
- switch_to(activeVT, "xf86CloseConsole");
+ SYSCALL(ret = ioctl(xf86Info.consoleFd, VT_GETSTATE, &vts));
+ if (ret < 0) {
+ xf86Msg(X_WARNING, "xf86OpenConsole: VT_GETSTATE failed: %s\n",
+ strerror(errno));
+ } else {
+ if (vts.v_active == xf86Info.vtno) {
+ switch_to(activeVT, "xf86CloseConsole");
+ }
+ }
activeVT = -1;
}
}
close(xf86Info.consoleFd); /* make the vt-manager happy */
}
#define CHECK_FOR_REQUIRED_ARGUMENT() \
if (((i + 1) >= argc) || (!argv[i + 1])) { \
ErrorF("Required argument to %s not specified\n", argv[i]); \
UseMsg(); \
FatalError("Required argument to %s not specified\n", argv[i]); \
}
int
xf86ProcessArgument(int argc, char *argv[], int i)
{
/*
* Keep server from detaching from controlling tty. This is useful
* when debugging (so the server can receive keyboard signals.
*/
if (!strcmp(argv[i], "-keeptty")) {
KeepTty = TRUE;
return 1;
}
if ((argv[i][0] == 'v') && (argv[i][1] == 't')) {
if (sscanf(argv[i], "vt%2d", &xf86Info.vtno) == 0) {
UseMsg();
xf86Info.vtno = -1;
return 0;
--
2.18.4

34
SOURCES/0001-xfree86-ensure-the-readlink-buffer-is-null-terminate.patch
View File

@ -1,34 +0,0 @@
From 71703e4e8bd00719eefad53c2ed6c604079f87ea Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 17 Oct 2018 09:00:59 +1000
Subject: [PATCH xserver] xfree86: ensure the readlink buffer is
null-terminated
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
---
hw/xfree86/fbdevhw/fbdevhw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/xfree86/fbdevhw/fbdevhw.c b/hw/xfree86/fbdevhw/fbdevhw.c
index 95089515c..f146ff4a4 100644
--- a/hw/xfree86/fbdevhw/fbdevhw.c
+++ b/hw/xfree86/fbdevhw/fbdevhw.c
@@ -331,12 +331,12 @@ fbdev_open(int scrnIndex, const char *dev, char **namep)
/* only touch non-PCI devices on this path */
{
- char buf[PATH_MAX];
+ char buf[PATH_MAX] = {0};
char *sysfs_path = NULL;
char *node = strrchr(dev, '/') + 1;
if (asprintf(&sysfs_path, "/sys/class/graphics/%s", node) < 0 ||
- readlink(sysfs_path, buf, sizeof(buf)) < 0 ||
+ readlink(sysfs_path, buf, sizeof(buf) - 1) < 0 ||
strstr(buf, "devices/pci")) {
free(sysfs_path);
close(fd);
--
2.19.1

190
SOURCES/0001-xfree86-try-harder-to-span-on-multihead.patch
View File

@ -1,190 +0,0 @@
From 326f992a90dae7a747da45626e588fa3c1dfa5dc Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 21 Sep 2018 14:38:31 -0400
Subject: [PATCH xserver] xfree86: try harder to span on multihead
right now if one of the monitors can't give
it's native resolution because of bandwidth limitations,
X decides to avoid spanning and instead clone.
That's suboptimal, spanning is normally the right
thing to do (with the exception of some projector
use cases and other edge cases)
This commit tries harder to make spanning work.
---
hw/xfree86/modes/xf86Crtc.c | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
index 37a45bb3a..686cb51b8 100644
--- a/hw/xfree86/modes/xf86Crtc.c
+++ b/hw/xfree86/modes/xf86Crtc.c
@@ -2132,135 +2132,160 @@ bestModeForAspect(xf86CrtcConfigPtr config, Bool *enabled, float aspect)
if (test->HDisplay != mode->HDisplay ||
test->VDisplay != mode->VDisplay) {
test = NULL;
break;
}
}
/* if we didn't match it on all outputs, try the next one */
if (!test)
continue;
/* if it's bigger than the last one, save it */
if (!match || (test->HDisplay > match->HDisplay))
match = test;
}
/* return the biggest one found */
return match;
}
static int
numEnabledOutputs(xf86CrtcConfigPtr config, Bool *enabled)
{
int i = 0, p;
for (i = 0, p = -1; nextEnabledOutput(config, enabled, &p); i++) ;
return i;
}
+static DisplayModePtr
+findReasonableMode(xf86CrtcConfigPtr config, xf86OutputPtr output, Bool *enabled, int width, int height)
+{
+ DisplayModePtr mode =
+ xf86OutputHasPreferredMode(output, width, height);
+
+ /* if there's no preferred mode, just try to find a reasonable one */
+ if (!mode) {
+ float aspect = 0.0;
+ DisplayModePtr a = NULL, b = NULL;
+
+ if (output->mm_height)
+ aspect = (float) output->mm_width /
+ (float) output->mm_height;
+
+ a = bestModeForAspect(config, enabled, 4.0/3.0);
+ if (aspect)
+ b = bestModeForAspect(config, enabled, aspect);
+
+ mode = biggestMode(a, b);
+ }
+
+ return mode;
+}
+
static Bool
xf86TargetRightOf(ScrnInfoPtr scrn, xf86CrtcConfigPtr config,
DisplayModePtr *modes, Bool *enabled,
int width, int height)
{
int o;
int w = 0;
Bool has_tile = FALSE;
uint32_t configured_outputs;
xf86GetOptValBool(config->options, OPTION_PREFER_CLONEMODE,
&scrn->preferClone);
if (scrn->preferClone)
return FALSE;
if (numEnabledOutputs(config, enabled) < 2)
return FALSE;
for (o = -1; nextEnabledOutput(config, enabled, &o); ) {
DisplayModePtr mode =
- xf86OutputHasPreferredMode(config->output[o], width, height);
+ findReasonableMode(config, config->output[o], enabled, width, height);
if (!mode)
return FALSE;
w += mode->HDisplay;
}
if (w > width)
return FALSE;
w = 0;
configured_outputs = 0;
for (o = -1; nextEnabledOutput(config, enabled, &o); ) {
DisplayModePtr mode =
- xf86OutputHasPreferredMode(config->output[o], width, height);
+ findReasonableMode(config, config->output[o], enabled, width, height);
if (configured_outputs & (1 << o))
continue;
if (config->output[o]->tile_info.group_id) {
has_tile = TRUE;
continue;
}
config->output[o]->initial_x = w;
w += mode->HDisplay;
configured_outputs |= (1 << o);
modes[o] = mode;
}
if (has_tile) {
for (o = -1; nextEnabledOutput(config, enabled, &o); ) {
int ht, vt, ot;
int add_x, cur_x = w;
struct xf86CrtcTileInfo *tile_info = &config->output[o]->tile_info, *this_tile;
if (configured_outputs & (1 << o))
continue;
if (!tile_info->group_id)
continue;
if (tile_info->tile_h_loc != 0 && tile_info->tile_v_loc != 0)
continue;
for (ht = 0; ht < tile_info->num_h_tile; ht++) {
int cur_y = 0;
add_x = 0;
for (vt = 0; vt < tile_info->num_v_tile; vt++) {
for (ot = -1; nextEnabledOutput(config, enabled, &ot); ) {
-
DisplayModePtr mode =
- xf86OutputHasPreferredMode(config->output[ot], width, height);
+ findReasonableMode(config, config->output[ot], enabled, width, height);
+
if (!config->output[ot]->tile_info.group_id)
continue;
this_tile = &config->output[ot]->tile_info;
if (this_tile->group_id != tile_info->group_id)
continue;
if (this_tile->tile_h_loc != ht ||
this_tile->tile_v_loc != vt)
continue;
config->output[ot]->initial_x = cur_x;
config->output[ot]->initial_y = cur_y;
if (vt == 0)
add_x = this_tile->tile_h_size;
cur_y += this_tile->tile_v_size;
configured_outputs |= (1 << ot);
modes[ot] = mode;
}
}
cur_x += add_x;
}
w = cur_x;
}
}
return TRUE;
}
static Bool
--
2.17.1

54
SOURCES/0001-xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
View File

@ -1,54 +0,0 @@
From 56351307017e2501f7cd6e31efcfb55c19aba75a Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Thu, 10 Oct 2024 10:37:28 +0200
Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
CVE-2024-9632, ZDI-CAN-24756
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: José Expósito <jexposit@redhat.com>
---
xkb/xkb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index f203270d5..70e8279aa 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2991,13 +2991,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
XkbSymInterpretPtr sym;
unsigned int skipped = 0;
- if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
- compat->num_si = req->firstSI + req->nSI;
+ if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+ compat->num_si = compat->size_si = req->firstSI + req->nSI;
compat->sym_interpret = reallocarray(compat->sym_interpret,
- compat->num_si,
+ compat->size_si,
sizeof(XkbSymInterpretRec));
if (!compat->sym_interpret) {
- compat->num_si = 0;
+ compat->num_si = compat->size_si = 0;
return BadAlloc;
}
}
--
2.46.2

44
SOURCES/0002-xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
View File

@ -1,44 +0,0 @@
From 6bb8aeb30a2686facc48733016caade97ece10ad Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Tue, 14 Dec 2021 15:00:01 +0200
Subject: [PATCH xserver 2/4] xfixes: Fix out of bounds access in
*ProcXFixesCreatePointerBarrier()
ZDI-CAN-14950, CVE-2021-4009
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit b5196750099ae6ae582e1f46bd0a6dad29550e02)
---
xfixes/cursor.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/xfixes/cursor.c b/xfixes/cursor.c
index d4b68f3af..5f531a89a 100644
--- a/xfixes/cursor.c
+++ b/xfixes/cursor.c
@@ -1010,7 +1010,8 @@ ProcXFixesCreatePointerBarrier(ClientPtr client)
{
REQUEST(xXFixesCreatePointerBarrierReq);
- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices));
+ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq,
+ pad_to_int32(stuff->num_devices * sizeof(CARD16)));
LEGAL_NEW_RESOURCE(stuff->barrier, client);
return XICreatePointerBarrier(client, stuff);
@@ -1027,7 +1028,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client)
swaps(&stuff->length);
swaps(&stuff->num_devices);
- REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices));
+ REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq,
+ pad_to_int32(stuff->num_devices * sizeof(CARD16)));
swapl(&stuff->barrier);
swapl(&stuff->window);
--
2.33.1

34
SOURCES/0003-Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
View File

@ -1,34 +0,0 @@
From 67425fcab50ef24a5617e109897f38876dd81277 Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Tue, 14 Dec 2021 15:00:02 +0200
Subject: [PATCH xserver 3/4] Xext: Fix out of bounds access in
SProcScreenSaverSuspend()
ZDI-CAN-14951, CVE-2021-4010
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit 6c4c53010772e3cb4cb8acd54950c8eec9c00d21)
---
Xext/saver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Xext/saver.c b/Xext/saver.c
index c27a66c80..c23907dbb 100644
--- a/Xext/saver.c
+++ b/Xext/saver.c
@@ -1351,8 +1351,8 @@ SProcScreenSaverSuspend(ClientPtr client)
REQUEST(xScreenSaverSuspendReq);
swaps(&stuff->length);
- swapl(&stuff->suspend);
REQUEST_SIZE_MATCH(xScreenSaverSuspendReq);
+ swapl(&stuff->suspend);
return ProcScreenSaverSuspend(client);
}
--
2.33.1

53
SOURCES/0004-render-Fix-out-of-bounds-access-in-SProcRenderCompos.patch
View File

@ -1,53 +0,0 @@
From 35b4681c79480d980bd8dcba390146aad7817c47 Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Tue, 14 Dec 2021 15:00:03 +0200
Subject: [PATCH xserver 4/4] render: Fix out of bounds access in
SProcRenderCompositeGlyphs()
ZDI-CAN-14192, CVE-2021-4008
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60)
---
render/render.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/render/render.c b/render/render.c
index c376090ca..456f156d4 100644
--- a/render/render.c
+++ b/render/render.c
@@ -2309,6 +2309,9 @@ SProcRenderCompositeGlyphs(ClientPtr client)
i = elt->len;
if (i == 0xff) {
+ if (buffer + 4 > end) {
+ return BadLength;
+ }
swapl((int *) buffer);
buffer += 4;
}
@@ -2319,12 +2322,18 @@ SProcRenderCompositeGlyphs(ClientPtr client)
buffer += i;
break;
case 2:
+ if (buffer + i * 2 > end) {
+ return BadLength;
+ }
while (i--) {
swaps((short *) buffer);
buffer += 2;
}
break;
case 4:
+ if (buffer + i * 4 > end) {
+ return BadLength;
+ }
while (i--) {
swapl((int *) buffer);
buffer += 4;
--
2.33.1

38
SOURCES/10-quirks.conf
View File

@ -1,38 +0,0 @@
# Collection of quirks and blacklist/whitelists for specific devices.
# Accelerometer device, posts data through ABS_X/ABS_Y, making X unusable
# http://bugs.freedesktop.org/show_bug.cgi?id=22442
Section "InputClass"
Identifier "ThinkPad HDAPS accelerometer blacklist"
MatchProduct "ThinkPad HDAPS accelerometer data"
Option "Ignore" "on"
EndSection
# https://bugzilla.redhat.com/show_bug.cgi?id=523914
# Mouse does not move in PV Xen guest
# Explicitly tell evdev to not ignore the absolute axes.
Section "InputClass"
Identifier "Xen Virtual Pointer axis blacklist"
MatchProduct "Xen Virtual Pointer"
Option "IgnoreAbsoluteAxes" "off"
Option "IgnoreRelativeAxes" "off"
EndSection
# https://bugs.freedesktop.org/show_bug.cgi?id=55867
# Bug 55867 - Doesn't know how to tag XI_TRACKBALL
Section "InputClass"
Identifier "Tag trackballs as XI_TRACKBALL"
MatchProduct "trackball"
MatchDriver "evdev"
Option "TypeName" "TRACKBALL"
EndSection
# https://bugs.freedesktop.org/show_bug.cgi?id=62831
# Bug 62831 - Mionix Naos 5000 mouse detected incorrectly
Section "InputClass"
Identifier "Tag Mionix Naos 5000 mouse XI_MOUSE"
MatchProduct "La-VIEW Technology Naos 5000 Mouse"
MatchDriver "evdev"
Option "TypeName" "MOUSE"
EndSection

1
commitid Normal file
View File

@ -0,0 +1 @@
d13cb974426f7f1110b0bdb08c4ebb46ff8975f7

1
dead.package Normal file
View File

@ -0,0 +1 @@
xorg-x11-server package is retired on branch c10s for CS-2432

0
SOURCES/driver-abi-rebuild.sh → driver-abi-rebuild.sh
View File

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

0
SOURCES/gitignore → gitignore
View File

6
import.log Normal file
View File

@ -0,0 +1,6 @@
xorg-x11-server-1_5_0-1_fc10:HEAD:xorg-x11-server-1.5.0-1.fc10.src.rpm:1220485219
xorg-x11-server-1_5_1-1_fc10:HEAD:xorg-x11-server-1.5.1-1.fc10.src.rpm:1222198557
xorg-x11-server-1_5_2-1_fc10:HEAD:xorg-x11-server-1.5.2-1.fc10.src.rpm:1223667007
xorg-x11-server-1_5_3-1_fc10:HEAD:xorg-x11-server-1.5.3-1.fc10.src.rpm:1225918317
xorg-x11-server-1_6_0-1_fc11:HEAD:xorg-x11-server-1.6.0-1.fc11.src.rpm:1235594175
xorg-x11-server-1_6_1-1_fc11:HEAD:xorg-x11-server-1.6.1-1.fc11.src.rpm:1239742477

17
make-git-snapshot.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
DIRNAME=xorg-server-$( date +%Y%m%d )
rm -rf $DIRNAME
git clone git://git.freedesktop.org/git/xorg/xserver $DIRNAME
cd $DIRNAME
if [ -z "$1" ]; then
git log | head -1
else
git checkout $1
fi
git log | head -1 | awk '{ print $2 }' > ../commitid
git repack -a -d
cd ..
tar cf - $DIRNAME | xz -c9 > $DIRNAME.tar.xz
rm -rf $DIRNAME

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (xorg-server-1.20.14.tar.xz) = be3dc32cce7d55d7e38c5f6557027f13f39224c76cc83e5800555d5ce89dbdc3731773a2d186a5b97db9fc8731a2b2dd6e9829af2b01ee2559246d4aef7c4963

31
xorg-x11-server-fb-access-wrapper.patch Normal file
View File

@ -0,0 +1,31 @@
fb: Declare wfbFinishScreenInit, wfbScreenInit for !FB_ACCESS_WRAPPER
xorg-x11-drv-nouveau wfbScreenInit without defining FB_ACCESS_WRAPPER
(which has other unintended side effects). Presently, this compiles
and links because compilers still support implicit function
declarations, but this is going to change fairly soon. This seems to
be the most straightforward change to keep the driver building.
Submitted upstream:
<https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1114>
diff -ur xorg-server-1.20.14.orig/fb/fb.h xorg-server-1.20.14/fb/fb.h
--- xorg-server-1.20.14.orig/fb/fb.h 2021-12-15 20:01:24.000000000 +0100
+++ xorg-server-1.20.14/fb/fb.h 2023-04-13 13:59:47.325341537 +0200
@@ -1027,7 +1027,6 @@
int dpiy, int width, /* pixel width of frame buffer */
int bpp); /* bits per pixel of frame buffer */
-#ifdef FB_ACCESS_WRAPPER
extern _X_EXPORT Bool
wfbFinishScreenInit(ScreenPtr pScreen,
void *pbits,
@@ -1049,7 +1048,6 @@
int width,
int bpp,
SetupWrapProcPtr setupWrap, FinishWrapProcPtr finishWrap);
-#endif
extern _X_EXPORT Bool
fbFinishScreenInit(ScreenPtr pScreen,

555
SPECS/xorg-x11-server.spec → xorg-x11-server.spec
View File

@ -45,11 +45,11 @@
Summary: X.Org X11 X server
Name: xorg-x11-server
Version: 1.20.11
Release: 25%{?gitdate:.%{gitdate}}%{?dist}
Version: 1.20.14
Release: 36%{?gitdate:.%{gitdate}}%{?dist}
URL: http://www.x.org
License: MIT
Group: User Interface/X
# SPDX
License: Adobe-Display-PostScript AND BSD-3-Clause AND DEC-3-Clause AND HPND AND HPND-sell-MIT-disclaimer-xserver AND HPND-sell-variant AND ICU AND ISC AND MIT AND MIT-open-group AND NTP AND SGI-B-2.0 AND SMLNJ AND X11 AND X11-distribute-modifications-variant
#VCS: git:git://git.freedesktop.org/git/xorg/xserver
%if 0%{?gitdate}
@ -60,12 +60,10 @@ Source0: xorg-server-%{gitdate}.tar.xz
Source1: make-git-snapshot.sh
Source2: commitid
%else
Source0: https://www.x.org/pub/individual/xserver/%{pkgname}-%{version}.tar.bz2
Source0: https://www.x.org/pub/individual/xserver/%{pkgname}-%{version}.tar.xz
Source1: gitignore
%endif
Source4: 10-quirks.conf
Source10: xserver.pamd
# "useful" xvfb-run script
@ -82,123 +80,121 @@ Source40: driver-abi-rebuild.sh
Patch1: 06_use-intel-only-on-pre-gen4.diff
# Default to xf86-video-modesetting on GeForce 8 and newer
Patch2: 0001-xfree86-use-modesetting-driver-by-default-on-GeForce.patch
# Default to va_gl on intel i965 as we use the modesetting drv there
# va_gl should probably just be the default everywhere ?
Patch3: 0001-xf86-dri2-Use-va_gl-as-vdpau_driver-for-Intel-i965-G.patch
Patch4: 0001-Always-install-vbe-and-int10-sdk-headers.patch
# Submitted upstream, but not going anywhere
Patch5: 0001-autobind-GPUs-to-the-screen.patch
# because the display-managers are not ready yet, do not upstream
Patch6: 0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch
# RHEL mustard
Patch10: 0001-mustard-Don-t-probe-for-drivers-not-shipped-in-RHEL8.patch
Patch11: 0001-mustard-Add-DRI2-fallback-driver-mappings-for-i965-a.patch
#Patch11: 0001-Enable-PAM-support.patch
Patch12: 0001-link-with-z-now.patch
Patch14: 0001-xfree86-Don-t-autoconfigure-vesa-or-fbdev.patch
Patch15: 0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch
Patch16: 0001-xfree86-try-harder-to-span-on-multihead.patch
Patch18: 0001-mustard-Work-around-broken-fbdev-headers.patch
# Not sure anyone else cares about this so let's keep this Fedora-only for now
# Upstream PR for the meson.build equivalent is here, so we can drop this patch
# when we start building with meson.
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1001`
Patch7: 0001-configure.ac-search-for-the-fontrootdir-ourselves.patch
# fix to be upstreamed
Patch100: 0001-linux-Make-platform-device-probe-less-fragile.patch
Patch102: 0001-xfree86-ensure-the-readlink-buffer-is-null-terminate.patch
# Backports from current stable "server-1.20-branch":
# <empty>
# fix already upstream
Patch200: 0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch
Patch201: 0001-linux-Fix-platform-device-PCI-detection-for-complex-.patch
Patch202: 0001-modesetting-Reduce-glamor-initialization-failed-mess.patch
Patch203: 0001-xfree86-Only-switch-to-original-VT-if-it-is-active.patch
Patch204: 0001-xf86-logind-Fix-drm_drop_master-before-vt_reldisp.patch
Patch205: 0001-present-Check-for-NULL-to-prevent-crash.patch
Patch206: 0001-present-Send-a-PresentConfigureNotify-event-for-dest.patch
# Backports from "master" upstream:
Patch100: 0001-present-Check-for-NULL-to-prevent-crash.patch
Patch101: 0001-render-Fix-build-with-gcc-12.patch
Patch102: 0001-xf86-Accept-devices-with-the-simpledrm-driver.patch
Patch103: 0001-Don-t-hardcode-fps-for-fake-screen.patch
Patch104: 0001-hw-Rename-boolean-config-value-field-from-bool-to-bo.patch
Patch105: 0001-add-a-quirk-for-apple-silicon.patch
# CVE-2021-4011
Patch10009: 0001-record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
# CVE-2021-4009
Patch10010: 0002-xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
# CVE-2021-4010
Patch10011: 0003-Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
# CVE-2021-4008
Patch10012: 0004-render-Fix-out-of-bounds-access-in-SProcRenderCompos.patch
# CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
Patch10013: 0001-xkb-switch-to-array-index-loops-to-moving-pointers.patch
Patch10014: 0002-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
Patch10015: 0003-xkb-add-request-length-validation-for-XkbSetGeometry.patch
Patch110: 0001-xkb-switch-to-array-index-loops-to-moving-pointers.patch
Patch111: 0002-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
Patch112: 0003-xkb-add-request-length-validation-for-XkbSetGeometry.patch
# CVE-2022-3550
Patch10016: 0001-xkb-proof-GetCountedString-against-request-length-at.patch
Patch113: 0001-xkb-proof-GetCountedString-against-request-length-at.patch
# CVE-2022-3551
Patch10017: 0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
Patch114: 0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
# CVE-2022-46340
Patch10018: 0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
Patch115: 0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
# related to CVE-2022-46344
Patch10019: 0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
Patch116: 0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
# CVE-2022-46344
Patch10020: 0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
Patch117: 0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
# CVE-2022-46341
Patch10021: 0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
Patch118: 0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
# CVE-2022-46343
Patch10022: 0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
Patch119: 0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
# CVE-2022-46342
Patch10023: 0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
# CVE-2022-4283
Patch10024: 0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
# Follow-up to CVE-2022-46340
Patch10025: 0008-Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
Patch120: 0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
# CVE-2022-46283
Patch121: 0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
# Fix for buggy patch to CVE-2022-46340
Patch122: 0008-Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
# CVE-2023-0494
Patch10026: 0001-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
Patch123: 0001-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
# CVE-2023-1393
Patch10027: 0001-composite-Fix-use-after-free-of-the-COW.patch
Patch124: 0001-composite-Fix-use-after-free-of-the-COW.patch
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1114
Patch125: xorg-x11-server-fb-access-wrapper.patch
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1057
Patch126: 0001-present-Send-a-PresentConfigureNotify-event-for-dest.patch
# CVE-2023-5367
Patch10028: 0001-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
Patch1010: 0001-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
# CVE-2023-5380
Patch10029: 0002-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
Patch1011: 0002-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
# CVE-2023-6377
Patch10030: 0001-Xi-allocate-enough-XkbActions-for-our-buttons.patch
Patch1012: 0001-Xi-allocate-enough-XkbActions-for-our-buttons.patch
# CVE-2023-6478
Patch10031: 0001-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
Patch1013: 0001-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
# CVE-2023-6816
Patch10032: 0001-dix-allocate-enough-space-for-logical-button-maps.patch
Patch1014: 0001-dix-allocate-enough-space-for-logical-button-maps.patch
# CVE-2024-0229
Patch10033: 0002-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
Patch10034: 0003-dix-fix-DeviceStateNotify-event-calculation.patch
Patch10035: 0004-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
Patch1015: 0002-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
Patch1016: 0003-dix-fix-DeviceStateNotify-event-calculation.patch
Patch1017: 0004-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
# CVE-2024-21885
Patch10036: 0005-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
Patch1018: 0005-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
# CVE-2024-21886
Patch10037: 0006-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
Patch10038: 0007-dix-when-disabling-a-master-float-disabled-slaved-de.patch
Patch1019: 0006-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
Patch1020: 0007-dix-when-disabling-a-master-float-disabled-slaved-de.patch
# CVE-2024-0408
Patch10039: 0008-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
Patch1021: 0008-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
# CVE-2024-0409
Patch10040: 0009-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
# Fix compilation error
Patch10041: 0001-hw-Rename-boolean-config-value-field-from-bool-to-bo.patch
Patch1022: 0009-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
# Related to CVE-2024-21886
Patch10042: 0001-dix-Fix-use-after-free-in-input-device-shutdown.patch
Patch1023: 0001-dix-Fix-use-after-free-in-input-device-shutdown.patch
# Fix compilation error on i686
Patch10043: 0001-ephyr-Fix-incompatible-pointer-type-build-error.patch
Patch1024: 0001-ephyr-Fix-incompatible-pointer-type-build-error.patch
# Fix copy and paste error in CVE-2024-0229
Patch10044: 0001-dix-fix-valuator-copy-paste-error-in-the-DeviceState.patch
Patch1025: 0001-dix-fix-valuator-copy-paste-error-in-the-DeviceState.patch
# CVE-2024-31080
Patch10045: 0001-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapped-le.patch
Patch1026: 0001-Xi-ProcXIGetSelectedEvents-needs-to-use-unswapped-le.patch
# CVE-2024-31081
Patch10046: 0002-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
Patch1027: 0002-Xi-ProcXIPassiveGrabDevice-needs-to-use-unswapped-le.patch
# CVE-2024-31082
Patch10047: 0003-Xquartz-ProcAppleDRICreatePixmap-needs-to-use-unswap.patch
Patch1028: 0003-Xquartz-ProcAppleDRICreatePixmap-needs-to-use-unswap.patch
# CVE-2024-31083
Patch10048: 0004-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
Patch10049: 0001-render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
# CVE-2024-9632
Patch10050: 0001-xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
Patch1029: 0004-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
Patch1030: 0001-render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
## Add new patches above; Fedora-specific patches below
# Only on F38 and later (patch number starts at 3801, see autopatch below)
# Upstream commits 73d6e88, f69280dd and 4127776, minus the xwayland.pc.in change
Patch3801: 0001-Disallow-byte-swapped-clients-by-default.patch
BuildRequires: make
BuildRequires: systemtap-sdt-devel
BuildRequires: git
BuildRequires: git-core
BuildRequires: automake autoconf libtool pkgconfig
BuildRequires: xorg-x11-util-macros >= 1.17
BuildRequires: xorg-x11-proto-devel >= 7.7-10
BuildRequires: xorg-x11-font-utils >= 7.2-11
BuildRequires: dbus-devel libepoxy-devel systemd-devel
BuildRequires: xorg-x11-xtrans-devel >= 1.3.2
@ -215,13 +211,13 @@ BuildRequires: pkgconfig(epoxy)
BuildRequires: pkgconfig(xshmfence) >= 1.1
BuildRequires: libXv-devel
BuildRequires: pixman-devel >= 0.30.0
BuildRequires: libpciaccess-devel >= 0.13.1 openssl-devel bison flex flex-devel
BuildRequires: libpciaccess-devel >= 0.13.1 openssl-devel bison flex
BuildRequires: mesa-libGL-devel >= 9.2
BuildRequires: mesa-libEGL-devel
BuildRequires: mesa-libgbm-devel
# XXX silly...
BuildRequires: libdrm-devel >= 2.4.0 kernel-headers
BuildRequires: pam-devel
BuildRequires: audit-libs-devel libselinux-devel >= 2.0.86-1
BuildRequires: libudev-devel
# libunwind is Exclusive for the following arches
@ -240,7 +236,6 @@ X.Org X11 X server
%package common
Summary: Xorg server common files
Group: User Interface/X
Requires: pixman >= 0.30.0
Requires: xkeyboard-config xkbcomp
@ -250,7 +245,6 @@ Common files shared among all X servers.
%package Xorg
Summary: Xorg X server
Group: User Interface/X
Provides: Xorg = %{version}-%{release}
Provides: Xserver
# HdG: This should be moved to the wrapper package once the wrapper gets
@ -278,12 +272,6 @@ Obsoletes: xorg-x11-drv-vmmouse < 13.1.0-4
Requires: xorg-x11-server-common >= %{version}-%{release}
Requires: system-setup-keyboard
Requires: xorg-x11-drv-libinput
%ifnarch s390 s390x
Requires: xorg-x11-drv-fbdev
%ifarch x86_64
Requires: xorg-x11-drv-vesa
%endif
%endif
Requires: libEGL
%description Xorg
@ -295,7 +283,6 @@ upon.
%package Xnest
Summary: A nested server
Group: User Interface/X
Requires: xorg-x11-server-common >= %{version}-%{release}
Provides: Xnest
@ -309,7 +296,6 @@ applications without running them on their real X server.
%package Xdmx
Summary: Distributed Multihead X Server and utilities
Group: User Interface/X
Requires: xorg-x11-server-common >= %{version}-%{release}
Provides: Xdmx
@ -326,7 +312,6 @@ application for Xdmx would be to unify a 4 by 4 grid of 1280x1024 displays
%package Xvfb
Summary: A X Windows System virtual framebuffer X server
Group: User Interface/X
# xvfb-run is GPLv2, rest is MIT
License: MIT and GPLv2
Requires: xorg-x11-server-common >= %{version}-%{release}
@ -345,7 +330,6 @@ is normally used for testing servers.
%package Xephyr
Summary: A nested server
Group: User Interface/X
Requires: xorg-x11-server-common >= %{version}-%{release}
Provides: Xephyr
@ -362,7 +346,6 @@ Render and Composite.
%package devel
Summary: SDK for X server driver module development
Group: User Interface/X
Requires: xorg-x11-util-macros
Requires: xorg-x11-proto-devel
Requires: libXfont2-devel
@ -380,7 +363,6 @@ drivers, input drivers, or other X modules should install this package.
%package source
Summary: Xserver source code required to build VNC server (Xvnc)
Group: Development/Libraries
BuildArch: noarch
%description source
@ -394,7 +376,11 @@ cp %{SOURCE1} .gitignore
# ick
%global __scm git
%{expand:%__scm_setup_git -q}
%if 0%{?fedora} >= 38
%autopatch
%else
%autopatch -M 3800
%endif
%if 0%{?stable_abi}
# check the ABI in the source against what we expect.
@ -425,14 +411,20 @@ export CFLAGS="$RPM_OPT_FLAGS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1"
export CXXFLAGS="$RPM_OPT_FLAGS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1"
export LDFLAGS="$RPM_LD_FLAGS -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
%ifnarch %{ix86} x86_64
%if !0%{?rhel}
%ifarch %{ix86} x86_64
%global int10_arch 1
%endif
%endif
%if %{undefined int10_arch}
%global no_int10 --disable-vbe --disable-int10-module
%endif
%global kdrive --enable-kdrive --enable-xephyr --disable-xfake --disable-xfbdev
%global xservers --enable-xvfb --enable-xnest %{kdrive} --enable-xorg
%global default_font_path "catalogue:/etc/X11/fontpath.d,built-ins"
%global dri_flags --enable-dri --enable-dri2 %{?!rhel:--enable-dri3} --enable-suid-wrapper --enable-glamor
%global dri_flags --disable-dri --enable-dri2 %{?!rhel:--enable-dri3} --enable-suid-wrapper --enable-glamor
autoreconf -f -v --install || exit 1
@ -440,7 +432,7 @@ autoreconf -f -v --install || exit 1
--enable-dependency-tracking \
--disable-static \
--with-pic \
%{?no_int10} --with-int10=x86emu \
%{?no_int10} \
--with-default-font-path=%{default_font_path} \
--with-module-dir=%{_libdir}/xorg/modules \
--with-builderstring="Build ID: %{name} %{version}-%{release}" \
@ -454,7 +446,7 @@ autoreconf -f -v --install || exit 1
--disable-unit-tests \
--enable-dmx \
--disable-xwayland \
%{dri_flags} %{?bodhi_flags} \
%{dri_flags} \
${CONFIGURE}
make V=1 %{?_smp_mflags}
@ -467,12 +459,6 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/xorg/modules/{drivers,input}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/xserver
# restore this if/when restoring the PAM patch
#mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps
#touch $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps/xserver
mkdir -p $RPM_BUILD_ROOT%{_datadir}/X11/xorg.conf.d
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_datadir}/X11/xorg.conf.d
# make sure the (empty) /etc/X11/xorg.conf.d is there, system-setup-keyboard
# relies on it more or less.
@ -510,6 +496,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
# Remove unwanted files/dirs
{
find $RPM_BUILD_ROOT -type f -name '*.la' | xargs rm -f -- || :
# wtf
%ifnarch %{ix86} x86_64
rm -f $RPM_BUILD_ROOT%{_libdir}/xorg/modules/lib{int10,vbe}.so
%endif
@ -530,10 +517,8 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%global Xorgperms %attr(0711,root,root) %caps(cap_sys_admin,cap_sys_rawio,cap_dac_override=pe)
%endif
# restore the missingok one if/when restoring the PAM patch
%files Xorg
%config %attr(0644,root,root) %{_sysconfdir}/pam.d/xserver
#config(missingok) /etc/security/console.apps/xserver
%{_bindir}/X
%{_bindir}/Xorg
%{_libexecdir}/Xorg
@ -555,7 +540,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%{_libdir}/xorg/modules/libshadowfb.so
%{_libdir}/xorg/modules/libvgahw.so
%{_libdir}/xorg/modules/libwfb.so
%ifarch %{ix86} x86_64
%if %{defined int10_arch}
%{_libdir}/xorg/modules/libint10.so
%{_libdir}/xorg/modules/libvbe.so
%endif
@ -618,232 +603,264 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%changelog
* Tue Oct 29 2024 José Expósito <jexposit@redhat.com> - 1.20.11-25
- CVE fix for CVE-2024-9632
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.20.14-36
- Bump release for June 2024 mass rebuild
* Wed Apr 10 2024 José Expósito <jexposit@redhat.com> - 1.20.11-24
* Wed Apr 10 2024 José Expósito <jexposit@redhat.com> - 1.20.14-35
- Fix regression caused by the fix for CVE-2024-31083
* Thu Apr 04 2024 José Expósito <jexposit@redhat.com> - 1.20.11-23
* Thu Apr 04 2024 José Expósito <jexposit@redhat.com> - 1.20.14-34
- Add gating.yaml
* Thu Apr 04 2024 José Expósito <jexposit@redhat.com> - 1.20.14-33
- CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and
CVE-2024-31083
- Add util-linux as a dependency of Xvfb
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.14-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 José Expósito <jexposit@redhat.com> - 1.20.14-31
- Fix compilation error on i686
* Thu Jan 18 2024 José Expósito <jexposit@redhat.com> - 1.20.11-22
* Fri Jan 19 2024 José Expósito <jexposit@redhat.com> - 1.20.14-30
- Fix use after free related to CVE-2024-21886
* Tue Jan 16 2024 José Expósito <jexposit@redhat.com> - 1.20.11-21
* Tue Jan 16 2024 José Expósito <jexposit@redhat.com> - 1.20.14-29
- CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886,
CVE-2024-0408 and CVE-2024-0409
Resolves: https://issues.redhat.com/browse/RHEL-21207
Resolves: https://issues.redhat.com/browse/RHEL-20528
Resolves: https://issues.redhat.com/browse/RHEL-20378
Resolves: https://issues.redhat.com/browse/RHEL-20384
Resolves: https://issues.redhat.com/browse/RHEL-21191
Resolves: https://issues.redhat.com/browse/RHEL-21198
* Thu Dec 14 2023 José Expósito <jexposit@redhat.com> - 1.20.11-20
* Wed Dec 13 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-28
- CVE fix for: CVE-2023-6377, CVE-2023-6478
Resolves: https://issues.redhat.com/browse/RHEL-18321
Resolves: https://issues.redhat.com/browse/RHEL-18327
* Wed Oct 25 2023 José Expósito <jexposit@redhat.com> - 1.20.11-19
- CVE fix for: CVE-2023-5380
Resolves: https://issues.redhat.com/browse/RHEL-14060
* Fri Nov 10 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-27
- Update with full SPDX license list
* Wed Oct 25 2023 José Expósito <jexposit@redhat.com> - 1.20.11-18
- CVE fix for: CVE-2023-5367
Resolves: https://issues.redhat.com/browse/RHEL-13430
* Wed Oct 25 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-26
- CVE fix for: CVE-2023-5367, CVE-2023-5380
* Tue Jun 6 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-17
- Backport fix for a deadlock with DRI3
Resolves: rhbz#2192556
* Fri Oct 20 2023 José Expósito <jexposit@redhat.com>
- SPDX migration: license is already SPDX compatible
* Fri Mar 31 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-16
* Fri Sep 29 2023 Orion Poplawski <orion@nwra.com> - 1.20.14-25
- Fix xvfb-run --error-file / auth-file options
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.14-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Apr 25 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-23
- Backport fix for a deadlock with DRI3 (#2189434)
* Thu Apr 13 2023 Florian Weimer <fweimer@redhat.com> - 1.20.14-22
- Make more functions available in fb.h with !FB_ACCESS_WRAPPER
* Wed Mar 29 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-21
- CVE fix for: CVE-2023-1393
Resolves: rhbz#2180296
* Wed Feb 22 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-15
- Rebuild for the missing debuginfo
Related: rhbz#2169522
* Tue Feb 21 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-14
* Thu Feb 23 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-20
- Fix xvfb-run script with --listen-tcp
Resolves: rhbz#2169522
* Fri Feb 03 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.11-13
- Fix CVE-2023-0494 (#2166977)
* Thu Feb 09 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.20.14-19
- Remove pam_console from service file (#1822209)
* Mon Dec 19 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.11-12
- Follow-up fix for CVE-2022-46340 (#2151774)
* Thu Feb 02 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-18
- CVE-2023-0494: potential use-after-free
* Mon Dec 12 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.11-11
- CVE fix for: CVE-2022-4283 (#2151799), CVE-2022-46340 (#2151774),
CVE-2022-46341 (#2151779), CVE-2022-46342 (#2151784),
CVE-2022-46343 (#2151789), CVE-2022-46344 (#2151794)
* Wed Feb 01 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-17
- Updated conditional fedora statement
* Mon Nov 14 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-10
* Tue Jan 17 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-16
- Use the recommended way to apply conditional patches without
conditionalizing the sources (for byte-swapped clients).
* Fri Jan 13 2023 Leif Liddy <leifliddy@fedoraproject.org> 1.20.14-15
- Xorg server does not correctly select the DCP for the display
without a quirk on Apple silicon machines (#2152414)
* Fri Jan 13 2023 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-14
- Disallow byte-swapped clients (#2159489)
* Wed Jan 11 2023 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-13
- Rename boolean config value field from bool to boolean to fix drivers
build failures due to a conflict with C++ and stdbool.h
* Mon Dec 19 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-12
- Fix buggy patch to CVE-2022-46340
* Wed Dec 14 2022 Peter Hutterer <peter.hutterer@redhat.com> 1.20.14-11
- CVE fix for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341,
CVE-2022-46342, CVE-2022-46343, CVE-2022-46344
* Wed Nov 23 2022 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.14-10
- Drop dependency on xorg-x11-font-utils, it was only there for on
build-time variable that's always the same value anyway (#2145088)
* Tue Nov 8 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-9
- Fix CVE-2022-3550, CVE-2022-3551
Resolves: rhbz#2140766, rhbz#2140772
* Fri Jul 29 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-9
- CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
Resolves: rhbz#2108156, rhbz#2108161
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.14-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 09 2022 Ray Strode <rstrode@redhat.com> - 1.20.11-8
- Rebuild again for ipv6 xtrans fix
Related: #2075132
* Tue Jul 12 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-7
- Fix CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
* Tue May 24 2022 Ray Strode <rstrode@redhat.com> - 1.20.11-6
- Rebuild for ipv6 xtrans fix
Related: #2075132
* Wed Apr 13 2022 Dominik Mierzejewski <rpm@greysector.net> - 1.20.14-6
- Don't hardcode fps for fake screen (#2054188)
* Fri Jan 28 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-5
- Fix crash with NVIDIA proprietary driver with Present (#2046329)
* Fri Apr 8 2022 Jocelyn Falempe <jfalempe@redhat.com> - 1.20.14-5
- Fix basic graphic mode not working with simpledrm (#2067151)
* Thu Jan 6 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-4
- CVE fix for: CVE-2021-4008 (#2030162), CVE-2021-4009 (#2030172),
CVE-2021-4010 (#2030175), CVE-2021-4011 (#2030181)
* Fri Jan 28 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-4
- Fix build with GCC 12 (#2047134)
* Mon Nov 29 2021 Jocelyn Falempe <jfalempe@redhat.com> - 1.20.11-3
- xf86/logind Fix drm_drop_master before vt_reldis
Resolves: #1771863
* Tue Jan 25 2022 Olivier Fourdan <ofourdan@redhat.com> - 1.20.14-3
- Fix crash with NVIDIA proprietary driver with Present (#2046147)
* Wed Jun 9 2021 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-2
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 17 2021 Olivier <ofourdan@redhat.com> - 1.20.14-1
- xserver 1.20.14
CVE-2021-4008/ZDI-CAN-14192 (#2026059, #2032941)
CVE-2021-4009/ZDI-CAN-14950 (#2026072, #2032943)
CVE-2021-4010/ZDI-CAN-14951 (#2026073, #2032944)
CVE-2021-4011/ZDI-CAN-14952 (#2026074, #2032945)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.20.11-3
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Apr 14 2021 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-1
- xserver 1.20.11 (CVE-2021-3472 / ZDI-CAN-1259)
* Wed Feb 03 2021 Peter Hutterer <peter.hutterer@redhat.com> 1.20.10-5
- Drop BuildRequires for flex-devel (#1871101)
* Mon Feb 1 2021 Olivier Fourdan <ofourdan@redhat.com> - 1.20.10-4
- Remove Xwayland from the xserver builds
Resolves: #1956838
* Tue Jun 1 2021 Olivier Fourdan <ofourdan@redhat.com> - 1.20.11-1
- xserver 1.20.11
Resolves: #1954260
* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Dec 10 2020 Adam Jackson <ajax@redhat.com> - 1.20.10-1
- xserver 1.20.10
Resolves: #1891871
* Tue Jan 19 2021 Adam Jackson <ajax@redhat.com> - 1.20.10-2
- Disable int10 and vbe on RHEL
- Disable DRI1
- Stop overriding the vendor name
* Wed Dec 9 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-10
- modesetting: keep going if a modeset fails on EnterVT
Resolves: #1838392
* Wed Dec 2 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.20.10-1
- xserver 1.20.10 (CVE-2020-14360, CVE-2020-25712)
* Mon Nov 16 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-9
- CVE fix for: CVE-2020-14347 (#1862320)
* Thu Nov 5 10:35:09 AEST 2020 Peter Hutterer <peter.hutterer@redhat.com> - 1.20.9-3
- Add BuildRequires for make
* Thu Oct 29 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-8
- CVE fixes for: CVE-2020-14345 (#1872391), CVE-2020-14346 (#1872395),
CVE-2020-14361 (#1872402), CVE-2020-14362 (#1872409)
* Wed Nov 04 2020 Peter Hutterer <peter.hutterer@redhat.com> 1.20.9-2
- Drop BuildRequires to git-core only
* Tue Oct 27 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-7
* Thu Oct 8 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.20.9-1
- xserver 1.20.9 + all current fixes from upstream
* Wed Aug 12 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-4
- Enable XC-SECURITY
Resolves: #1863142
* Thu Aug 20 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-6
- xfree86: add drm modes on non-GTF panels
Resolves: #1823461
* Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-3
- Fix information disclosure bug in pixmap allocation (CVE-2020-14347)
* Tue Aug 4 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-5
- xwayland: Hold a pixmap reference in struct xwl_present_event
Related: #1728684
- glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling
Resolves: #1740250
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 10 2020 Ray Strode <rstrode@redhat.com> - 1.20.8-4
- Don't switch VTs in the exit path, if killed on inactive VT
Related: #1618481
* Fri Jun 26 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-3
- Downgrade modesetting "glamor initialization failed" X_ERROR X_INFO
Resolves: #1724573
- Xwayland / Present leak fixes for #1728684
* Wed Jun 10 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.8-2
- Re-enable Xwayland Present support
Resolves: #1728684, #1715676
- Remove unused patch
* Tue May 26 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-1
* Mon Mar 30 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.20.8-1
- xserver 1.20.8
- Backport latest Xwayland randr resolution change emulation support
patches.
* Tue Feb 11 2020 Michel Dänzer <mdaenzer@redhat.com> - 1.20.6-3
- Add fix for crash with Option "Rotate" in xorg.conf
Resolves: #1795328
* Wed Mar 18 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.20.7-2
- Fix a crash on closing a window using Present found upstream:
https://gitlab.freedesktop.org/xorg/xserver/issues/1000
* Wed Dec 11 2019 Michel Dänzer <mdaenzer@redhat.com> - 1.20.6-2
- Add fixes for intermittent modesetting artifacts
Resolves: #1738670
* Fri Mar 13 2020 Olivier Fourdan <ofourdan@redhat.com> - 1.20.7-1
- xserver 1.20.7
- backport from stable "xserver-1.20-branch" up to commit ad7364d8d
(for mutter fullscreen unredirect on Wayland)
- Update videodrv minor ABI as 1.20.7 changed the minor ABI version
(backward compatible, API addition in glamor)
- Rebase Xwayland randr resolution change emulation support patches
* Mon Dec 9 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.20.6-1
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Nov 25 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.20.6-1
- xserver 1.20.6
* Tue Sep 03 2019 Adam Jackson <ajax@redhat.com> - 1.20.3-11
- Add DRI2 fallback driver mappings for i965 and radeonsi
* Mon Nov 4 2019 Hans de Goede <hdegoede@redhat.com> - 1.20.5-9
- Fix building with new libglvnd-1.2.0 (E)GL headers and pkgconfig files
* Mon Aug 19 2019 Adam Jackson <ajax@redhat.com> - 1.20.3-10
- Backport glvnd vendor selection for prime render offloading
* Mon Nov 4 2019 Hans de Goede <hdegoede@redhat.com> - 1.20.5-8
- Backport Xwayland randr resolution change emulation support
* Fri Jul 12 2019 Adam Jackson <ajax@redhat.com> - 1.20.3-8
- Fix platform device PCI detection for complex bus topologies
* Thu Aug 29 2019 Olivier Fourdan <ofourdan@redhat.com> 1.20.5-7
- Pick latest fixes from xserver stable branch upstream (rhbz#1729925)
* Wed Apr 10 2019 Adam Jackson <ajax@redhat.com> - 1.20.3-7
- Don't require fbdev on s390x, where it doesn't exist
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 03 2019 Adam Jackson <ajax@redhat.com> - 1.20.3-6
- Add Requires: fbdev (and on x86_64, vesa) to Xorg subpackage
* Mon Jul 8 2019 Olivier Fourdan <ofourdan@redhat.com> 1.20.5-5
- Do not include <sys/io.h> on ARM with glibc to avoid compilation failure.
- Do not force vbe and int10 sdk headers as this enables int10 which does
not build on ARM without <sys/io.h>
* Mon Jan 14 2019 Ben Crocker <bcrocker@redhat.com> - 1.20.3-5
- Add Eric Anholt's patch e50c85f4ebf559 from upstream:
- Fix segfault on probing a non-PCI platform device on a system with PCI
- NOTE: also pertains on a system with no PCI, e.g. s390x.
Resolves: #1652013
* Mon Jul 8 2019 Olivier Fourdan <ofourdan@redhat.com> 1.20.5-4
- Fix regression causing screen tearing with upstream xserver 1.20.5
(rhbz#1726419)
* Mon Jan 07 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.20.3-4
- Move LeaveVT after resetting randr pointers in xf86CrtcCloseScreen
* Fri Jun 28 2019 Olivier Fourdan <ofourdan@redhat.com> 1.20.5-3
- Remove atomic downstream patches causing regressions (#1714981, #1723715)
- Xwayland crashes (#1708119, #1691745)
- Cursor issue with tablet on Xwayland
- Xorg/modesetting issue with flipping pixmaps with Present (#1645553)
* Mon Nov 19 2018 Adam Jackson <ajax@redhat.com> - 1.20.3-3
- Apply even more -z now and -pie
* Thu Jun 06 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.20.5-2
- Return AlreadyGrabbed for keycodes > 255 (#1697804)
* Mon Nov 19 2018 Ray Strode <rstrode@redhat.com> - 1.20.3-2
- Fix crash in Xephyr on server reset
Resolves: #1650168
* Thu May 30 2019 Adam Jackson <ajax@redhat.com> - 1.20.5-1
- xserver 1.20.5
* Tue Nov 13 2018 Adam Jackson <ajax@redhat.com> - 1.20.3-1
* Tue Apr 23 2019 Adam Jackson <ajax@redhat.com> - 1.20.4-4
- Fix some non-atomic modesetting calls to be atomic
* Wed Mar 27 2019 Peter Hutterer <peter.hutterer@redhat.com> 1.20.4-3
- Fix a Qt scrolling bug, don't reset the valuator on slave switch
* Thu Mar 21 2019 Adam Jackson <ajax@redhat.com> - 1.20.4-2
- Backport an Xwayland crash fix in the Present code
* Tue Feb 26 2019 Adam Jackson <ajax@redhat.com> - 1.20.4-1
- xserver 1.20.4
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 11 2019 Olivier Fourdan <ofourdan@redhat.com> - 1.20.3-3
- More Xwayland/Present fixes from upstream (rhbz#1609181, rhbz#1661748)
* Thu Dec 06 2018 Olivier Fourdan <ofourdan@redhat.com> - 1.20.3-2
- Xwayland/Present fixes from master upstream
* Thu Nov 01 2018 Adam Jackson <ajax@redhat.com> - 1.20.3-1
- xserver 1.20.3
- Also forget about DRI driver names for drivers we're not shipping
* Fri Oct 26 2018 Adam Jackson <ajax@redhat.com> - 1.20.2-5
- Work around broken fbdev headers
* Mon Oct 22 2018 Adam Jackson <ajax@redhat.com> - 1.20.2-4
- Back out the PAM patch, may not be necessary in 8
* Wed Oct 17 2018 Peter Hutterer <peter.hutterer@redhat.com> 1.20.2-3
- Backport fix for readlink call from master
* Tue Oct 16 2018 Adam Jackson <ajax@redhat.com> - 1.20.2-2
- Avoid drmSetInterfaceVersion in platform device probe
- Backport a misparenthesis fix from master
* Mon Oct 15 2018 Adam Jackson <ajax@redhat.com> - 1.20.2-1
- xserver 1.20.2
* Mon Oct 15 2018 Olivier Fourdan <ofourdan@redhat.com>> - 1.20.1-4
- Some more RHEL mustard:
- Disable Present support in Xwayland (rhbz#1638463)
* Thu Oct 4 2018 Hans de Goede <hdegoede@redhat.com> - 1.20.1-4
- Rebase patch to use va_gl as vdpau driver on i965 GPUs, re-fix rhbz#1413733
* Fri Oct 12 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-3
- Assorted RHEL mustard:
- Don't probe for drivers we're not shipping
- Enable PAM
- Link Xorg with -z now
- Nerf modesetting's atomic ioctl support
- Don't autoconfigure vesa or fbdev from X -configure
- Call LeaveVT on RANDR's CloseScreen path so we drop drm master
- Try harder to get initial spanning desktop if the output's
preferred mode was filtered away
- Sync va_gl/vdpau patch from F29
* Thu Sep 13 2018 Dave Airlie <airlied@redhat.com> - 1.20.1-3
- Build with PIE enabled (this doesn't enable bind now)
* Thu Sep 13 2018 Dave Airlie <airlied@redhat.com> - 1.20.1-2
- build with PIE flags
* Mon Sep 10 2018 Olivier Fourdan <ofourdan@redhat.com> - 1.20.1-2
- Include patches from upstream to fix Xwayland crashes
* Thu Aug 09 2018 Adam Jackson <ajax@redhat.com> - 1.20.1-1
- xserver 1.20.1

0
SOURCES/xserver-sdk-abi-requires.release → xserver-sdk-abi-requires
View File

0
SOURCES/xserver-sdk-abi-requires.git → xserver-sdk-abi-requires.git
View File

19
xserver-sdk-abi-requires.release Executable file
View File

@ -0,0 +1,19 @@
#!/bin/sh
#
# The X server provides capabilities of the form:
#
# Provides: xserver-abi(ansic-0) = 4
#
# for an ABI version of 0.4. The major number is encoded into the name so
# that major number changes force upgrades. If we didn't, then
#
# Requires: xserver-abi(ansic) >= 0.4
#
# would also match 1.0, which is wrong since major numbers mean an ABI break.
ver=$(pkg-config --variable abi_$1 xorg-server)
major=$(echo $ver | cut -f 1 -d .)
minor=$(echo $ver | cut -f 2 -d .)
echo "xserver-abi($1-$major) >= $minor"

1
SOURCES/xserver.pamd → xserver.pamd
View File

@ -1,5 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_console.so
account required pam_permit.so
session optional pam_keyinit.so force revoke

2
SOURCES/xvfb-run.sh → xvfb-run.sh
View File

@ -101,7 +101,7 @@ find_free_servernum() {
# Parse the command line.
ARGS=$(getopt --options +ade:f:hn:lp:s:w: \
--long auto-servernum,error-file:auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait: \
--long auto-servernum,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait: \
--name "$PROGNAME" -- "$@")
GETOPT_STATUS=$?