Xext/shm.c | 10 +-
configure.ac | 10 +-
debian/changelog | 45 ++++++++-
debian/compat | 2
debian/control | 24 ++--
debian/copyright | 27 +++++
debian/patches/fix-int10.patch | 42 --------
debian/patches/mi-dont-process-disabled.patch | 62 ------------
debian/patches/pixman-validate.patch | 27 -----
debian/patches/series | 3
debian/rules | 23 ++++
debian/upstream/signing-key.asc | 41 ++++++++
debian/xserver-xorg-core.install | 1
dix/devices.c | 3
dix/events.c | 1
glamor/glamor.c | 40 ++++++++
glamor/glamor_core.c | 2
glamor/glamor_egl.c | 6 +
glamor/glamor_fbo.c | 1
glamor/glamor_font.c | 1
glamor/glamor_largepixmap.c | 9 +
glamor/glamor_pixmap.c | 1
glamor/glamor_priv.h | 6 +
glamor/glamor_program.c | 3
glamor/glamor_render.c | 10 +-
glamor/glamor_spans.c | 2
glamor/glamor_sync.c | 2
glamor/glamor_transfer.c | 57 +++++++----
hw/kdrive/ephyr/ephyrinit.c | 11 +-
hw/kdrive/ephyr/hostx.c | 27 +++--
hw/kdrive/fake/Makefile.am | 1
hw/kdrive/fbdev/Makefile.am | 1
hw/xfree86/common/xf86Events.c | 7 -
hw/xfree86/common/xf86platformBus.c | 20 +++-
hw/xfree86/drivers/modesetting/drmmode_display.c | 4
hw/xfree86/drivers/modesetting/dumb_bo.c | 4
hw/xfree86/int10/generic.c | 2
hw/xfree86/modes/xf86Crtc.h | 2
hw/xfree86/os-support/linux/int10/linux.c | 2
hw/xfree86/os-support/linux/systemd-logind.c | 17 +--
hw/xfree86/sdksyms.sh | 14 ++
hw/xnest/Keyboard.c | 4
hw/xwayland/Makefile.am | 1
hw/xwayland/xwayland-cursor.c | 26 +++++
hw/xwayland/xwayland-glamor.c | 4
hw/xwayland/xwayland-input.c | 57 +++--------
hw/xwayland/xwayland-output.c | 4
hw/xwayland/xwayland.c | 4
hw/xwayland/xwayland.h | 8 -
hw/xwin/glx/gen_gl_wrappers.py | 96 +++++++++----------
hw/xwin/winclipboard/Makefile.am | 2
hw/xwin/winprocarg.c | 14 ++
include/dix-config.h.in | 6 +
include/input.h | 2
include/os.h | 17 +++
include/servermd.h | 2
mi/mifillarc.c | 5 +
os/access.c | 111 ++++++++++++++++++++++-
os/auth.c | 8 -
os/backtrace.c | 4
os/connection.c | 9 +
os/log.c | 28 ++++-
os/utils.c | 2
os/xdmcp.c | 21 ++++
present/present.c | 8 -
randr/rrcrtc.c | 6 -
randr/rrscreen.c | 2
67 files changed, 680 insertions(+), 344 deletions(-)
New commits:
commit 4c2ae4ef23470c00d0d9ac65638d9b844528f0e9
Author: Timo Aaltonen <tjaal...@debian.org>
Date: Tue Jul 7 12:54:37 2015 +0300
mi-dont-process-disabled.patch: This has been upstream for some time now,
drop it.
diff --git a/debian/changelog b/debian/changelog
index 43f28bd..579f11b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium
* fix-int10.patch: Dropped, upstream.
* pixman-validate.patch: Dropped, not upstream and not needed since
pixman got fixed.
+ * mi-dont-process-disabled.patch: This has been upstream for some time
+ now, drop it.
-- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300
diff --git a/debian/patches/mi-dont-process-disabled.patch
b/debian/patches/mi-dont-process-disabled.patch
deleted file mode 100644
index 81691ee..0000000
--- a/debian/patches/mi-dont-process-disabled.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Date: Tue, 20 May 2014 14:32:59 +1000
-From: Peter Hutterer <peter.hutte...@who-t.net>
-Subject: [PATCH] mi: don't process events from disabled devices (#77884)
-
-Once a device is disabled, it doesn't have a sprite pointer anymore. If an
-event is still in the queue and processed after DisableDevice finished, a
-dereference causes a crash. Example backtrace (crash forced by injecting an
-event at the right time):
-
-(EE) 0: /opt/xorg/bin/Xorg (OsSigHandler+0x3c) [0x48d334]
-(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x37fcc0f74f]
-(EE) 2: /opt/xorg/bin/Xorg (mieqMoveToNewScreen+0x38) [0x609240]
-(EE) 3: /opt/xorg/bin/Xorg (mieqProcessDeviceEvent+0xd4) [0x609389]
-(EE) 4: /opt/xorg/bin/Xorg (mieqProcessInputEvents+0x206) [0x609720]
-(EE) 5: /opt/xorg/bin/Xorg (ProcessInputEvents+0xd) [0x4aeb58]
-(EE) 6: /opt/xorg/bin/Xorg (xf86VTSwitch+0x1a6) [0x4af457]
-(EE) 7: /opt/xorg/bin/Xorg (xf86Wakeup+0x2bf) [0x4af0a7]
-(EE) 8: /opt/xorg/bin/Xorg (WakeupHandler+0x83) [0x4445cb]
-(EE) 9: /opt/xorg/bin/Xorg (WaitForSomething+0x3fe) [0x491bf6]
-(EE) 10: /opt/xorg/bin/Xorg (Dispatch+0x97) [0x435748]
-(EE) 11: /opt/xorg/bin/Xorg (dix_main+0x61d) [0x4438a9]
-(EE) 12: /opt/xorg/bin/Xorg (main+0x28) [0x49ba28]
-(EE) 13: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x37fc821d65]
-(EE) 14: /opt/xorg/bin/Xorg (_start+0x29) [0x425e69]
-(EE) 15: ? (?+0x29) [0x29]
-
-xf86VTSwitch() calls ProcessInputEvents() before disabling a device, and
-DisableDevice() calls mieqProcessInputEvents() again when flushing touches and
-button events. Between that and disabling the device (which causes new events
-to be refused) there is a window where events may be triggered and enqueued.
-On the next call to PIE that event is processed on a now defunct device,
-causing the crash.
-
-The simplest fix to this is to discard events from disabled devices. We flush
-the queue often enough before disabling that when we get here, we really don't
-care about the events from this device.
-
-X.Org Bug 77884 <http://bugs.freedesktop.org/show_bug.cgi?id=77884>
----
-Modified by Maarten Lankhorst to pass tests.
-
- mi/mieq.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/mi/mieq.c b/mi/mieq.c
-index 4c07480..188a0b0 100644
---- a/mi/mieq.c
-+++ b/mi/mieq.c
-@@ -515,6 +515,10 @@ mieqProcessDeviceEvent(DeviceIntPtr dev, InternalEvent
*event, ScreenPtr screen)
-
- verify_internal_event(event);
-
-+ /* refuse events from disabled devices */
-+ if (dev && !dev->enabled)
-+ return 0;
-+
- /* Custom event handler */
- handler = miEventQueue.handlers[event->any.type];
-
---
-1.9.0
-
diff --git a/debian/patches/series b/debian/patches/series
index eecb289..ad76035 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -49,4 +49,3 @@ fix-ftbfs-ppc64el.patch
xmir.patch
drm_device_keep_trying.patch
xi2-resize-touch.patch
-mi-dont-process-disabled.patch
commit 6aad1995c8696ea4efef7827293ef427d0902c89
Author: Timo Aaltonen <tjaal...@debian.org>
Date: Tue Jul 7 12:34:01 2015 +0300
pixman-validate.patch: Dropped, not upstream and not needed since pixman
got fixed.
diff --git a/debian/changelog b/debian/changelog
index ff6e195..43f28bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium
* Merge from Debian unstable. (LP: #1471185)
* xserver-xorg-xmir.install: Removed, not used anymore.
* fix-int10.patch: Dropped, upstream.
+ * pixman-validate.patch: Dropped, not upstream and not needed since
+ pixman got fixed.
-- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300
diff --git a/debian/patches/pixman-validate.patch
b/debian/patches/pixman-validate.patch
deleted file mode 100644
index 513de6c..0000000
--- a/debian/patches/pixman-validate.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff --git a/exa/exa_render.c b/exa/exa_render.c
-index 172e2b5..807eeba 100644
---- a/exa/exa_render.c
-+++ b/exa/exa_render.c
-@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
-
- exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
- for (; ntrap; ntrap--, traps++)
-- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1,
-bounds.y1);
-+ if (xTrapezoidValid(traps))
-+ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1,
-bounds.y1);
- exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
-
- xRel = bounds.x1 + xSrc - xDst;
-diff --git a/render/picture.h b/render/picture.h
-index c85353a..49eb263 100644
---- a/render/picture.h
-+++ b/render/picture.h
-@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
- /* whether 't' is a well defined not obviously empty trapezoid */
- #define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
- (t)->right.p1.y != (t)->right.p2.y && \
-- (int) ((t)->bottom - (t)->top) > 0)
-+ (t)->bottom > 0 && (int) ((t)->bottom - (t)->top)
> 0)
-
- /*
- * Standard NTSC luminance conversions:
diff --git a/debian/patches/series b/debian/patches/series
index 4b13dcc..eecb289 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -45,7 +45,6 @@ xf86-ignore-conflicting-rr-caps.patch
fix-detach-gpu.patch
disable-rotation-transform-gpuscreens.patch
-pixman-validate.patch
fix-ftbfs-ppc64el.patch
xmir.patch
drm_device_keep_trying.patch
commit 9191e9610030b1889090680d599a61b228a80060
Author: Timo Aaltonen <tjaal...@debian.org>
Date: Tue Jul 7 12:18:39 2015 +0300
close a bug
diff --git a/debian/changelog b/debian/changelog
index 5cdd376..ff6e195 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium
+ * Merge from Debian unstable. (LP: #1471185)
* xserver-xorg-xmir.install: Removed, not used anymore.
* fix-int10.patch: Dropped, upstream.
commit 98eab202711af0a73a01bc3b49a6c2b0579b4fa3
Author: Timo Aaltonen <tjaal...@debian.org>
Date: Tue Jul 7 12:16:00 2015 +0300
fix-int10.patch: Dropped, upstream.
diff --git a/debian/changelog b/debian/changelog
index a2ec5ac..5cdd376 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.17.2-1ubuntu1) UNRELEASED; urgency=medium
+
+ * xserver-xorg-xmir.install: Removed, not used anymore.
+ * fix-int10.patch: Dropped, upstream.
+
+ -- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300
+
xorg-server (2:1.17.2-1) unstable; urgency=medium
[ Sven Joachim ]
@@ -24,12 +31,6 @@ xorg-server (2:1.17.1-2) unstable; urgency=medium
-- Julien Cristau <jcris...@debian.org> Mon, 04 May 2015 22:04:01 +0200
-xorg-server (2:1.17.1-0ubuntu5) UNRELEASED; urgency=medium
-
- * xserver-xorg-xmir.install: Removed, not used anymore.
-
- -- Timo Aaltonen <tjaal...@debian.org> Wed, 03 Jun 2015 11:41:03 +0300
-
xorg-server (2:1.17.1-0ubuntu4) wily; urgency=medium
* debian/control:
diff --git a/debian/patches/fix-int10.patch b/debian/patches/fix-int10.patch
deleted file mode 100644
index 5f7e5cd..0000000
--- a/debian/patches/fix-int10.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Jürg Billeter <j...@bitron.ch>
-To: xorg-de...@lists.x.org
-Subject: [PATCH xserver] int10: Fix error check for pci_device_map_legacy
-Date: Sat, 7 Feb 2015 18:13:21 +0100
-Message-Id: <1423329201-32163-1-git-send-emai...@bitron.ch>
-List-Id: "X.Org development list" <xorg-devel.lists.x.org>
-
-pci_device_map_legacy returns 0 on success.
-
-Signed-off-by: Jürg Billeter <j...@bitron.ch>
----
- hw/xfree86/int10/generic.c | 2 +-
- hw/xfree86/os-support/linux/int10/linux.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/xfree86/int10/generic.c b/hw/xfree86/int10/generic.c
-index 012d194..8d5c4da 100644
---- a/hw/xfree86/int10/generic.c
-+++ b/hw/xfree86/int10/generic.c
-@@ -104,7 +104,7 @@ readIntVec(struct pci_device *dev, unsigned char *buf, int
len)
- {
- void *map;
-
-- if (!pci_device_map_legacy(dev, 0, len, 0, &map))
-+ if (pci_device_map_legacy(dev, 0, len, 0, &map))
- return FALSE;
-
- memcpy(buf, map, len);
-diff --git a/hw/xfree86/os-support/linux/int10/linux.c
b/hw/xfree86/os-support/linux/int10/linux.c
-index 79b9a88..6ca118f 100644
---- a/hw/xfree86/os-support/linux/int10/linux.c
-+++ b/hw/xfree86/os-support/linux/int10/linux.c
-@@ -75,7 +75,7 @@ readLegacy(struct pci_device *dev, unsigned char *buf, int
base, int len)
- {
- void *map;
-
-- if (!pci_device_map_legacy(dev, base, len, 0, &map))
-+ if (pci_device_map_legacy(dev, base, len, 0, &map))
- return FALSE;
-
- memcpy(buf, map, len);
--- 2.3.0
\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index 771a1a8..4b13dcc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -35,7 +35,6 @@ no-nv.patch
# Probably is just papering over issue; needs further analysis
## upstream patches
-fix-int10.patch
# hybrid graphics fixes
228_autobind_gpu.patch
commit ea448463e7229c3d290b2328c32d90b2179320ad
Author: Julien Cristau <jcris...@debian.org>
Date: Wed Jul 1 18:09:54 2015 +0200
Upload to unstable
And fix the previous changelog to reflect the actual upload target while
I'm at it.
diff --git a/debian/changelog b/debian/changelog
index f232f54..7b33b93 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
+xorg-server (2:1.17.2-1) unstable; urgency=medium
+ [ Sven Joachim ]
* New upstream release.
+ symbols: Fix sdksyms.sh to cope with gcc5 (Closes: #778187)
+ os/access: fix regression in server interpreted auth (Closes: #784687)
@@ -12,9 +13,9 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
* Build xserver-xorg-core-udeb on all architectures again (Closes: #775205)
* Update debian/upstream/signing-key.asc.
- -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200
+ -- Julien Cristau <jcris...@debian.org> Wed, 01 Jul 2015 18:07:40 +0200
-xorg-server (2:1.17.1-2) experimental; urgency=medium
+xorg-server (2:1.17.1-2) unstable; urgency=medium
* Disable libdrm support on hurd and in the kfreebsd udeb build, so we don't
try building the modesetting driver without libdrm. We should probably
commit 4c47be84e1e76394cadca8bffba8b11c793e8c76
Author: Sven Joachim <svenj...@gmx.de>
Date: Fri Jun 26 20:10:35 2015 +0200
Build xserver-xorg-core-udeb on all architectures again
The reason for the truncated relocations on sparc was most likely that
nettle was built with -fpic rather than -fPIC, and that has been fixed
last year, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755769.
The long list of architectures was problematic anyway, since it did
not include recently added release architectures (arm64, ppc64el).
diff --git a/debian/changelog b/debian/changelog
index 72a1794..f232f54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
+ unauthorised local client access in XWayland [CVE-2015-3164]
(Closes: #788410)
* Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646)
+ * Build xserver-xorg-core-udeb on all architectures again (Closes: #775205)
* Update debian/upstream/signing-key.asc.
-- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200
diff --git a/debian/control b/debian/control
index 4a79cf8..ee439b1 100644
--- a/debian/control
+++ b/debian/control
@@ -165,7 +165,7 @@ Package: xserver-xorg-core-udeb
XC-Package-Type: udeb
Section: debian-installer
# exclude sparc because of linker errors
-Architecture: alpha amd64 armel armhf hppa hurd-i386 i386 ia64 kfreebsd-amd64
kfreebsd-i386 mips mipsel powerpc powerpcspe s390
+Architecture: any
Depends:
# merged: xserver-common (>= ${source:Version}),
xkb-data-udeb,
commit 18228c6a458ac1234d9ec4fae84efea8b6ca6aa9
Author: Sven Joachim <svenj...@gmx.de>
Date: Fri Jun 26 20:00:20 2015 +0200
Add another bug closure
diff --git a/debian/changelog b/debian/changelog
index 5802892..72a1794 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
+ os/access: fix regression in server interpreted auth (Closes: #784687)
+ dix: Fix image byte order on big endian hardware (Closes: #785474)
+ int10: Fix error check for pci_device_map_legacy (Closes: #787144)
+ + modesetting: Include dix-config.h from dumb_bo.c (Closes: #789823)
+ unauthorised local client access in XWayland [CVE-2015-3164]
(Closes: #788410)
* Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646)
commit 80e2b7d508b9533ccceb29f99aa0d96e36bb3b24
Author: Sven Joachim <svenj...@gmx.de>
Date: Wed Jun 24 17:59:08 2015 +0200
Update debian/upstream/signing-key.asc
diff --git a/debian/changelog b/debian/changelog
index 31fc0a2..5802892 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
+ unauthorised local client access in XWayland [CVE-2015-3164]
(Closes: #788410)
* Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646)
+ * Update debian/upstream/signing-key.asc.
-- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
index 1e34b0c..2395a38 100644
--- a/debian/upstream/signing-key.asc
+++ b/debian/upstream/signing-key.asc
@@ -279,3 +279,44 @@
gksZFyWOfV82jHBeu+O0xJNU/9xvZsJF4TORrRWRO1o1gkF7x/oBk7yilh+mSq1P
DNOWZJQhmuWMtbOUL2WMkKRPDwJrcbwpt3bc6aZCeAH1SSRLEe9Y+2uLeneTMA==
=+xMJ
-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQGiBEDLnMIRBACNlsJkPRfH7RMOn7nirvYN5StKVvwdJa2MFUM3sjoaA11nW+Zw
+Yxion4GkbIOtz25R29TcwuAaK1UWhy1Rz6aIOOMOzBeUNGGCvRXF76rKHBHOdSJw
+AXEvNa/9rKOIaPL7PBN7Lb4CmrjEbA9gKYtZQD9qQSKcAwyyxszkW1e7TwCg7MbV
+Bq5MWlATjOAzXLoSpgyENwMD/jPz53KmwUobbqri2pFhozacl5N93cy7b3pwpTZY
+fM50cXVSSshYpqdCr5AoWG/DXNGRixv1DnBKOI2Cv6YAQLntcATHxR8ssemOZHRv
+7D0hvWwC3o6GSKdg0rSOtRHfDhEL4IFVmPLZaXIRDZ0/ancrCuQPdZ9mzCi/LQmV
+noTeA/kB73zJMYH7Z0TSKv490AMWQHbKVvos8+tXxATlq0Otib+s55LXQocSPjgp
+GR5qKzqTn9elg2dyo4GYeAYvGBmhQtBdeYo1rVq2pC6HCzMG79zozL9O25SnDLpj
+WoqJB6qHBAd9tlTHzkRxv1Fqr4jfIupNborXbhR25tiYOm72irQcQWRhbSBKYWNr
+c29uIDxhamF4QG53bmsubmV0PohhBBMRAgAhAhsDBgsJCAcDAgMVAgMDFgIBAh4B
+AheABQJEZNYGAhkBAAoJEFuKLVCg7NDTlj8AoL9RgTs++HaD5w5lYARcE+OB+0Jg
+AKDZBhJhVgOsEjeg7atMglFR7s36mrQeQWRhbSBKYWNrc29uIDxhamF4QHJlZGhh
+dC5jb20+iGAEExECACAFAkfENSICGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
+CRBbii1QoOzQ0x6CAJ0fevUkaaBcTzKa0lTgfNFQ0E+JwgCfaWy44eNKttn4WWEZ
+CTGF+e+zraS0IEFkYW0gSmFja3NvbiA8YWpheEBlbmdyLnNnaS5jb20+iF4EExEC
+AB4FAkHB1gECGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQW4otUKDs0NNTOgCg
+lu1MOCbysvn68WReXz+v02+y2VkAoL12gktA0TFZnPBk3cweEAwCkUlXtCZBZGFt
+IEphY2tzb24gPGFqYXhAd2lsZG9wZW5zb3VyY2UuY29tPoheBBMRAgAeBQJBriSn
+AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEFuKLVCg7NDTOe4AnRUJ6FqQLaoY
+XWCToQdl/Gry4UNZAJ97YYHMt1FIo1TLCWWozSiG+VtTq7QnQWRhbSBKYWNrc29u
+IDxhamF4QGJlbnplZHJpbmUubnduay5uZXQ+iF4EExECAB4FAkRk1eACGwMGCwkI
+BwMCAxUCAwMWAgECHgECF4AACgkQW4otUKDs0NN+fwCg2cPLDbAb07gMWBETKTRm
+sj34FsAAn0SQ4kuqs9Ms0ZRKDqNQ1YTMwyEHuQINBEDLnNAQCACrbu13VZsigsM6
+8MzfdGQ4x/acO4Vd+Dg/aFj3EhPfXZHRauuJ7gQtWc9Mk2ghTjbqEXj0JILbif95
+IyShdC/fxEYiFybRODR6FHlXj6BFCxZFfqi4mOuaGQ4BeB57g/gW+FSoIPzYU4IY
+85KD62qeS37zQEBAAK+mCEboUGfPT0wHrkFtkTObjOg7UTjpBp5/HknUREYo8mLo
+WBv7CDlApicmXoqnKfAcFaNY2YLMjklwFHh2i2+6dPbkdWSEpuZhkxIQ/8JlYS6A
+2g5DMKcNdmqr4Z6xjk8Fj1SO7ILc9EtR+ACqkqkmlU3m4AUHjdR/4kk7tEJ5DytP
+c95JcuJnAAMFB/9KWUqJbdeHs47LJBksZ6tnHArcSG653e9uejtNt5xquJIz2wxb
+exMV9Bkzwu9v/A8Vo7px7Bkhh++sBrgpGD4z5Jr+PaWOsw5qrO9OVVgzXkUf2QoD
+gw4Hh8m9jpx1s6tNasPsy12OGMJ4a5a1GCGg8F7sPlWLBd491viavDyOWYkKozLH
+hXwKlGOec0sCRGeHTiqPinxs29PXaTE7Dl/f2dYgiNzTSWetSx7Sv1H9EX4qxPgc
+smdRuGV7k7dIw/J02rcI/Ol4OUORRMY2cgJnb5mNxIxTgTGJysm+MjfPrZnOeDVK
+TroAYtas/uirqiNzk7fdIdUdgbOhsAl9n3QZiEYEGBECAAYFAkDLnNAACgkQW4ot
+UKDs0NP3CACfS1DKwgN/rB7Ib+RJiuK0F/BQoEYAoOhr0VXCT5dP0Yr1kIad7njC
+GBF1
+=bYOv
+-----END PGP PUBLIC KEY BLOCK-----
commit 21e27c726f26efceff8f5e8dab695c5226973f5b
Author: Sven Joachim <svenj...@gmx.de>
Date: Wed Jun 24 17:57:46 2015 +0200
Install the modesetting.4 manpage into xserver-xorg-core
diff --git a/debian/changelog b/debian/changelog
index 534b2d8..31fc0a2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
+ int10: Fix error check for pci_device_map_legacy (Closes: #787144)
+ unauthorised local client access in XWayland [CVE-2015-3164]
(Closes: #788410)
+ * Install the modesetting.4 manpage into xserver-xorg-core (Closes: #789646)
-- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200
diff --git a/debian/xserver-xorg-core.install b/debian/xserver-xorg-core.install
index 517db7a..6c06117 100644
--- a/debian/xserver-xorg-core.install
+++ b/debian/xserver-xorg-core.install
@@ -9,4 +9,5 @@ main/usr/bin/cvt usr/bin
main/usr/bin/gtf usr/bin
main/usr/share/man/man1/cvt.1 usr/share/man/man1
main/usr/share/man/man1/gtf.1 usr/share/man/man1
+main/usr/share/man/man4/modesetting.4 usr/share/man/man4
main/usr/share/X11/xorg.conf.d usr/share/X11/
commit 18b9d95e7fa3d55984c61c666f492d068793c17b
Author: Sven Joachim <svenj...@gmx.de>
Date: Wed Jun 24 17:17:41 2015 +0200
New upstream release
Fixing at least five bugs reported in the BTS.
diff --git a/debian/changelog b/debian/changelog
index d40249f..534b2d8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+xorg-server (2:1.17.2-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+ + symbols: Fix sdksyms.sh to cope with gcc5 (Closes: #778187)
+ + os/access: fix regression in server interpreted auth (Closes: #784687)
+ + dix: Fix image byte order on big endian hardware (Closes: #785474)
+ + int10: Fix error check for pci_device_map_legacy (Closes: #787144)
+ + unauthorised local client access in XWayland [CVE-2015-3164]
+ (Closes: #788410)
+
+ -- Sven Joachim <svenj...@gmx.de> Wed, 24 Jun 2015 17:17:25 +0200
+
xorg-server (2:1.17.1-2) experimental; urgency=medium
* Disable libdrm support on hurd and in the kfreebsd udeb build, so we don't
commit 2123f7682d522619f101b05fb75efa75dabbe371
Author: Adam Jackson <a...@redhat.com>
Date: Tue Jun 16 11:42:47 2015 -0400
xserver 1.17.2
Signed-off-by: Adam Jackson <a...@redhat.com>
diff --git a/configure.ac b/configure.ac
index 847b5c4..d8f0e74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,8 +26,8 @@ dnl
dnl Process this file with autoconf to create configure.
AC_PREREQ(2.60)
-AC_INIT([xorg-server], 1.17.1,
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
-RELEASE_DATE="2015-02-10"
+AC_INIT([xorg-server], 1.17.2,
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
+RELEASE_DATE="2015-06-16"
RELEASE_NAME="lambic"
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_MACRO_DIR([m4])
commit 8a5fb096d43577a061f7769d9257cbedaac998ef
Author: Dave Airlie <airl...@redhat.com>
Date: Thu May 28 05:30:01 2015 +0000
glamor: don't do render ops with matching source/dest (v2)
XRender defines this, GL really doesn't like it.
kwin 4.x and qt 4.x seem to make this happen for the
gradient in the titlebar, and on radeonsi/r600 hw
this draws all kinds of wrong.
v2: bump this up a level, and check it earlier.
(I assume the XXXX was for this case.)
[This corresponds to fa12f2c150b2f50de9dac4a2b09265f13af353af in master,
fixed up for 1.17 branch. - ajax]
Signed-off-by: Dave Airlie <airl...@redhat.com>
diff --git a/glamor/glamor_largepixmap.c b/glamor/glamor_largepixmap.c
index 9b24584..b9c3b9a 100644
--- a/glamor/glamor_largepixmap.c
+++ b/glamor/glamor_largepixmap.c
@@ -1046,6 +1046,15 @@ glamor_composite_largepixmap_region(CARD8 op,
int source_repeat_type = 0, mask_repeat_type = 0;
int ok = TRUE;
+ if (source_pixmap_priv == dest_pixmap_priv) {
+ glamor_fallback("source and dest pixmaps are the same\n");
+ return FALSE;
+ }
+ if (mask_pixmap_priv == dest_pixmap_priv) {
+ glamor_fallback("mask and dest pixmaps are the same\n");
+ return FALSE;
+ }
+
if (source->repeat)
source_repeat_type = source->repeatType;
else
diff --git a/glamor/glamor_render.c b/glamor/glamor_render.c
index 2386f2e..d9b16ea 100644
--- a/glamor/glamor_render.c
+++ b/glamor/glamor_render.c
@@ -1400,6 +1400,7 @@ glamor_composite_clipped_region(CARD8 op,
{
ScreenPtr screen = dest->pDrawable->pScreen;
PixmapPtr source_pixmap = NULL, mask_pixmap = NULL;
+ PixmapPtr dest_pixmap = glamor_get_drawable_pixmap(dest->pDrawable);
PicturePtr temp_src = source, temp_mask = mask;
glamor_pixmap_private *temp_src_priv = source_pixmap_priv;
glamor_pixmap_private *temp_mask_priv = mask_pixmap_priv;
@@ -1502,7 +1503,14 @@ glamor_composite_clipped_region(CARD8 op,
}
}
- /*XXXXX, self copy? */
+ if (source_pixmap == dest_pixmap) {
+ glamor_fallback("source and dest pixmaps are the same\n");
+ goto out;
+ }
+ if (mask_pixmap == dest_pixmap) {
+ glamor_fallback("mask and dest pixmaps are the same\n");
+ goto out;
+ }
x_dest += dest->pDrawable->x;
y_dest += dest->pDrawable->y;
commit ea9e02184399e9979654544dde8926912a8aa2c8
Author: Rui Matos <tiagoma...@gmail.com>
Date: Wed May 27 12:08:45 2015 +0200
xwayland: Throttle our cursor surface updates with a frame callback
In some extreme cases with animated cursors at a high frame rate we
could end up filling the wl_display outgoing buffer and end up with
wl_display_flush() failing.
In any case, using the frame callback to throttle ourselves is the
right thing to do.
Signed-off-by: Rui Matos <tiagoma...@gmail.com>
Reviewed-by: Daniel Stone <dani...@collabora.com>
Signed-off-by: Keith Packard <kei...@keithp.com>
(cherry picked from commit cbb7eb73b5399e31a7afb800363504d539df0ecf)
diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
index 5a9d1fe..c137e1e 100644
--- a/hw/xwayland/xwayland-cursor.c
+++ b/hw/xwayland/xwayland-cursor.c
@@ -82,6 +82,23 @@ xwl_unrealize_cursor(DeviceIntPtr device, ScreenPtr screen,
CursorPtr cursor)
return xwl_shm_destroy_pixmap(pixmap);
}
+static void
+frame_callback(void *data,
+ struct wl_callback *callback,
+ uint32_t time)
+{
+ struct xwl_seat *xwl_seat = data;
+ xwl_seat->cursor_frame_cb = NULL;
+ if (xwl_seat->cursor_needs_update) {
+ xwl_seat->cursor_needs_update = FALSE;
+ xwl_seat_set_cursor(xwl_seat);
+ }
+}
+
+static const struct wl_callback_listener frame_listener = {
+ frame_callback
+};
+
void
xwl_seat_set_cursor(struct xwl_seat *xwl_seat)
{
@@ -98,6 +115,11 @@ xwl_seat_set_cursor(struct xwl_seat *xwl_seat)
return;
}
+ if (xwl_seat->cursor_frame_cb) {
+ xwl_seat->cursor_needs_update = TRUE;
+ return;
+ }
+
cursor = xwl_seat->x_cursor;
pixmap = dixGetPrivate(&cursor->devPrivates, &xwl_cursor_private_key);
stride = cursor->bits->width * 4;
@@ -117,6 +139,10 @@ xwl_seat_set_cursor(struct xwl_seat *xwl_seat)
wl_surface_damage(xwl_seat->cursor, 0, 0,
xwl_seat->x_cursor->bits->width,
xwl_seat->x_cursor->bits->height);
+
+ xwl_seat->cursor_frame_cb = wl_surface_frame(xwl_seat->cursor);
+ wl_callback_add_listener(xwl_seat->cursor_frame_cb, &frame_listener,
xwl_seat);
+
wl_surface_commit(xwl_seat->cursor);
}
diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c
index cbffea7..4639048 100644
--- a/hw/xwayland/xwayland-input.c
+++ b/hw/xwayland/xwayland-input.c
@@ -569,6 +569,8 @@ xwl_seat_destroy(struct xwl_seat *xwl_seat)
RemoveDevice(xwl_seat->keyboard, FALSE);
wl_seat_destroy(xwl_seat->seat);
wl_surface_destroy(xwl_seat->cursor);
+ if (xwl_seat->cursor_frame_cb)
+ wl_callback_destroy(xwl_seat->cursor_frame_cb);
wl_array_release(&xwl_seat->keys);
free(xwl_seat);
}
diff --git a/hw/xwayland/xwayland.h b/hw/xwayland/xwayland.h
index cfb343d..28b0c99 100644
--- a/hw/xwayland/xwayland.h
+++ b/hw/xwayland/xwayland.h
@@ -115,12 +115,14 @@ struct xwl_seat {
struct wl_pointer *wl_pointer;
struct wl_keyboard *wl_keyboard;
struct wl_array keys;
- struct wl_surface *cursor;
struct xwl_window *focus_window;
uint32_t id;
uint32_t pointer_enter_serial;
struct xorg_list link;
CursorPtr x_cursor;
+ struct wl_surface *cursor;
+ struct wl_callback *cursor_frame_cb;
+ Bool cursor_needs_update;
size_t keymap_size;
char *keymap;
commit 6cc61df989c7764097c9b21d71386e230fa13cd4
Author: Chris Wilson <ch...@chris-wilson.co.uk>
Date: Fri Feb 6 08:25:42 2015 +0000
present: Copy unflip contents back to the Screen Pixmap
As we unflip after the flip Window no longer passes the pixel ownership
test for the full Screen Pixmap, we can no longer utilize that Window to
copy the contents back to the backing pixmap. To first flip means that
the Window was originally backed by the Screen Pixmap and wholly covered
the Pixmap, thus we need to copy the last frame contents to the Screen
Pixmap when the flip chain is complete.
Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk>
Reviewed-and-Tested-by: Michel Dänzer <michel.daen...@amd.com>
(cherry picked from commit 806470b9f623089dc81b985f250f0c3a4e8edbe8)
diff --git a/present/present.c b/present/present.c
index 2a705a9..a634601 100644
--- a/present/present.c
+++ b/present/present.c
@@ -409,20 +409,20 @@ static void
present_unflip(ScreenPtr screen)
{
present_screen_priv_ptr screen_priv = present_screen_priv(screen);
+ PixmapPtr pixmap = (*screen->GetScreenPixmap)(screen);
assert (!screen_priv->unflip_event_id);
assert (!screen_priv->flip_pending);
if (screen_priv->flip_window)
- present_set_tree_pixmap(screen_priv->flip_window,
- (*screen->GetScreenPixmap)(screen));
+ present_set_tree_pixmap(screen_priv->flip_window, pixmap);
- present_set_tree_pixmap(screen->root, (*screen->GetScreenPixmap)(screen));
+ present_set_tree_pixmap(screen->root, pixmap);
/* Update the screen pixmap with the current flip pixmap contents
*/
if (screen_priv->flip_pixmap && screen_priv->flip_window) {
- present_copy_region(&screen_priv->flip_window->drawable,
+ present_copy_region(&pixmap->drawable,
screen_priv->flip_pixmap,
NULL, 0, 0);
}
commit 8b7e1f362bf6940eb863fd02395bf8155d10604b
Author: Vicente Olivert Riera <vincent.ri...@imgtec.com>
Date: Mon Jan 12 17:10:02 2015 +0000
backtrace.c: Fix word cast to a pointer
backtrace.c uses a word size provided by libunwind. In some
architectures like MIPS, libunwind makes that word size 64-bit for all
variants of the architecture.
In the lines #90 and #98, backtrace.c tries to do a cast to a pointer,
which fails in all MIPS variants with 32-bit pointers, like MIPS32 or
MIPS64 n32, because it's trying to do a cast from a 64-bit wide variable
to a 32-bit pointer:
Making all in os
make[2]: Entering directory
`/home/test/test/1/output/build/xserver_xorg-server-1.15.1/os'
CC WaitFor.lo
CC access.lo
CC auth.lo
CC backtrace.lo
backtrace.c: In function 'xorg_backtrace':
backtrace.c:90:20: error: cast to pointer from integer of different size
[-Werror=int-to-pointer-cast]
if (dladdr((void *)(pip.start_ip + off), &dlinfo) &&
dlinfo.dli_fname &&
^
backtrace.c:98:13: error: cast to pointer from integer of different size
[-Werror=int-to-pointer-cast]
(void *)(pip.start_ip + off));
^
cc1: some warnings being treated as errors
make[2]: *** [backtrace.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
Making the cast to a pointer-sized integer, and then to a pointer fixes
the problem.
Related:
https://bugs.freedesktop.org/show_bug.cgi?id=79939
Signed-off-by: Vicente Olivert Riera <vincent.ri...@imgtec.com>
Reviewed-by: Keith Packard <kei...@keithp.com>
Signed-off-by: Keith Packard <kei...@keithp.com>
(cherry picked from commit baa50f60acd9e9f4293107435645ab072b6110e1)
diff --git a/os/backtrace.c b/os/backtrace.c
index 3d1195b..fd129ef 100644
--- a/os/backtrace.c
+++ b/os/backtrace.c
@@ -87,7 +87,7 @@ xorg_backtrace(void)
procname[1] = 0;
}
- if (dladdr((void *)(pip.start_ip + off), &dlinfo) && dlinfo.dli_fname
&&
+ if (dladdr((void *)(uintptr_t)(pip.start_ip + off), &dlinfo) &&
dlinfo.dli_fname &&
*dlinfo.dli_fname)
filename = dlinfo.dli_fname;
else
@@ -95,7 +95,7 @@ xorg_backtrace(void)
ErrorFSigSafe("%u: %s (%s%s+0x%x) [%p]\n", i++, filename, procname,
ret == -UNW_ENOMEM ? "..." : "", (int)off,
- (void *)(pip.start_ip + off));
+ (void *)(uintptr_t)(pip.start_ip + off));
ret = unw_step(&cursor);
if (ret < 0)
commit c424458c93cb36708c6074ecaf6566d6b5818c87
Author: Ray Strode <rstr...@redhat.com>
Date: Tue May 5 16:43:44 2015 -0400
xwayland: default to local user if no xauth file given. [CVE-2015-3164 3/3]
Right now if "-auth" isn't passed on the command line, we let
any user on the system connect to the Xwayland server.
That's clearly suboptimal, given Xwayland is generally designed
to be used by one user at a time.
This commit changes the behavior, so only the user who started the
X server can connect clients to it.
Signed-off-by: Ray Strode <rstr...@redhat.com>
Reviewed-by: Daniel Stone <dani...@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersm...@oracle.com>
Signed-off-by: Keith Packard <kei...@keithp.com>
(cherry picked from commit 76636ac12f2d1dbdf7be08222f80e7505d53c451)
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index c5bee77..bc92beb 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
if (AddScreen(xwl_screen_init, argc, argv) == -1) {
FatalError("Couldn't add screen\n");
}
+
+ LocalAccessScopeUser();
}
commit 01b4f5bc89820cf8cbe01777871834411074d683
Author: Ray Strode <rstr...@redhat.com>
Date: Tue May 5 16:43:43 2015 -0400
os: support new implicit local user access mode [CVE-2015-3164 2/3]
If the X server is started without a '-auth' argument, then
it gets started wide open to all local users on the system.
This isn't a great default access model, but changing it in
Xorg at this point would break backward compatibility.
Xwayland, on the other hand is new, and much more targeted
in scope. It could, in theory, be changed to allow the much
more secure default of a "user who started X server can connect
clients to that server."
This commit paves the way for that change, by adding a mechanism
for DDXs to opt-in to that behavior. They merely need to call
LocalAccessScopeUser()
in their init functions.
A subsequent commit will add that call for Xwayland.
Signed-off-by: Ray Strode <rstr...@redhat.com>
Reviewed-by: Daniel Stone <dani...@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersm...@oracle.com>
Signed-off-by: Keith Packard <kei...@keithp.com>
(cherry picked from commit 4b4b9086d02b80549981d205fb1f495edc373538)
diff --git a/include/os.h b/include/os.h
index 3e68c49..3c3954f 100644
--- a/include/os.h
+++ b/include/os.h
@@ -413,11 +413,28 @@ extern _X_EXPORT void
ResetHosts(const char *display);
extern _X_EXPORT void
+EnableLocalAccess(void);
+
+extern _X_EXPORT void
+DisableLocalAccess(void);
+
+extern _X_EXPORT void
EnableLocalHost(void);
extern _X_EXPORT void
DisableLocalHost(void);
+#ifndef NO_LOCAL_CLIENT_CRED
+extern _X_EXPORT void
+EnableLocalUser(void);
+
+extern _X_EXPORT void
+DisableLocalUser(void);
+
+extern _X_EXPORT void
+LocalAccessScopeUser(void);
+#endif
+
extern _X_EXPORT void
AccessUsingXdmcp(void);
diff --git a/os/access.c b/os/access.c
index 8fa028e..75e7a69 100644
--- a/os/access.c
+++ b/os/access.c
@@ -102,6 +102,10 @@ SOFTWARE.
#include <sys/ioctl.h>
#include <ctype.h>
+#ifndef NO_LOCAL_CLIENT_CRED
+#include <pwd.h>
+#endif
+
#if defined(TCPCONN) || defined(STREAMSCONN)
#include <netinet/in.h>
#endif /* TCPCONN || STREAMSCONN */
@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE;
static int LocalHostRequested = FALSE;
static int UsingXdmcp = FALSE;
+static enum {
+ LOCAL_ACCESS_SCOPE_HOST = 0,
+#ifndef NO_LOCAL_CLIENT_CRED
+ LOCAL_ACCESS_SCOPE_USER,
+#endif
+} LocalAccessScope;
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1zcqkp-0004ju...@moszumanska.debian.org
