diff options
Diffstat (limited to 'x11-base/xorg-server/files')
16 files changed, 1153 insertions, 0 deletions
diff --git a/x11-base/xorg-server/files/xdm-setup.initd-1 b/x11-base/xorg-server/files/xdm-setup.initd-1 new file mode 100644 index 000000000000..8f2ed27e6634 --- /dev/null +++ b/x11-base/xorg-server/files/xdm-setup.initd-1 @@ -0,0 +1,13 @@ +#!/sbin/openrc-run +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount +} + +start() { + if get_bootparam "nox" ; then + touch /etc/.noxdm + fi +} diff --git a/x11-base/xorg-server/files/xdm.confd-4 b/x11-base/xorg-server/files/xdm.confd-4 new file mode 100644 index 000000000000..c82fece01cb7 --- /dev/null +++ b/x11-base/xorg-server/files/xdm.confd-4 @@ -0,0 +1,10 @@ +# We always try and start X on a static VT. The various DMs normally default +# to using VT7. If you wish to use the xdm init script, then you should ensure +# that the VT checked is the same VT your DM wants to use. We do this check to +# ensure that you haven't accidentally configured something to run on the VT +# in your /etc/inittab file so that you don't get a dead keyboard. +CHECKVT=7 + +# What display manager do you use ? [ xdm | gdm | kdm | gpe | entrance ] +# NOTE: If this is set in /etc/rc.conf, that setting will override this one. +DISPLAYMANAGER="xdm" diff --git a/x11-base/xorg-server/files/xdm.initd-11 b/x11-base/xorg-server/files/xdm.initd-11 new file mode 100644 index 000000000000..c9ec36746d09 --- /dev/null +++ b/x11-base/xorg-server/files/xdm.initd-11 @@ -0,0 +1,230 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 + +# This is here to serve as a note to myself, and future developers. +# +# Any Display manager (gdm,kdm,xdm) has the following problem: if +# it is started before any getty, and no vt is specified, it will +# usually run on vt2. When the getty on vt2 then starts, and the +# DM is already started, the getty will take control of the keyboard, +# leaving us with a "dead" keyboard. +# +# Resolution: add the following line to /etc/inittab +# +# x:a:once:/etc/X11/startDM.sh +# +# and have /etc/X11/startDM.sh start the DM in daemon mode if +# a lock is present (with the info of what DM should be started), +# else just fall through. +# +# How this basically works, is the "a" runlevel is a additional +# runlevel that you can use to fork processes with init, but the +# runlevel never gets changed to this runlevel. Along with the "a" +# runlevel, the "once" key word means that startDM.sh will only be +# run when we specify it to run, thus eliminating respawning +# startDM.sh when "xdm" is not added to the default runlevel, as was +# done previously. +# +# This script then just calls "telinit a", and init will run +# /etc/X11/startDM.sh after the current runlevel completes (this +# script should only be added to the actual runlevel the user is +# using). +# +# Martin Schlemmer +# aka Azarah +# 04 March 2002 + +depend() { + need localmount xdm-setup + + # this should start as early as possible + # we can't do 'before *' as that breaks it + # (#139824) Start after ypbind and autofs for network authentication + # (#145219 #180163) Could use lirc mouse as input device + # (#70689 comment #92) Start after consolefont to avoid display corruption + # (#291269) Start after quota, since some dm need readable home + # (#390609) gdm-3 will fail when dbus is not running + # (#366753) starting keymaps after X causes problems + after bootmisc consolefont modules netmount + after readahead-list ypbind autofs openvpn gpm lircmd + after quota keymaps + before alsasound + + # Start before X + use consolekit dbus xfs +} + +setup_dm() { + local MY_XDM + + MY_XDM=$(echo "${DISPLAYMANAGER}" | tr '[:upper:]' '[:lower:]') + + # Load our root path from profile.env + # Needed for kdm + PATH=${PATH}:$(. /etc/profile.env; echo "${ROOTPATH}") + + NAME= + case "${MY_XDM}" in + kdm|kde) + EXE=/usr/bin/kdm + PIDFILE=/run/kdm.pid + ;; + entrance*) + EXE=/usr/sbin/entrance + PIDFILE=/run/entrance.pid + ;; + gdm|gnome) + # gdm-3 and above has different paths + if [ -f /usr/sbin/gdm ]; then + EXE=/usr/sbin/gdm + PIDFILE=/run/gdm/gdm.pid + START_STOP_ARGS="--background" + AUTOCLEAN_CGROUP="yes" + else + EXE=/usr/bin/gdm + PIDFILE=/run/gdm.pid + fi + [ "${RC_UNAME}" != "Linux" ] && NAME=gdm-binary + ;; + wdm) + EXE=/usr/bin/wdm + PIDFILE= + ;; + gpe) + EXE=/usr/bin/gpe-dm + PIDFILE=/run/gpe-dm.pid + ;; + lxdm) + EXE=/usr/sbin/lxdm-binary + PIDFILE=/run/lxdm.pid + START_STOP_ARGS="--background" + ;; + lightdm) + EXE=/usr/sbin/lightdm + PIDFILE=/run/lightdm.pid + START_STOP_ARGS="--background" + ;; + sddm) + EXE="/usr/bin/sddm" + START_STOP_ARGS="-m --background" + PIDFILE=/run/sddm.pid + ;; + *) + # first find out if there is such executable + EXE="$(command -v ${MY_XDM} 2>/dev/null)" + PIDFILE="/run/${MY_XDM}.pid" + + # warn user that he is doing sick things if the exe was not found + if [ -z "${EXE}" ]; then + echo "ERROR: Your XDM value is invalid." + echo " No ${MY_XDM} executable could be found on your system." + fi + ;; + esac + + if ! [ -x "${EXE}" ]; then + EXE=/usr/bin/xdm + PIDFILE=/run/xdm.pid + if ! [ -x "/usr/bin/xdm" ]; then + echo "ERROR: Please set your DISPLAYMANAGER variable in /etc/conf.d/xdm," + echo " or install x11-apps/xdm package" + eend 255 + fi + fi +} + +# Check to see if something is defined on our VT +vtstatic() { + if [ -e /etc/inittab ] ; then + grep -Eq "^[^#]+.*\<tty$1\>" /etc/inittab + elif [ -e /etc/ttys ] ; then + grep -q "^ttyv$(($1 - 1))" /etc/ttys + else + return 1 + fi +} + +start() { + local EXE NAME PIDFILE AUTOCLEAN_CGROUP + setup_dm + + if [ -f /etc/.noxdm ]; then + einfo "Skipping ${EXE##*/}, /etc/.noxdm found or \"nox\" bootparam passed." + rm /etc/.noxdm + return 0 + fi + + ebegin "Setting up ${EXE##*/}" + + # save the prefered DM + save_options "service" "${EXE}" + save_options "name" "${NAME}" + save_options "pidfile" "${PIDFILE}" + save_options "start_stop_args" "${START_STOP_ARGS}" + save_options "autoclean_cgroup" "${AUTOCLEAN_CGROUP:-no}" + + if [ -n "${CHECKVT-y}" ] ; then + if vtstatic "${CHECKVT:-7}" ; then + if [ -x /sbin/telinit ] && [ "${SOFTLEVEL}" != "BOOT" ] && [ "${RC_SOFTLEVEL}" != "BOOT" ]; then + ewarn "Something is already defined on VT ${CHECKVT:-7}, will start X later" + telinit a >/dev/null 2>&1 + return 0 + else + eerror "Something is already defined on VT ${CHECKVT:-7}, not starting" + return 1 + fi + fi + fi + + /etc/X11/startDM.sh + eend 0 +} + +stop() { + local curvt retval + + retval=0 + if [ -t 0 ]; then + if type fgconsole >/dev/null 2>&1; then + curvt=$(fgconsole 2>/dev/null) + else + curvt=$(tty) + case "${curvt}" in + /dev/ttyv[0-9]*) curvt=${curvt#/dev/ttyv} ;; + *) curvt= ;; + esac + fi + fi + local myexe myname mypidfile myservice + myexe=$(get_options "service") + myname=$(get_options "name") + mypidfile=$(get_options "pidfile") + myservice=${myexe##*/} + yesno "${rc_cgroup_cleanup:-no}" || rc_cgroup_cleanup=$(get_options "autoclean_cgroup") + + [ -z "${myexe}" ] && return 0 + + ebegin "Stopping ${myservice}" + + if start-stop-daemon --quiet --test --stop --exec "${myexe}"; then + start-stop-daemon --stop --exec "${myexe}" --retry TERM/5/TERM/5 \ + ${mypidfile:+--pidfile} ${mypidfile} \ + ${myname:+--name} ${myname} + retval=${?} + fi + + # switch back to original vt + if [ -n "${curvt}" ]; then + if type chvt >/dev/null 2>&1; then + chvt "${curvt}" + else + vidcontrol -s "$((curvt + 1))" + fi + fi + + eend ${retval} "Error stopping ${myservice}" + return ${retval} +} + +# vim: set ts=4 : diff --git a/x11-base/xorg-server/files/xdm.initd-9 b/x11-base/xorg-server/files/xdm.initd-9 new file mode 100644 index 000000000000..d6e20a6dd73e --- /dev/null +++ b/x11-base/xorg-server/files/xdm.initd-9 @@ -0,0 +1,215 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 + +# This is here to serve as a note to myself, and future developers. +# +# Any Display manager (gdm,kdm,xdm) has the following problem: if +# it is started before any getty, and no vt is specified, it will +# usually run on vt2. When the getty on vt2 then starts, and the +# DM is already started, the getty will take control of the keyboard, +# leaving us with a "dead" keyboard. +# +# Resolution: add the following line to /etc/inittab +# +# x:a:once:/etc/X11/startDM.sh +# +# and have /etc/X11/startDM.sh start the DM in daemon mode if +# a lock is present (with the info of what DM should be started), +# else just fall through. +# +# How this basically works, is the "a" runlevel is a additional +# runlevel that you can use to fork processes with init, but the +# runlevel never gets changed to this runlevel. Along with the "a" +# runlevel, the "once" key word means that startDM.sh will only be +# run when we specify it to run, thus eliminating respawning +# startDM.sh when "xdm" is not added to the default runlevel, as was +# done previously. +# +# This script then just calls "telinit a", and init will run +# /etc/X11/startDM.sh after the current runlevel completes (this +# script should only be added to the actual runlevel the user is +# using). +# +# Martin Schlemmer +# aka Azarah +# 04 March 2002 + +depend() { + need localmount xdm-setup + + # this should start as early as possible + # we can't do 'before *' as that breaks it + # (#139824) Start after ypbind and autofs for network authentication + # (#145219 #180163) Could use lirc mouse as input device + # (#70689 comment #92) Start after consolefont to avoid display corruption + # (#291269) Start after quota, since some dm need readable home + # (#390609) gdm-3 will fail when dbus is not running + # (#366753) starting keymaps after X causes problems + after bootmisc consolefont modules netmount + after readahead-list ypbind autofs openvpn gpm lircmd + after quota keymaps + before alsasound + + # Start before X + use consolekit dbus xfs +} + +setup_dm() { + local MY_XDM + + MY_XDM=$(echo "${DISPLAYMANAGER}" | tr '[:upper:]' '[:lower:]') + + # Load our root path from profile.env + # Needed for kdm + PATH=${PATH}:$(. /etc/profile.env; echo "${ROOTPATH}") + + NAME= + case "${MY_XDM}" in + kdm|kde) + EXE=/usr/bin/kdm + PIDFILE=/var/run/kdm.pid + ;; + entrance*) + EXE=/usr/sbin/entrance + PIDFILE=/var/run/entrance.pid + ;; + gdm|gnome) + EXE=/usr/bin/gdm + [ "${RC_UNAME}" != "Linux" ] && NAME=gdm-binary + PIDFILE=/var/run/gdm.pid + ;; + wdm) + EXE=/usr/bin/wdm + PIDFILE= + ;; + gpe) + EXE=/usr/bin/gpe-dm + PIDFILE=/var/run/gpe-dm.pid + ;; + lxdm) + EXE=/usr/sbin/lxdm-binary + PIDFILE=/var/run/lxdm.pid + START_STOP_ARGS="--background" + ;; + lightdm) + EXE=/usr/sbin/lightdm + PIDFILE=/var/run/lightdm.pid + START_STOP_ARGS="--background" + ;; + *) + # first find out if there is such executable + EXE="$(command -v ${MY_XDM} 2>/dev/null)" + PIDFILE="/var/run/${MY_XDM}.pid" + + # warn user that he is doing sick things if the exe was not found + if [ -z "${EXE}" ]; then + echo "ERROR: Your XDM value is invalid." + echo " No ${MY_XDM} executable could be found on your system." + fi + ;; + esac + + if ! [ -x "${EXE}" ]; then + EXE=/usr/bin/xdm + PIDFILE=/var/run/xdm.pid + if ! [ -x "/usr/bin/xdm" ]; then + echo "ERROR: Please set your DISPLAYMANAGER variable in /etc/conf.d/xdm," + echo " or install x11-apps/xdm package" + eend 255 + fi + fi +} + +# Check to see if something is defined on our VT +vtstatic() { + if [ -e /etc/inittab ] ; then + grep -Eq "^[^#]+.*\<tty$1\>" /etc/inittab + elif [ -e /etc/ttys ] ; then + grep -q "^ttyv$(($1 - 1))" /etc/ttys + else + return 1 + fi +} + +start() { + local EXE NAME PIDFILE + setup_dm + + if [ -f /etc/.noxdm ]; then + einfo "Skipping ${EXE##*/}, /etc/.noxdm found or \"nox\" bootparam passed." + rm /etc/.noxdm + return 0 + fi + + ebegin "Setting up ${EXE##*/}" + + # save the prefered DM + save_options "service" "${EXE}" + save_options "name" "${NAME}" + save_options "pidfile" "${PIDFILE}" + save_options "start_stop_args" "${START_STOP_ARGS}" + + if [ -n "${CHECKVT-y}" ] ; then + if vtstatic "${CHECKVT:-7}" ; then + if [ -x /sbin/telinit ] && [ "${SOFTLEVEL}" != "BOOT" ] && [ "${RC_SOFTLEVEL}" != "BOOT" ]; then + ewarn "Something is already defined on VT ${CHECKVT:-7}, will start X later" + telinit a >/dev/null 2>&1 + return 0 + else + eerror "Something is already defined on VT ${CHECKVT:-7}, not starting" + return 1 + fi + fi + fi + + /etc/X11/startDM.sh + eend 0 +} + +stop() { + local curvt retval + + retval=0 + if [ -t 0 ]; then + if type fgconsole >/dev/null 2>&1; then + curvt=$(fgconsole 2>/dev/null) + else + curvt=$(tty) + case "${curvt}" in + /dev/ttyv[0-9]*) curvt=${curvt#/dev/ttyv} ;; + *) curvt= ;; + esac + fi + fi + local myexe myname mypidfile myservice + myexe=$(get_options "service") + myname=$(get_options "name") + mypidfile=$(get_options "pidfile") + myservice=${myexe##*/} + + [ -z "${myexe}" ] && return 0 + + ebegin "Stopping ${myservice}" + + if start-stop-daemon --quiet --test --stop --exec "${myexe}"; then + start-stop-daemon --stop --exec "${myexe}" --retry TERM/5/TERM/5 \ + ${mypidfile:+--pidfile} ${mypidfile} \ + ${myname:+--name} ${myname} + retval=${?} + fi + + # switch back to original vt + if [ -n "${curvt}" ]; then + if type chvt >/dev/null 2>&1; then + chvt "${curvt}" + else + vidcontrol -s "$((curvt + 1))" + fi + fi + + eend ${retval} "Error stopping ${myservice}" + return ${retval} +} + +# vim: set ts=4 : diff --git a/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-1940.patch b/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-1940.patch new file mode 100644 index 000000000000..d85494f90293 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-1940.patch @@ -0,0 +1,34 @@ +From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001 +From: Dave Airlie <airlied@gmail.com> +Date: Wed, 10 Apr 2013 06:09:01 +0000 +Subject: xf86: fix flush input to work with Linux evdev devices. + +So when we VT switch back and attempt to flush the input devices, +we don't succeed because evdev won't return part of an event, +since we were only asking for 4 bytes, we'd only get -EINVAL back. + +This could later cause events to be flushed that we shouldn't have +gotten. + +This is a fix for CVE-2013-1940. + +Signed-off-by: Dave Airlie <airlied@redhat.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- +diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c +index ab3757a..4d08c1e 100644 +--- a/hw/xfree86/os-support/shared/posix_tty.c ++++ b/hw/xfree86/os-support/shared/posix_tty.c +@@ -421,7 +421,8 @@ xf86FlushInput(int fd) + { + fd_set fds; + struct timeval timeout; +- char c[4]; ++ /* this needs to be big enough to flush an evdev event. */ ++ char c[256]; + + DebugF("FlushingSerial\n"); + if (tcflush(fd, TCIFLUSH) == 0) +-- +cgit v0.9.0.2-2-gbebe diff --git a/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-4396.patch b/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-4396.patch new file mode 100644 index 000000000000..4b6727e61c05 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.12-cve-2013-4396.patch @@ -0,0 +1,75 @@ +From 7bddc2ba16a2a15773c2ea8947059afa27727764 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Mon, 16 Sep 2013 21:47:16 -0700 +Subject: [PATCH] Avoid use-after-free in dix/dixfonts.c: doImageText() + [CVE-2013-4396] + +Save a pointer to the passed in closure structure before copying it +and overwriting the *c pointer to point to our copy instead of the +original. If we hit an error, once we free(c), reset c to point to +the original structure before jumping to the cleanup code that +references *c. + +Since one of the errors being checked for is whether the server was +able to malloc(c->nChars * itemSize), the client can potentially pass +a number of characters chosen to cause the malloc to fail and the +error path to be taken, resulting in the read from freed memory. + +Since the memory is accessed almost immediately afterwards, and the +X server is mostly single threaded, the odds of the free memory having +invalid contents are low with most malloc implementations when not using +memory debugging features, but some allocators will definitely overwrite +the memory there, leading to a likely crash. + +Reported-by: Pedro Ribeiro <pedrib@gmail.com> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +--- + dix/dixfonts.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/dix/dixfonts.c b/dix/dixfonts.c +index feb765d..2e34d37 100644 +--- a/dix/dixfonts.c ++++ b/dix/dixfonts.c +@@ -1425,6 +1425,7 @@ doImageText(ClientPtr client, ITclosurePtr c) + GC *pGC; + unsigned char *data; + ITclosurePtr new_closure; ++ ITclosurePtr old_closure; + + /* We're putting the client to sleep. We need to + save some state. Similar problem to that handled +@@ -1436,12 +1437,14 @@ doImageText(ClientPtr client, ITclosurePtr c) + err = BadAlloc; + goto bail; + } ++ old_closure = c; + *new_closure = *c; + c = new_closure; + + data = malloc(c->nChars * itemSize); + if (!data) { + free(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +@@ -1452,6 +1455,7 @@ doImageText(ClientPtr client, ITclosurePtr c) + if (!pGC) { + free(c->data); + free(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +@@ -1464,6 +1468,7 @@ doImageText(ClientPtr client, ITclosurePtr c) + FreeScratchGC(pGC); + free(c->data); + free(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +-- +1.7.9.2 diff --git a/x11-base/xorg-server/files/xorg-server-1.12-cve-2015-3418.patch b/x11-base/xorg-server/files/xorg-server-1.12-cve-2015-3418.patch new file mode 100644 index 000000000000..4b6a6aeab29e --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.12-cve-2015-3418.patch @@ -0,0 +1,29 @@ +From dc777c346d5d452a53b13b917c45f6a1bad2f20b Mon Sep 17 00:00:00 2001 +From: Keith Packard <keithp@keithp.com> +Date: Sat, 3 Jan 2015 08:46:45 -0800 +Subject: dix: Allow zero-height PutImage requests + +The length checking code validates PutImage height and byte width by +making sure that byte-width >= INT32_MAX / height. If height is zero, +this generates a divide by zero exception. Allow zero height requests +explicitly, bypassing the INT32_MAX check. + +Signed-off-by: Keith Packard <keithp@keithp.com> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> + +diff --git a/dix/dispatch.c b/dix/dispatch.c +index 55b978d..9044ac7 100644 +--- a/dix/dispatch.c ++++ b/dix/dispatch.c +@@ -2000,7 +2000,7 @@ ProcPutImage(ClientPtr client) + tmpImage = (char *) &stuff[1]; + lengthProto = length; + +- if (lengthProto >= (INT32_MAX / stuff->height)) ++ if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height)) + return BadLength; + + if ((bytes_to_int32(lengthProto * stuff->height) + +-- +cgit v0.10.2 + diff --git a/x11-base/xorg-server/files/xorg-server-1.12-disable-acpi.patch b/x11-base/xorg-server/files/xorg-server-1.12-disable-acpi.patch new file mode 100644 index 000000000000..df43dbde8288 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.12-disable-acpi.patch @@ -0,0 +1,11 @@ +diff -ur a/configure.ac b/configure.ac +--- a/configure.ac 2011-10-31 19:40:02.000000000 +0100 ++++ b/configure.ac 2011-10-31 19:41:02.372745481 +0100 +@@ -1624,7 +1624,6 @@ + linux_alpha=yes + ;; + i*86|amd64*|x86_64*|ia64*) +- linux_acpi="yes" + ;; + *) + ;; diff --git a/x11-base/xorg-server/files/xorg-server-1.12-ia64-fix_inx_outx.patch b/x11-base/xorg-server/files/xorg-server-1.12-ia64-fix_inx_outx.patch new file mode 100644 index 000000000000..24a5a02f4fd6 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.12-ia64-fix_inx_outx.patch @@ -0,0 +1,60 @@ +diff -r --context xorg-server-1.12.3/hw/xfree86/common/compiler.h xorg-server-1.12.3-fix/hw/xfree86/common/compiler.h +*** xorg-server-1.12.3/hw/xfree86/common/compiler.h 2012-07-06 07:17:19.000000000 +0200 +--- xorg-server-1.12.3-fix/hw/xfree86/common/compiler.h 2012-08-29 00:14:39.000000000 +0200 +*************** +*** 421,426 **** +--- 421,474 ---- + #include <machine/pio.h> + #endif /* __NetBSD__ */ + ++ #elif defined(linux) && defined(__ia64__) ++ /* for Linux on ia64, we use the LIBC _inx/_outx routines */ ++ /* note that the appropriate setup via "ioperm" needs to be done */ ++ /* *before* any inx/outx is done. */ ++ ++ extern _X_EXPORT void _outb(unsigned char val, unsigned long port); ++ extern _X_EXPORT void _outw(unsigned short val, unsigned long port); ++ extern _X_EXPORT void _outl(unsigned int val, unsigned long port); ++ extern _X_EXPORT unsigned int _inb(unsigned long port); ++ extern _X_EXPORT unsigned int _inw(unsigned long port); ++ extern _X_EXPORT unsigned int _inl(unsigned long port); ++ ++ static __inline__ void ++ outb(unsigned long port, unsigned char val) ++ { ++ _outb(val, port); ++ } ++ ++ static __inline__ void ++ outw(unsigned long port, unsigned short val) ++ { ++ _outw(val, port); ++ } ++ ++ static __inline__ void ++ outl(unsigned long port, unsigned int val) ++ { ++ _outl(val, port); ++ } ++ ++ static __inline__ unsigned int ++ inb(unsigned long port) ++ { ++ return _inb(port); ++ } ++ ++ static __inline__ unsigned int ++ inw(unsigned long port) ++ { ++ return _inw(port); ++ } ++ ++ static __inline__ unsigned int ++ inl(unsigned long port) ++ { ++ return _inl(port); ++ } ++ + #elif (defined(linux) || defined(__FreeBSD__)) && defined(__amd64__) + + #include <inttypes.h> diff --git a/x11-base/xorg-server/files/xorg-server-1.12-unloadsubmodule.patch b/x11-base/xorg-server/files/xorg-server-1.12-unloadsubmodule.patch new file mode 100644 index 000000000000..57c7349da6a7 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.12-unloadsubmodule.patch @@ -0,0 +1,53 @@ +diff -u13 -r xorg-server-1.12.3-old/hw/xfree86/loader/loadmod.c xorg-server-1.12.3/hw/xfree86/loader/loadmod.c +--- xorg-server-1.12.3-old/hw/xfree86/loader/loadmod.c 2012-09-05 18:26:42.000000000 +0200 ++++ xorg-server-1.12.3/hw/xfree86/loader/loadmod.c 2012-09-05 18:28:54.000000000 +0200 +@@ -1109,39 +1109,38 @@ + static void + RemoveChild(ModuleDescPtr child) + { + ModuleDescPtr mdp; + ModuleDescPtr prevsib; + ModuleDescPtr parent; + + if (!child->parent) + return; + + parent = child->parent; + if (parent->child == child) { + parent->child = child->sib; +- return; +- } +- +- prevsib = parent->child; +- mdp = prevsib->sib; +- while (mdp && mdp != child) { +- prevsib = mdp; +- mdp = mdp->sib; ++ } ++ else { ++ prevsib = parent->child; ++ mdp = prevsib->sib; ++ while (mdp && mdp != child) { ++ prevsib = mdp; ++ mdp = mdp->sib; ++ } ++ if (mdp == child) ++ prevsib->sib = child->sib; + } +- if (mdp == child) +- prevsib->sib = child->sib; + child->sib = NULL; +- return; + } + + void + LoaderErrorMsg(const char *name, const char *modname, int errmaj, int errmin) + { + const char *msg; + MessageType type = X_ERROR; + + switch (errmaj) { + case LDR_NOERROR: + msg = "no error"; + break; + case LDR_NOMEM: diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-0255-0.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-0255-0.patch new file mode 100644 index 000000000000..9540e31694ea --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-0255-0.patch @@ -0,0 +1,102 @@ +From 81c90dc8f0aae3b65730409b1b615b5fa7280ebd Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Fri, 16 Jan 2015 20:08:59 +0100 +Subject: xkb: Don't swap XkbSetGeometry data in the input buffer + +The XkbSetGeometry request embeds data which needs to be swapped when the +server and the client have different endianess. + +_XkbSetGeometry() invokes functions that swap these data directly in the +input buffer. + +However, ProcXkbSetGeometry() may call _XkbSetGeometry() more than once +(if there is more than one keyboard), thus causing on swapped clients the +same data to be swapped twice in memory, further causing a server crash +because the strings lengths on the second time are way off bounds. + +To allow _XkbSetGeometry() to run reliably more than once with swapped +clients, do not swap the data in the buffer, use variables instead. + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 15c7f34..b9a3ac4 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -4961,14 +4961,13 @@ static char * + _GetCountedString(char **wire_inout, Bool swap) + { + char *wire, *str; +- CARD16 len, *plen; ++ CARD16 len; + + wire = *wire_inout; +- plen = (CARD16 *) wire; ++ len = *(CARD16 *) wire; + if (swap) { +- swaps(plen); ++ swaps(&len); + } +- len = *plen; + str = malloc(len + 1); + if (str) { + memcpy(str, &wire[2], len); +@@ -4985,25 +4984,28 @@ _CheckSetDoodad(char **wire_inout, + { + char *wire; + xkbDoodadWireDesc *dWire; ++ xkbAnyDoodadWireDesc any; ++ xkbTextDoodadWireDesc text; + XkbDoodadPtr doodad; + + dWire = (xkbDoodadWireDesc *) (*wire_inout); ++ any = dWire->any; + wire = (char *) &dWire[1]; + if (client->swapped) { +- swapl(&dWire->any.name); +- swaps(&dWire->any.top); +- swaps(&dWire->any.left); +- swaps(&dWire->any.angle); ++ swapl(&any.name); ++ swaps(&any.top); ++ swaps(&any.left); ++ swaps(&any.angle); + } + CHK_ATOM_ONLY(dWire->any.name); +- doodad = XkbAddGeomDoodad(geom, section, dWire->any.name); ++ doodad = XkbAddGeomDoodad(geom, section, any.name); + if (!doodad) + return BadAlloc; + doodad->any.type = dWire->any.type; + doodad->any.priority = dWire->any.priority; +- doodad->any.top = dWire->any.top; +- doodad->any.left = dWire->any.left; +- doodad->any.angle = dWire->any.angle; ++ doodad->any.top = any.top; ++ doodad->any.left = any.left; ++ doodad->any.angle = any.angle; + switch (doodad->any.type) { + case XkbOutlineDoodad: + case XkbSolidDoodad: +@@ -5026,12 +5028,13 @@ _CheckSetDoodad(char **wire_inout, + dWire->text.colorNdx); + return BadMatch; + } ++ text = dWire->text; + if (client->swapped) { +- swaps(&dWire->text.width); +- swaps(&dWire->text.height); ++ swaps(&text.width); ++ swaps(&text.height); + } +- doodad->text.width = dWire->text.width; +- doodad->text.height = dWire->text.height; ++ doodad->text.width = text.width; ++ doodad->text.height = text.height; + doodad->text.color_ndx = dWire->text.colorNdx; + doodad->text.text = _GetCountedString(&wire, client->swapped); + doodad->text.font = _GetCountedString(&wire, client->swapped); +-- +cgit v0.10.2 + diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-0255-1.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-0255-1.patch new file mode 100644 index 000000000000..be131c2762fd --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-0255-1.patch @@ -0,0 +1,138 @@ +From 20079c36cf7d377938ca5478447d8b9045cb7d43 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Fri, 16 Jan 2015 08:44:45 +0100 +Subject: xkb: Check strings length against request size + +Ensure that the given strings length in an XkbSetGeometry request remain +within the limits of the size of the request. + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index b9a3ac4..f3988f9 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -4957,25 +4957,29 @@ ProcXkbGetGeometry(ClientPtr client) + + /***====================================================================***/ + +-static char * +-_GetCountedString(char **wire_inout, Bool swap) ++static Status ++_GetCountedString(char **wire_inout, ClientPtr client, char **str) + { +- char *wire, *str; ++ char *wire, *next; + CARD16 len; + + wire = *wire_inout; + len = *(CARD16 *) wire; +- if (swap) { ++ if (client->swapped) { + swaps(&len); + } +- str = malloc(len + 1); +- if (str) { +- memcpy(str, &wire[2], len); +- str[len] = '\0'; +- } +- wire += XkbPaddedSize(len + 2); +- *wire_inout = wire; +- return str; ++ next = wire + XkbPaddedSize(len + 2); ++ /* Check we're still within the size of the request */ ++ if (client->req_len < ++ bytes_to_int32(next - (char *) client->requestBuffer)) ++ return BadValue; ++ *str = malloc(len + 1); ++ if (!*str) ++ return BadAlloc; ++ memcpy(*str, &wire[2], len); ++ *(*str + len) = '\0'; ++ *wire_inout = next; ++ return Success; + } + + static Status +@@ -4987,6 +4991,7 @@ _CheckSetDoodad(char **wire_inout, + xkbAnyDoodadWireDesc any; + xkbTextDoodadWireDesc text; + XkbDoodadPtr doodad; ++ Status status; + + dWire = (xkbDoodadWireDesc *) (*wire_inout); + any = dWire->any; +@@ -5036,8 +5041,14 @@ _CheckSetDoodad(char **wire_inout, + doodad->text.width = text.width; + doodad->text.height = text.height; + doodad->text.color_ndx = dWire->text.colorNdx; +- doodad->text.text = _GetCountedString(&wire, client->swapped); +- doodad->text.font = _GetCountedString(&wire, client->swapped); ++ status = _GetCountedString(&wire, client, &doodad->text.text); ++ if (status != Success) ++ return status; ++ status = _GetCountedString(&wire, client, &doodad->text.font); ++ if (status != Success) { ++ free (doodad->text.text); ++ return status; ++ } + break; + case XkbIndicatorDoodad: + if (dWire->indicator.onColorNdx >= geom->num_colors) { +@@ -5072,7 +5083,9 @@ _CheckSetDoodad(char **wire_inout, + } + doodad->logo.color_ndx = dWire->logo.colorNdx; + doodad->logo.shape_ndx = dWire->logo.shapeNdx; +- doodad->logo.logo_name = _GetCountedString(&wire, client->swapped); ++ status = _GetCountedString(&wire, client, &doodad->logo.logo_name); ++ if (status != Success) ++ return status; + break; + default: + client->errorValue = _XkbErrCode2(0x4F, dWire->any.type); +@@ -5304,18 +5317,20 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client) + char *wire; + + wire = (char *) &req[1]; +- geom->label_font = _GetCountedString(&wire, client->swapped); ++ status = _GetCountedString(&wire, client, &geom->label_font); ++ if (status != Success) ++ return status; + + for (i = 0; i < req->nProperties; i++) { + char *name, *val; + +- name = _GetCountedString(&wire, client->swapped); +- if (!name) +- return BadAlloc; +- val = _GetCountedString(&wire, client->swapped); +- if (!val) { ++ status = _GetCountedString(&wire, client, &name); ++ if (status != Success) ++ return status; ++ status = _GetCountedString(&wire, client, &val); ++ if (status != Success) { + free(name); +- return BadAlloc; ++ return status; + } + if (XkbAddGeomProperty(geom, name, val) == NULL) { + free(name); +@@ -5349,9 +5364,9 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client) + for (i = 0; i < req->nColors; i++) { + char *name; + +- name = _GetCountedString(&wire, client->swapped); +- if (!name) +- return BadAlloc; ++ status = _GetCountedString(&wire, client, &name); ++ if (status != Success) ++ return status; + if (!XkbAddGeomColor(geom, name, geom->num_colors)) { + free(name); + return BadAlloc; +-- +cgit v0.10.2 + diff --git a/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch b/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch new file mode 100644 index 000000000000..681819619ebc --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch @@ -0,0 +1,65 @@ +https://bugs.gentoo.org/show_bug.cgi?id=555776 + +From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001 +From: Martin Peres <martin.peres@linux.intel.com> +Date: Fri, 17 Jul 2015 17:21:26 +0300 +Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized + before use + +In WaitForSomething(), the fd_set clientsWritable may be used unitialized when +the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to +a crash in FlushAllOutput() after x11proto's commit +2c94cdb453bc641246cc8b9a876da9799bee1ce7. + +The problem did not manifest before because both the XFD_SIZE and the maximum +number of clients were set to 256. As the connectionTranslation table was +initalized for the 256 clients to 0, the test on the index not being 0 was +aborting before dereferencing the client #0. + +As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE +got bumped to 512. This lead the OutputPending fd_set to have any fd above 256 +to be uninitialized which in turns lead to reading an index after the end of +the ConnectionTranslation table. This index would then be used to find the +client corresponding to the fd marked as pending writes and would also result +to an out-of-bound access which would usually be the fatal one. + +Fix this by zeroing the clientsWritable fd_set at the beginning of +WaitForSomething(). In this case, the bottom part of the loop, which would +indirectly call FlushAllOutput, will not do any work but the next call to +select will result in the execution of the right codepath. This is exactly what +we want because we need to know the writable clients before handling them. In +the end, it also makes sure that the fds above MaxClient are initialized, +preventing the crash in FlushAllOutput(). + +Thanks to everyone involved in tracking this one down! + +Reported-by: Karol Herbst <freedesktop@karolherbst.de> +Reported-by: Tobias Klausmann <tobias.klausmann@mni.thm.de> +Signed-off-by: Martin Peres <martin.peres@linux.intel.com> +Tested-by: Martin Peres <martin.peres@linux.intel.com> +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316 +Cc: Ilia Mirkin <imirkin@alum.mit.edu> +Cc: Martin Peres <martin.peres@linux.intel.com> +Cc: Olivier Fourdan <ofourdan@redhat.com +Cc: Adam Jackson <ajax@redhat.com> +Cc: Alan Coopersmith <alan.coopersmith@oracle.com +Cc: Chris Wilson <chris@chris-wilson.co.uk> +--- + os/WaitFor.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/os/WaitFor.c b/os/WaitFor.c +index 431f1a6..993c14e 100644 +--- a/os/WaitFor.c ++++ b/os/WaitFor.c +@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady) + Bool someReady = FALSE; + + FD_ZERO(&clientsReadable); ++ FD_ZERO(&clientsWritable); + + if (nready) + SmartScheduleStopTimer(); +-- +2.4.5 + diff --git a/x11-base/xorg-server/files/xorg-server-1.18-support-multiple-Files-sections.patch b/x11-base/xorg-server/files/xorg-server-1.18-support-multiple-Files-sections.patch new file mode 100644 index 000000000000..0a611456a1f7 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.18-support-multiple-Files-sections.patch @@ -0,0 +1,53 @@ +See http://lists.x.org/archives/xorg-devel/2015-February/045755.html + +diff --git a/hw/xfree86/parser/Files.c b/hw/xfree86/parser/Files.c +index 849bf92..5cc3ec7 100644 +--- a/hw/xfree86/parser/Files.c ++++ b/hw/xfree86/parser/Files.c +@@ -76,14 +76,18 @@ static xf86ConfigSymTabRec FilesTab[] = { + #define CLEANUP xf86freeFiles + + XF86ConfFilesPtr +-xf86parseFilesSection(void) ++xf86parseFilesSection(XF86ConfFilesPtr ptr) + { + int i, j; + int k, l; + char *str; + int token; + +- parsePrologue(XF86ConfFilesPtr, XF86ConfFilesRec) ++ if (!ptr) { ++ if( (ptr=calloc(1,sizeof(XF86ConfFilesRec))) == NULL ) { ++ return NULL; ++ } ++ } + + while ((token = xf86getToken(FilesTab)) != ENDSECTION) { + switch (token) { +diff --git a/hw/xfree86/parser/configProcs.h b/hw/xfree86/parser/configProcs.h +index 171f8e8..e8199fe 100644 +--- a/hw/xfree86/parser/configProcs.h ++++ b/hw/xfree86/parser/configProcs.h +@@ -36,7 +36,7 @@ void xf86freeDeviceList(XF86ConfDevicePtr ptr); + int xf86validateDevice(XF86ConfigPtr p); + + /* Files.c */ +-XF86ConfFilesPtr xf86parseFilesSection(void); ++XF86ConfFilesPtr xf86parseFilesSection(XF86ConfFilesPtr ptr); + void xf86printFileSection(FILE * cf, XF86ConfFilesPtr ptr); + void xf86freeFiles(XF86ConfFilesPtr p); + +diff --git a/hw/xfree86/parser/read.c b/hw/xfree86/parser/read.c +index 327c02a..e0d6139 100644 +--- a/hw/xfree86/parser/read.c ++++ b/hw/xfree86/parser/read.c +@@ -110,7 +110,7 @@ xf86readConfigFile(void) + if (xf86nameCompare(xf86_lex_val.str, "files") == 0) { + free(xf86_lex_val.str); + xf86_lex_val.str = NULL; +- HANDLE_RETURN(conf_files, xf86parseFilesSection()); ++ HANDLE_RETURN(conf_files, xf86parseFilesSection(ptr->conf_files)); + } + else if (xf86nameCompare(xf86_lex_val.str, "serverflags") == 0) { + free(xf86_lex_val.str); diff --git a/x11-base/xorg-server/files/xorg-server-1.18-sysmacros.patch b/x11-base/xorg-server/files/xorg-server-1.18-sysmacros.patch new file mode 100644 index 000000000000..5a3dea366121 --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.18-sysmacros.patch @@ -0,0 +1,59 @@ +From 1df7e4f5c1090631ff6584176f7d1370d08bc15e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz> +Date: Sat, 16 Apr 2016 13:04:59 +0200 +Subject: [PATCH] Include sys/sysmacros.h for major(3) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GNU major(3) manual page prescribes <sys/types.h>, but that does not work with +sys-libs/glibc-2.23-r1. + +https://bugs.gentoo.org/show_bug.cgi?id=580044 +Signed-off-by: Petr Písař <petr.pisar@atlas.cz> +--- + config/udev.c | 1 + + hw/xfree86/common/xf86Xinput.c | 2 ++ + hw/xfree86/os-support/linux/lnx_init.c | 1 + + 3 files changed, 4 insertions(+) + +diff --git a/config/udev.c b/config/udev.c +index 28c2658..62908f4 100644 +--- a/config/udev.c ++++ b/config/udev.c +@@ -30,6 +30,7 @@ + #include <libudev.h> + #include <ctype.h> + #include <unistd.h> ++#include <sys/sysmacros.h> + + #include "input.h" + #include "inputstr.h" +diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c +index c56a2b9..d33c165 100644 +--- a/hw/xfree86/common/xf86Xinput.c ++++ b/hw/xfree86/common/xf86Xinput.c +@@ -86,6 +86,8 @@ + #include <unistd.h> + #ifdef HAVE_SYS_MKDEV_H + #include <sys/mkdev.h> /* for major() & minor() on Solaris */ ++#else ++#include <sys/sysmacros.h> + #endif + + #include "mi.h" +diff --git a/hw/xfree86/os-support/linux/lnx_init.c b/hw/xfree86/os-support/linux/lnx_init.c +index 1ed213c..6caf531 100644 +--- a/hw/xfree86/os-support/linux/lnx_init.c ++++ b/hw/xfree86/os-support/linux/lnx_init.c +@@ -38,6 +38,7 @@ + #include "xf86_OSlib.h" + + #include <sys/stat.h> ++#include <sys/sysmacros.h> + + #ifndef K_OFF + #define K_OFF 0x4 +-- +2.8.1 + diff --git a/x11-base/xorg-server/files/xorg-sets.conf b/x11-base/xorg-server/files/xorg-sets.conf new file mode 100644 index 000000000000..5cd8112f583c --- /dev/null +++ b/x11-base/xorg-server/files/xorg-sets.conf @@ -0,0 +1,6 @@ +# Rebuild all X11 modules (mostly useful after xorg-server ABI change). +[x11-module-rebuild] +class = portage.sets.dbapi.VariableSet +world-candidate = false +variable = CATEGORY +includes = x11-drivers |