Xext/shm.c | 10 +- configure.ac | 10 +- debian/changelog | 45 ++++++++- debian/compat | 2 debian/control | 24 ++-- debian/copyright | 27 +++++ debian/patches/fix-int10.patch | 42 -------- debian/patches/mi-dont-process-disabled.patch | 62 ------------ debian/patches/pixman-validate.patch | 27 ----- debian/patches/series | 3 debian/rules | 23 ++++ debian/upstream/signing-key.asc | 41 ++++++++ debian/xserver-xorg-core.install | 1 dix/devices.c | 3 dix/events.c | 1 glamor/glamor.c | 40 ++++++++ glamor/glamor_core.c | 2 glamor/glamor_egl.c | 6 + glamor/glamor_fbo.c | 1 glamor/glamor_font.c | 1 glamor/glamor_largepixmap.c | 9 + glamor/glamor_pixmap.c | 1 glamor/glamor_priv.h | 6 + glamor/glamor_program.c | 3 glamor/glamor_render.c | 10 +- glamor/glamor_spans.c | 2 glamor/glamor_sync.c | 2 glamor/glamor_transfer.c | 57 +++++++---- hw/kdrive/ephyr/ephyrinit.c | 11 +- hw/kdrive/ephyr/hostx.c | 27 +++-- hw/kdrive/fake/Makefile.am | 1 hw/kdrive/fbdev/Makefile.am | 1 hw/xfree86/common/xf86Events.c | 7 - hw/xfree86/common/xf86platformBus.c | 20 +++- hw/xfree86/drivers/modesetting/drmmode_display.c | 4 hw/xfree86/drivers/modesetting/dumb_bo.c | 4 hw/xfree86/int10/generic.c | 2 hw/xfree86/modes/xf86Crtc.h | 2 hw/xfree86/os-support/linux/int10/linux.c | 2 hw/xfree86/os-support/linux/systemd-logind.c | 17 +-- hw/xfree86/sdksyms.sh | 14 ++ hw/xnest/Keyboard.c | 4 hw/xwayland/Makefile.am | 1 hw/xwayland/xwayland-cursor.c | 26 +++++ hw/xwayland/xwayland-glamor.c | 4 hw/xwayland/xwayland-input.c | 57 +++-------- hw/xwayland/xwayland-output.c | 4 hw/xwayland/xwayland.c | 4 hw/xwayland/xwayland.h | 8 - hw/xwin/glx/gen_gl_wrappers.py | 96 +++++++++---------- hw/xwin/winclipboard/Makefile.am | 2 hw/xwin/winprocarg.c | 14 ++ include/dix-config.h.in | 6 + include/input.h | 2 include/os.h | 17 +++ include/servermd.h | 2 mi/mifillarc.c | 5 + os/access.c | 111 ++++++++++++++++++++++- os/auth.c | 8 - os/backtrace.c | 4 os/connection.c | 9 + os/log.c | 28 ++++- os/utils.c | 2 os/xdmcp.c | 21 ++++ present/present.c | 8 - randr/rrcrtc.c | 6 - randr/rrscreen.c | 2 67 files changed, 680 insertions(+), 344 deletions(-)
New commits: commit 4c2ae4ef23470c00d0d9ac65638d9b844528f0e9 Author: Timo Aaltonen <tjaal...@debian.org> Date: Tue Jul 7 12:54:37 2015 +0300 mi-dont-process-disabled.patch: This has been upstream for some time now, drop it. diff --git a/debian/changelog b/debian/changelog index 43f28bd..579f11b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium * fix-int10.patch: Dropped, upstream. * pixman-validate.patch: Dropped, not upstream and not needed since pixman got fixed. + * mi-dont-process-disabled.patch: This has been upstream for some time + now, drop it. -- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300 diff --git a/debian/patches/mi-dont-process-disabled.patch b/debian/patches/mi-dont-process-disabled.patch deleted file mode 100644 index 81691ee..0000000 --- a/debian/patches/mi-dont-process-disabled.patch +++ /dev/null @@ -1,62 +0,0 @@ -Date: Tue, 20 May 2014 14:32:59 +1000 -From: Peter Hutterer <peter.hutte...@who-t.net> -Subject: [PATCH] mi: don't process events from disabled devices (#77884) - -Once a device is disabled, it doesn't have a sprite pointer anymore. If an -event is still in the queue and processed after DisableDevice finished, a -dereference causes a crash. Example backtrace (crash forced by injecting an -event at the right time): - -(EE) 0: /opt/xorg/bin/Xorg (OsSigHandler+0x3c) [0x48d334] -(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x37fcc0f74f] -(EE) 2: /opt/xorg/bin/Xorg (mieqMoveToNewScreen+0x38) [0x609240] -(EE) 3: /opt/xorg/bin/Xorg (mieqProcessDeviceEvent+0xd4) [0x609389] -(EE) 4: /opt/xorg/bin/Xorg (mieqProcessInputEvents+0x206) [0x609720] -(EE) 5: /opt/xorg/bin/Xorg (ProcessInputEvents+0xd) [0x4aeb58] -(EE) 6: /opt/xorg/bin/Xorg (xf86VTSwitch+0x1a6) [0x4af457] -(EE) 7: /opt/xorg/bin/Xorg (xf86Wakeup+0x2bf) [0x4af0a7] -(EE) 8: /opt/xorg/bin/Xorg (WakeupHandler+0x83) [0x4445cb] -(EE) 9: /opt/xorg/bin/Xorg (WaitForSomething+0x3fe) [0x491bf6] -(EE) 10: /opt/xorg/bin/Xorg (Dispatch+0x97) [0x435748] -(EE) 11: /opt/xorg/bin/Xorg (dix_main+0x61d) [0x4438a9] -(EE) 12: /opt/xorg/bin/Xorg (main+0x28) [0x49ba28] -(EE) 13: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x37fc821d65] -(EE) 14: /opt/xorg/bin/Xorg (_start+0x29) [0x425e69] -(EE) 15: ? (?+0x29) [0x29] - -xf86VTSwitch() calls ProcessInputEvents() before disabling a device, and -DisableDevice() calls mieqProcessInputEvents() again when flushing touches and -button events. Between that and disabling the device (which causes new events -to be refused) there is a window where events may be triggered and enqueued. -On the next call to PIE that event is processed on a now defunct device, -causing the crash. - -The simplest fix to this is to discard events from disabled devices. We flush -the queue often enough before disabling that when we get here, we really don't -care about the events from this device. - -X.Org Bug 77884 <http://bugs.freedesktop.org/show_bug.cgi?id=77884> ---- -Modified by Maarten Lankhorst to pass tests. - - mi/mieq.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/mi/mieq.c b/mi/mieq.c -index 4c07480..188a0b0 100644 ---- a/mi/mieq.c -+++ b/mi/mieq.c -@@ -515,6 +515,10 @@ mieqProcessDeviceEvent(DeviceIntPtr dev, InternalEvent *event, ScreenPtr screen) - - verify_internal_event(event); - -+ /* refuse events from disabled devices */ -+ if (dev && !dev->enabled) -+ return 0; -+ - /* Custom event handler */ - handler = miEventQueue.handlers[event->any.type]; - --- -1.9.0 - diff --git a/debian/patches/series b/debian/patches/series index eecb289..ad76035 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -49,4 +49,3 @@ fix-ftbfs-ppc64el.patch xmir.patch drm_device_keep_trying.patch xi2-resize-touch.patch -mi-dont-process-disabled.patch commit 6aad1995c8696ea4efef7827293ef427d0902c89 Author: Timo Aaltonen <tjaal...@debian.org> Date: Tue Jul 7 12:34:01 2015 +0300 pixman-validate.patch: Dropped, not upstream and not needed since pixman got fixed. diff --git a/debian/changelog b/debian/changelog index ff6e195..43f28bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium * Merge from Debian unstable. (LP: #1471185) * xserver-xorg-xmir.install: Removed, not used anymore. * fix-int10.patch: Dropped, upstream. + * pixman-validate.patch: Dropped, not upstream and not needed since + pixman got fixed. -- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300 diff --git a/debian/patches/pixman-validate.patch b/debian/patches/pixman-validate.patch deleted file mode 100644 index 513de6c..0000000 --- a/debian/patches/pixman-validate.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/exa/exa_render.c b/exa/exa_render.c -index 172e2b5..807eeba 100644 ---- a/exa/exa_render.c -+++ b/exa/exa_render.c -@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst, - - exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST); - for (; ntrap; ntrap--, traps++) -- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1); -+ if (xTrapezoidValid(traps)) -+ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1); - exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST); - - xRel = bounds.x1 + xSrc - xDst; -diff --git a/render/picture.h b/render/picture.h -index c85353a..49eb263 100644 ---- a/render/picture.h -+++ b/render/picture.h -@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed; - /* whether 't' is a well defined not obviously empty trapezoid */ - #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \ - (t)->right.p1.y != (t)->right.p2.y && \ -- (int) ((t)->bottom - (t)->top) > 0) -+ (t)->bottom > 0 && (int) ((t)->bottom - (t)->top) > 0) - - /* - * Standard NTSC luminance conversions: diff --git a/debian/patches/series b/debian/patches/series index 4b13dcc..eecb289 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -45,7 +45,6 @@ xf86-ignore-conflicting-rr-caps.patch fix-detach-gpu.patch disable-rotation-transform-gpuscreens.patch -pixman-validate.patch fix-ftbfs-ppc64el.patch xmir.patch drm_device_keep_trying.patch commit 9191e9610030b1889090680d599a61b228a80060 Author: Timo Aaltonen <tjaal...@debian.org> Date: Tue Jul 7 12:18:39 2015 +0300 close a bug diff --git a/debian/changelog b/debian/changelog index 5cdd376..ff6e195 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium + * Merge from Debian unstable. (LP: #1471185) * xserver-xorg-xmir.install: Removed, not used anymore. * fix-int10.patch: Dropped, upstream. commit 98eab202711af0a73a01bc3b49a6c2b0579b4fa3 Author: Timo Aaltonen <tjaal...@debian.org> Date: Tue Jul 7 12:16:00 2015 +0300 fix-int10.patch: Dropped, upstream. diff --git a/debian/changelog b/debian/changelog index a2ec5ac..5cdd376 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium + + * xserver-xorg-xmir.install: Removed, not used anymore. + * fix-int10.patch: Dropped, upstream. + + -- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300 + xorg-server (2:1.17.2-1) unstable; urgency=medium [ Sven Joachim ] @@ -24,12 +31,6 @@ xorg-server (2:1.17.1-2) unstable; urgency=medium -- Julien Cristau <jcris...@debian.org> Mon, 04 May 2015 22:04:01 +0200 -xorg-server (2:1.17.1-0ubuntu5) UNRELEASED; urgency=medium - - * xserver-xorg-xmir.install: Removed, not used anymore. - - -- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300 - xorg-server (2:1.17.1-0ubuntu4) wily; urgency=medium * debian/control: diff --git a/debian/patches/fix-int10.patch b/debian/patches/fix-int10.patch deleted file mode 100644 index 5f7e5cd..0000000 --- a/debian/patches/fix-int10.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Jürg Billeter <j...@bitron.ch> -To: xorg-de...@lists.x.org -Subject: [PATCH xserver] int10: Fix error check for pci_device_map_legacy -Date: Sat, 7 Feb 2015 18:13:21 +0100 -Message-Id: <1423329201-32163-1-git-send-emai...@bitron.ch> -List-Id: "X.Org development list" <xorg-devel.lists.x.org> - -pci_device_map_legacy returns 0 on success. - -Signed-off-by: Jürg Billeter <j...@bitron.ch> ---- - hw/xfree86/int10/generic.c | 2 +- - hw/xfree86/os-support/linux/int10/linux.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c -index 012d194..8d5c4da 100644 ---- a/hw/xfree86/int10/generic.c -+++ b/hw/xfree86/int10/generic.c -@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int len) - { - void *map; - -- if (!pci_device_map_legacy(dev, 0, len, 0, &map)) -+ if (pci_device_map_legacy(dev, 0, len, 0, &map)) - return FALSE; - - memcpy(buf, map, len); -diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c -index 79b9a88..6ca118f 100644 ---- a/hw/xfree86/os-support/linux/int10/linux.c -+++ b/hw/xfree86/os-support/linux/int10/linux.c -@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int base, int len) - { - void *map; - -- if (!pci_device_map_legacy(dev, base, len, 0, &map)) -+ if (pci_device_map_legacy(dev, base, len, 0, &map)) - return FALSE; - - memcpy(buf, map, len); --- 2.3.0 \ No newline at end of file diff --git a/debian/patches/series b/debian/patches/series index 771a1a8..4b13dcc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -35,7 +35,6 @@ no-nv.patch # Probably is just papering over issue; needs further analysis ## upstream patches -fix-int10.patch # hybrid graphics fixes 228_autobind_gpu.patch commit ea448463e7229c3d290b2328c32d90b2179320ad Author: Julien Cristau <jcris...@debian.org> Date: Wed Jul 1 18:09:54 2015 +0200 Upload to unstable And fix the previous changelog to reflect the actual upload target while I'm at it. diff --git a/debian/changelog b/debian/changelog index f232f54..7b33b93 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ -xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium +xorg-server (2:1.17.2-1) unstable; urgency=medium + [ Sven Joachim ] * New upstream release. + symbols: Fix sdksyms.sh to cope with gcc5 (Closes: #778187) + os/access: fix regression in server interpreted auth (Closes: #784687) @@ -12,9 +13,9 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium * Build xserver-xorg-core-udeb on all architectures again (Closes: #775205) * Update debian/upstream/signing-key.asc. - -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200 + -- Julien Cristau <jcris...@debian.org> Wed, 01 Jul 2015 18:07:40 +0200 -xorg-server (2:1.17.1-2) experimental; urgency=medium +xorg-server (2:1.17.1-2) unstable; urgency=medium * Disable libdrm support on hurd and in the kfreebsd udeb build, so we don't try building the modesetting driver without libdrm. We should probably commit 4c47be84e1e76394cadca8bffba8b11c793e8c76 Author: Sven Joachim <svenj...@gmx.de> Date: Fri Jun 26 20:10:35 2015 +0200 Build xserver-xorg-core-udeb on all architectures again The reason for the truncated relocations on sparc was most likely that nettle was built with -fpic rather than -fPIC, and that has been fixed last year, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755769. The long list of architectures was problematic anyway, since it did not include recently added release architectures (arm64, ppc64el). diff --git a/debian/changelog b/debian/changelog index 72a1794..f232f54 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium + unauthorised local client access in XWayland [CVE-2015-3164] (Closes: #788410) * Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646) + * Build xserver-xorg-core-udeb on all architectures again (Closes: #775205) * Update debian/upstream/signing-key.asc. -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200 diff --git a/debian/control b/debian/control index 4a79cf8..ee439b1 100644 --- a/debian/control +++ b/debian/control @@ -165,7 +165,7 @@ Package: xserver-xorg-core-udeb XC-Package-Type: udeb Section: debian-installer # exclude sparc because of linker errors -Architecture: alpha amd64 armel armhf hppa hurd-i386 i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc powerpcspe s390 +Architecture: any Depends: # merged: xserver-common (>= ${source:Version}), xkb-data-udeb, commit 18228c6a458ac1234d9ec4fae84efea8b6ca6aa9 Author: Sven Joachim <svenj...@gmx.de> Date: Fri Jun 26 20:00:20 2015 +0200 Add another bug closure diff --git a/debian/changelog b/debian/changelog index 5802892..72a1794 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium + os/access: fix regression in server interpreted auth (Closes: #784687) + dix: Fix image byte order on big endian hardware (Closes: #785474) + int10: Fix error check for pci_device_map_legacy (Closes: #787144) + + modesetting: Include dix-config.h from dumb_bo.c (Closes: #789823) + unauthorised local client access in XWayland [CVE-2015-3164] (Closes: #788410) * Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646) commit 80e2b7d508b9533ccceb29f99aa0d96e36bb3b24 Author: Sven Joachim <svenj...@gmx.de> Date: Wed Jun 24 17:59:08 2015 +0200 Update debian/upstream/signing-key.asc diff --git a/debian/changelog b/debian/changelog index 31fc0a2..5802892 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium + unauthorised local client access in XWayland [CVE-2015-3164] (Closes: #788410) * Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646) + * Update debian/upstream/signing-key.asc. -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200 diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc index 1e34b0c..2395a38 100644 --- a/debian/upstream/signing-key.asc +++ b/debian/upstream/signing-key.asc @@ -279,3 +279,44 @@ gksZFyWOfV82jHBeu+O0xJNU/9xvZsJF4TORrRWRO1o1gkF7x/oBk7yilh+mSq1P DNOWZJQhmuWMtbOUL2WMkKRPDwJrcbwpt3bc6aZCeAH1SSRLEe9Y+2uLeneTMA== =+xMJ -----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQGiBEDLnMIRBACNlsJkPRfH7RMOn7nirvYN5StKVvwdJa2MFUM3sjoaA11nW+Zw +Yxion4GkbIOtz25R29TcwuAaK1UWhy1Rz6aIOOMOzBeUNGGCvRXF76rKHBHOdSJw +AXEvNa/9rKOIaPL7PBN7Lb4CmrjEbA9gKYtZQD9qQSKcAwyyxszkW1e7TwCg7MbV +Bq5MWlATjOAzXLoSpgyENwMD/jPz53KmwUobbqri2pFhozacl5N93cy7b3pwpTZY +fM50cXVSSshYpqdCr5AoWG/DXNGRixv1DnBKOI2Cv6YAQLntcATHxR8ssemOZHRv +7D0hvWwC3o6GSKdg0rSOtRHfDhEL4IFVmPLZaXIRDZ0/ancrCuQPdZ9mzCi/LQmV +noTeA/kB73zJMYH7Z0TSKv490AMWQHbKVvos8+tXxATlq0Otib+s55LXQocSPjgp +GR5qKzqTn9elg2dyo4GYeAYvGBmhQtBdeYo1rVq2pC6HCzMG79zozL9O25SnDLpj +WoqJB6qHBAd9tlTHzkRxv1Fqr4jfIupNborXbhR25tiYOm72irQcQWRhbSBKYWNr +c29uIDxhamF4QG53bmsubmV0PohhBBMRAgAhAhsDBgsJCAcDAgMVAgMDFgIBAh4B +AheABQJEZNYGAhkBAAoJEFuKLVCg7NDTlj8AoL9RgTs++HaD5w5lYARcE+OB+0Jg +AKDZBhJhVgOsEjeg7atMglFR7s36mrQeQWRhbSBKYWNrc29uIDxhamF4QHJlZGhh +dC5jb20+iGAEExECACAFAkfENSICGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK +CRBbii1QoOzQ0x6CAJ0fevUkaaBcTzKa0lTgfNFQ0E+JwgCfaWy44eNKttn4WWEZ +CTGF+e+zraS0IEFkYW0gSmFja3NvbiA8YWpheEBlbmdyLnNnaS5jb20+iF4EExEC +AB4FAkHB1gECGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQW4otUKDs0NNTOgCg +lu1MOCbysvn68WReXz+v02+y2VkAoL12gktA0TFZnPBk3cweEAwCkUlXtCZBZGFt +IEphY2tzb24gPGFqYXhAd2lsZG9wZW5zb3VyY2UuY29tPoheBBMRAgAeBQJBriSn +AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEFuKLVCg7NDTOe4AnRUJ6FqQLaoY +XWCToQdl/Gry4UNZAJ97YYHMt1FIo1TLCWWozSiG+VtTq7QnQWRhbSBKYWNrc29u +IDxhamF4QGJlbnplZHJpbmUubnduay5uZXQ+iF4EExECAB4FAkRk1eACGwMGCwkI +BwMCAxUCAwMWAgECHgECF4AACgkQW4otUKDs0NN+fwCg2cPLDbAb07gMWBETKTRm +sj34FsAAn0SQ4kuqs9Ms0ZRKDqNQ1YTMwyEHuQINBEDLnNAQCACrbu13VZsigsM6 +8MzfdGQ4x/acO4Vd+Dg/aFj3EhPfXZHRauuJ7gQtWc9Mk2ghTjbqEXj0JILbif95 +IyShdC/fxEYiFybRODR6FHlXj6BFCxZFfqi4mOuaGQ4BeB57g/gW+FSoIPzYU4IY +85KD62qeS37zQEBAAK+mCEboUGfPT0wHrkFtkTObjOg7UTjpBp5/HknUREYo8mLo +WBv7CDlApicmXoqnKfAcFaNY2YLMjklwFHh2i2+6dPbkdWSEpuZhkxIQ/8JlYS6A +2g5DMKcNdmqr4Z6xjk8Fj1SO7ILc9EtR+ACqkqkmlU3m4AUHjdR/4kk7tEJ5DytP +c95JcuJnAAMFB/9KWUqJbdeHs47LJBksZ6tnHArcSG653e9uejtNt5xquJIz2wxb +exMV9Bkzwu9v/A8Vo7px7Bkhh++sBrgpGD4z5Jr+PaWOsw5qrO9OVVgzXkUf2QoD +gw4Hh8m9jpx1s6tNasPsy12OGMJ4a5a1GCGg8F7sPlWLBd491viavDyOWYkKozLH +hXwKlGOec0sCRGeHTiqPinxs29PXaTE7Dl/f2dYgiNzTSWetSx7Sv1H9EX4qxPgc +smdRuGV7k7dIw/J02rcI/Ol4OUORRMY2cgJnb5mNxIxTgTGJysm+MjfPrZnOeDVK +TroAYtas/uirqiNzk7fdIdUdgbOhsAl9n3QZiEYEGBECAAYFAkDLnNAACgkQW4ot +UKDs0NP3CACfS1DKwgN/rB7Ib+RJiuK0F/BQoEYAoOhr0VXCT5dP0Yr1kIad7njC +GBF1 +=bYOv +-----END PGP PUBLIC KEY BLOCK----- commit 21e27c726f26efceff8f5e8dab695c5226973f5b Author: Sven Joachim <svenj...@gmx.de> Date: Wed Jun 24 17:57:46 2015 +0200 Install the modesetting.4 manpage into xserver-xorg-core diff --git a/debian/changelog b/debian/changelog index 534b2d8..31fc0a2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium + int10: Fix error check for pci_device_map_legacy (Closes: #787144) + unauthorised local client access in XWayland [CVE-2015-3164] (Closes: #788410) + * Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646) -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200 diff --git a/debian/xserver-xorg-core.install b/debian/xserver-xorg-core.install index 517db7a..6c06117 100644 --- a/debian/xserver-xorg-core.install +++ b/debian/xserver-xorg-core.install @@ -9,4 +9,5 @@ main/usr/bin/cvt usr/bin main/usr/bin/gtf usr/bin main/usr/share/man/man1/cvt.1 usr/share/man/man1 main/usr/share/man/man1/gtf.1 usr/share/man/man1 +main/usr/share/man/man4/modesetting.4 usr/share/man/man4 main/usr/share/X11/xorg.conf.d usr/share/X11/ commit 18b9d95e7fa3d55984c61c666f492d068793c17b Author: Sven Joachim <svenj...@gmx.de> Date: Wed Jun 24 17:17:41 2015 +0200 New upstream release Fixing at least five bugs reported in the BTS. diff --git a/debian/changelog b/debian/changelog index d40249f..534b2d8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium + + * New upstream release. + + symbols: Fix sdksyms.sh to cope with gcc5 (Closes: #778187) + + os/access: fix regression in server interpreted auth (Closes: #784687) + + dix: Fix image byte order on big endian hardware (Closes: #785474) + + int10: Fix error check for pci_device_map_legacy (Closes: #787144) + + unauthorised local client access in XWayland [CVE-2015-3164] + (Closes: #788410) + + -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200 + xorg-server (2:1.17.1-2) experimental; urgency=medium * Disable libdrm support on hurd and in the kfreebsd udeb build, so we don't commit 2123f7682d522619f101b05fb75efa75dabbe371 Author: Adam Jackson <a...@redhat.com> Date: Tue Jun 16 11:42:47 2015 -0400 xserver 1.17.2 Signed-off-by: Adam Jackson <a...@redhat.com> diff --git a/configure.ac b/configure.ac index 847b5c4..d8f0e74 100644 --- a/configure.ac +++ b/configure.ac @@ -26,8 +26,8 @@ dnl dnl Process this file with autoconf to create configure. AC_PREREQ(2.60) -AC_INIT([xorg-server], 1.17.1, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) -RELEASE_DATE="2015-02-10" +AC_INIT([xorg-server], 1.17.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) +RELEASE_DATE="2015-06-16" RELEASE_NAME="lambic" AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_MACRO_DIR([m4]) commit 8a5fb096d43577a061f7769d9257cbedaac998ef Author: Dave Airlie <airl...@redhat.com> Date: Thu May 28 05:30:01 2015 +0000 glamor: don't do render ops with matching source/dest (v2) XRender defines this, GL really doesn't like it. kwin 4.x and qt 4.x seem to make this happen for the gradient in the titlebar, and on radeonsi/r600 hw this draws all kinds of wrong. v2: bump this up a level, and check it earlier. (I assume the XXXX was for this case.) [This corresponds to fa12f2c150b2f50de9dac4a2b09265f13af353af in master, fixed up for 1.17 branch. - ajax] Signed-off-by: Dave Airlie <airl...@redhat.com> diff --git a/glamor/glamor_largepixmap.c b/glamor/glamor_largepixmap.c index 9b24584..b9c3b9a 100644 --- a/glamor/glamor_largepixmap.c +++ b/glamor/glamor_largepixmap.c @@ -1046,6 +1046,15 @@ glamor_composite_largepixmap_region(CARD8 op, int source_repeat_type = 0, mask_repeat_type = 0; int ok = TRUE; + if (source_pixmap_priv == dest_pixmap_priv) { + glamor_fallback("source and dest pixmaps are the same\n"); + return FALSE; + } + if (mask_pixmap_priv == dest_pixmap_priv) { + glamor_fallback("mask and dest pixmaps are the same\n"); + return FALSE; + } + if (source->repeat) source_repeat_type = source->repeatType; else diff --git a/glamor/glamor_render.c b/glamor/glamor_render.c index 2386f2e..d9b16ea 100644 --- a/glamor/glamor_render.c +++ b/glamor/glamor_render.c @@ -1400,6 +1400,7 @@ glamor_composite_clipped_region(CARD8 op, { ScreenPtr screen = dest->pDrawable->pScreen; PixmapPtr source_pixmap = NULL, mask_pixmap = NULL; + PixmapPtr dest_pixmap = glamor_get_drawable_pixmap(dest->pDrawable); PicturePtr temp_src = source, temp_mask = mask; glamor_pixmap_private *temp_src_priv = source_pixmap_priv; glamor_pixmap_private *temp_mask_priv = mask_pixmap_priv; @@ -1502,7 +1503,14 @@ glamor_composite_clipped_region(CARD8 op, } } - /*XXXXX, self copy? */ + if (source_pixmap == dest_pixmap) { + glamor_fallback("source and dest pixmaps are the same\n"); + goto out; + } + if (mask_pixmap == dest_pixmap) { + glamor_fallback("mask and dest pixmaps are the same\n"); + goto out; + } x_dest += dest->pDrawable->x; y_dest += dest->pDrawable->y; commit ea9e02184399e9979654544dde8926912a8aa2c8 Author: Rui Matos <tiagoma...@gmail.com> Date: Wed May 27 12:08:45 2015 +0200 xwayland: Throttle our cursor surface updates with a frame callback In some extreme cases with animated cursors at a high frame rate we could end up filling the wl_display outgoing buffer and end up with wl_display_flush() failing. In any case, using the frame callback to throttle ourselves is the right thing to do. Signed-off-by: Rui Matos <tiagoma...@gmail.com> Reviewed-by: Daniel Stone <dani...@collabora.com> Signed-off-by: Keith Packard <kei...@keithp.com> (cherry picked from commit cbb7eb73b5399e31a7afb800363504d539df0ecf) diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c index 5a9d1fe..c137e1e 100644 --- a/hw/xwayland/xwayland-cursor.c +++ b/hw/xwayland/xwayland-cursor.c @@ -82,6 +82,23 @@ xwl_unrealize_cursor(DeviceIntPtr device, ScreenPtr screen, CursorPtr cursor) return xwl_shm_destroy_pixmap(pixmap); } +static void +frame_callback(void *data, + struct wl_callback *callback, + uint32_t time) +{ + struct xwl_seat *xwl_seat = data; + xwl_seat->cursor_frame_cb = NULL; + if (xwl_seat->cursor_needs_update) { + xwl_seat->cursor_needs_update = FALSE; + xwl_seat_set_cursor(xwl_seat); + } +} + +static const struct wl_callback_listener frame_listener = { + frame_callback +}; + void xwl_seat_set_cursor(struct xwl_seat *xwl_seat) { @@ -98,6 +115,11 @@ xwl_seat_set_cursor(struct xwl_seat *xwl_seat) return; } + if (xwl_seat->cursor_frame_cb) { + xwl_seat->cursor_needs_update = TRUE; + return; + } + cursor = xwl_seat->x_cursor; pixmap = dixGetPrivate(&cursor->devPrivates, &xwl_cursor_private_key); stride = cursor->bits->width * 4; @@ -117,6 +139,10 @@ xwl_seat_set_cursor(struct xwl_seat *xwl_seat) wl_surface_damage(xwl_seat->cursor, 0, 0, xwl_seat->x_cursor->bits->width, xwl_seat->x_cursor->bits->height); + + xwl_seat->cursor_frame_cb = wl_surface_frame(xwl_seat->cursor); + wl_callback_add_listener(xwl_seat->cursor_frame_cb, &frame_listener, xwl_seat); + wl_surface_commit(xwl_seat->cursor); } diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c index cbffea7..4639048 100644 --- a/hw/xwayland/xwayland-input.c +++ b/hw/xwayland/xwayland-input.c @@ -569,6 +569,8 @@ xwl_seat_destroy(struct xwl_seat *xwl_seat) RemoveDevice(xwl_seat->keyboard, FALSE); wl_seat_destroy(xwl_seat->seat); wl_surface_destroy(xwl_seat->cursor); + if (xwl_seat->cursor_frame_cb) + wl_callback_destroy(xwl_seat->cursor_frame_cb); wl_array_release(&xwl_seat->keys); free(xwl_seat); } diff --git a/hw/xwayland/xwayland.h b/hw/xwayland/xwayland.h index cfb343d..28b0c99 100644 --- a/hw/xwayland/xwayland.h +++ b/hw/xwayland/xwayland.h @@ -115,12 +115,14 @@ struct xwl_seat { struct wl_pointer *wl_pointer; struct wl_keyboard *wl_keyboard; struct wl_array keys; - struct wl_surface *cursor; struct xwl_window *focus_window; uint32_t id; uint32_t pointer_enter_serial; struct xorg_list link; CursorPtr x_cursor; + struct wl_surface *cursor; + struct wl_callback *cursor_frame_cb; + Bool cursor_needs_update; size_t keymap_size; char *keymap; commit 6cc61df989c7764097c9b21d71386e230fa13cd4 Author: Chris Wilson <ch...@chris-wilson.co.uk> Date: Fri Feb 6 08:25:42 2015 +0000 present: Copy unflip contents back to the Screen Pixmap As we unflip after the flip Window no longer passes the pixel ownership test for the full Screen Pixmap, we can no longer utilize that Window to copy the contents back to the backing pixmap. To first flip means that the Window was originally backed by the Screen Pixmap and wholly covered the Pixmap, thus we need to copy the last frame contents to the Screen Pixmap when the flip chain is complete. Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk> Reviewed-and-Tested-by: Michel Dänzer <michel.daen...@amd.com> (cherry picked from commit 806470b9f623089dc81b985f250f0c3a4e8edbe8) diff --git a/present/present.c b/present/present.c index 2a705a9..a634601 100644 --- a/present/present.c +++ b/present/present.c @@ -409,20 +409,20 @@ static void present_unflip(ScreenPtr screen) { present_screen_priv_ptr screen_priv = present_screen_priv(screen); + PixmapPtr pixmap = (*screen->GetScreenPixmap)(screen); assert (!screen_priv->unflip_event_id); assert (!screen_priv->flip_pending); if (screen_priv->flip_window) - present_set_tree_pixmap(screen_priv->flip_window, - (*screen->GetScreenPixmap)(screen)); + present_set_tree_pixmap(screen_priv->flip_window, pixmap); - present_set_tree_pixmap(screen->root, (*screen->GetScreenPixmap)(screen)); + present_set_tree_pixmap(screen->root, pixmap); /* Update the screen pixmap with the current flip pixmap contents */ if (screen_priv->flip_pixmap && screen_priv->flip_window) { - present_copy_region(&screen_priv->flip_window->drawable, + present_copy_region(&pixmap->drawable, screen_priv->flip_pixmap, NULL, 0, 0); } commit 8b7e1f362bf6940eb863fd02395bf8155d10604b Author: Vicente Olivert Riera <vincent.ri...@imgtec.com> Date: Mon Jan 12 17:10:02 2015 +0000 backtrace.c: Fix word cast to a pointer backtrace.c uses a word size provided by libunwind. In some architectures like MIPS, libunwind makes that word size 64-bit for all variants of the architecture. In the lines #90 and #98, backtrace.c tries to do a cast to a pointer, which fails in all MIPS variants with 32-bit pointers, like MIPS32 or MIPS64 n32, because it's trying to do a cast from a 64-bit wide variable to a 32-bit pointer: Making all in os make[2]: Entering directory `/home/test/test/1/output/build/xserver_xorg-server-1.15.1/os' CC WaitFor.lo CC access.lo CC auth.lo CC backtrace.lo backtrace.c: In function 'xorg_backtrace': backtrace.c:90:20: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] if (dladdr((void *)(pip.start_ip + off), &dlinfo) && dlinfo.dli_fname && ^ backtrace.c:98:13: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] (void *)(pip.start_ip + off)); ^ cc1: some warnings being treated as errors make[2]: *** [backtrace.lo] Error 1 make[2]: *** Waiting for unfinished jobs.... Making the cast to a pointer-sized integer, and then to a pointer fixes the problem. Related: https://bugs.freedesktop.org/show_bug.cgi?id=79939 Signed-off-by: Vicente Olivert Riera <vincent.ri...@imgtec.com> Reviewed-by: Keith Packard <kei...@keithp.com> Signed-off-by: Keith Packard <kei...@keithp.com> (cherry picked from commit baa50f60acd9e9f4293107435645ab072b6110e1) diff --git a/os/backtrace.c b/os/backtrace.c index 3d1195b..fd129ef 100644 --- a/os/backtrace.c +++ b/os/backtrace.c @@ -87,7 +87,7 @@ xorg_backtrace(void) procname[1] = 0; } - if (dladdr((void *)(pip.start_ip + off), &dlinfo) && dlinfo.dli_fname && + if (dladdr((void *)(uintptr_t)(pip.start_ip + off), &dlinfo) && dlinfo.dli_fname && *dlinfo.dli_fname) filename = dlinfo.dli_fname; else @@ -95,7 +95,7 @@ xorg_backtrace(void) ErrorFSigSafe("%u: %s (%s%s+0x%x) [%p]\n", i++, filename, procname, ret == -UNW_ENOMEM ? "..." : "", (int)off, - (void *)(pip.start_ip + off)); + (void *)(uintptr_t)(pip.start_ip + off)); ret = unw_step(&cursor); if (ret < 0) commit c424458c93cb36708c6074ecaf6566d6b5818c87 Author: Ray Strode <rstr...@redhat.com> Date: Tue May 5 16:43:44 2015 -0400 xwayland: default to local user if no xauth file given. [CVE-2015-3164 3/3] Right now if "-auth" isn't passed on the command line, we let any user on the system connect to the Xwayland server. That's clearly suboptimal, given Xwayland is generally designed to be used by one user at a time. This commit changes the behavior, so only the user who started the X server can connect clients to it. Signed-off-by: Ray Strode <rstr...@redhat.com> Reviewed-by: Daniel Stone <dani...@collabora.com> Reviewed-by: Alan Coopersmith <alan.coopersm...@oracle.com> Signed-off-by: Keith Packard <kei...@keithp.com> (cherry picked from commit 76636ac12f2d1dbdf7be08222f80e7505d53c451) diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c index c5bee77..bc92beb 100644 --- a/hw/xwayland/xwayland.c +++ b/hw/xwayland/xwayland.c @@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) if (AddScreen(xwl_screen_init, argc, argv) == -1) { FatalError("Couldn't add screen\n"); } + + LocalAccessScopeUser(); } commit 01b4f5bc89820cf8cbe01777871834411074d683 Author: Ray Strode <rstr...@redhat.com> Date: Tue May 5 16:43:43 2015 -0400 os: support new implicit local user access mode [CVE-2015-3164 2/3] If the X server is started without a '-auth' argument, then it gets started wide open to all local users on the system. This isn't a great default access model, but changing it in Xorg at this point would break backward compatibility. Xwayland, on the other hand is new, and much more targeted in scope. It could, in theory, be changed to allow the much more secure default of a "user who started X server can connect clients to that server." This commit paves the way for that change, by adding a mechanism for DDXs to opt-in to that behavior. They merely need to call LocalAccessScopeUser() in their init functions. A subsequent commit will add that call for Xwayland. Signed-off-by: Ray Strode <rstr...@redhat.com> Reviewed-by: Daniel Stone <dani...@collabora.com> Reviewed-by: Alan Coopersmith <alan.coopersm...@oracle.com> Signed-off-by: Keith Packard <kei...@keithp.com> (cherry picked from commit 4b4b9086d02b80549981d205fb1f495edc373538) diff --git a/include/os.h b/include/os.h index 3e68c49..3c3954f 100644 --- a/include/os.h +++ b/include/os.h @@ -413,11 +413,28 @@ extern _X_EXPORT void ResetHosts(const char *display); extern _X_EXPORT void +EnableLocalAccess(void); + +extern _X_EXPORT void +DisableLocalAccess(void); + +extern _X_EXPORT void EnableLocalHost(void); extern _X_EXPORT void DisableLocalHost(void); +#ifndef NO_LOCAL_CLIENT_CRED +extern _X_EXPORT void +EnableLocalUser(void); + +extern _X_EXPORT void +DisableLocalUser(void); + +extern _X_EXPORT void +LocalAccessScopeUser(void); +#endif + extern _X_EXPORT void AccessUsingXdmcp(void); diff --git a/os/access.c b/os/access.c index 8fa028e..75e7a69 100644 --- a/os/access.c +++ b/os/access.c @@ -102,6 +102,10 @@ SOFTWARE. #include <sys/ioctl.h> #include <ctype.h> +#ifndef NO_LOCAL_CLIENT_CRED +#include <pwd.h> +#endif + #if defined(TCPCONN) || defined(STREAMSCONN) #include <netinet/in.h> #endif /* TCPCONN || STREAMSCONN */ @@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; static int LocalHostRequested = FALSE; static int UsingXdmcp = FALSE; +static enum { + LOCAL_ACCESS_SCOPE_HOST = 0, +#ifndef NO_LOCAL_CLIENT_CRED + LOCAL_ACCESS_SCOPE_USER, +#endif +} LocalAccessScope; -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1zcqkp-0004ju...@moszumanska.debian.org