diff options
Diffstat (limited to 'patches/source/xorg-server')
29 files changed, 2334 insertions, 0 deletions
diff --git a/patches/source/xorg-server/arch.use.flags b/patches/source/xorg-server/arch.use.flags new file mode 100644 index 000000000..f28a6ccab --- /dev/null +++ b/patches/source/xorg-server/arch.use.flags @@ -0,0 +1,7 @@ +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server new file mode 100644 index 000000000..36bf3dc06 --- /dev/null +++ b/patches/source/xorg-server/build/xorg-server @@ -0,0 +1 @@ +5_slack14.2 diff --git a/patches/source/xorg-server/configure/xorg-server b/patches/source/xorg-server/configure/xorg-server new file mode 100644 index 000000000..755b565dd --- /dev/null +++ b/patches/source/xorg-server/configure/xorg-server @@ -0,0 +1,53 @@ +# Servers to build: +BUILD_SERVERS="--enable-xorg \ + --enable-dmx \ + --enable-xvfb \ + --enable-xnest \ + --enable-glamor \ + --enable-kdrive \ + --enable-xephyr \ + --enable-xfbdev \ + --enable-config-udev \ + --enable-kdrive-evdev \ + --enable-kdrive-kbd \ + --enable-kdrive-mouse \ + --disable-config-hal \ + --disable-systemd-logind" + +#MESA_VERSION=${MESA_VERSION:-7.5} # unused in 1.7+ + +# Default font paths to be used by the X server +DEF_FONTPATH="/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/misc,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" + +# Reconf (don't remove this plz): +autoreconf -vif + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --infodir=/usr/info \ + --mandir=/usr/man \ + --disable-static \ + --with-pic \ + --enable-suid-wrapper \ + --with-int10=x86emu \ + --with-default-font-path="${DEF_FONTPATH}" \ + --with-module-dir=/usr/lib${LIBDIRSUFFIX}/xorg/modules \ + --with-os-name="Slackware 14.2" \ + --with-os-vendor="Slackware Linux Project" \ + --with-xkb-path=/etc/X11/xkb \ + --with-xkb-output=/var/lib/xkb \ + $BUILD_SERVERS \ + --build=$ARCH-slackware-linux + +# --with-dri-driver-path=/usr/lib${LIBDIRSUFFIX}/xorg/modules/dri + +if [ "$ARCH" = "x86_64" ]; then + # To prevent the error "No rule to make target `-ldl'" + sed -i -e 's#-ldl##' hw/xfree86/Makefile + sed -i -e 's#-lm#-lm -ldl#' hw/xfree86/Makefile +fi + diff --git a/patches/source/xorg-server/makepkg/xorg-server b/patches/source/xorg-server/makepkg/xorg-server new file mode 100644 index 000000000..13d601edc --- /dev/null +++ b/patches/source/xorg-server/makepkg/xorg-server @@ -0,0 +1,47 @@ + +rm -r ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/bin +mv $PKG/usr/bin/Xnest ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/bin +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/man/man1 +mv $PKG/usr/man/man1/Xnest.1.gz ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/man/man1 +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/install +cat $CWD/slack-desc/xorg-server-xnest > ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/install/slack-desc +cd ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-xnest-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +rm -r ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/bin +mv $PKG/usr/bin/Xvfb ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/bin +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/man/man1 +mv $PKG/usr/man/man1/Xvfb.1.gz ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/man/man1 +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/install +cat $CWD/slack-desc/xorg-server-xvfb > ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/install/slack-desc +cd ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-xvfb-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +rm -r ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/bin +mv $PKG/usr/bin/Xephyr ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/bin +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/man/man1 +mv $PKG/usr/man/man1/Xephyr.1.gz ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/man/man1 +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/install +cat $CWD/slack-desc/xorg-server-xephyr > ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/install/slack-desc +cd ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-xephyr-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +# Build the main xorg-server package: +cd $PKG +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +if [ "$UPGRADE_PACKAGES" = "yes" ]; then + /sbin/upgradepkg --install-new ${SLACK_X_BUILD_DIR}/xorg-server-xnest-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + /sbin/upgradepkg --install-new ${SLACK_X_BUILD_DIR}/xorg-server-xvfb-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + /sbin/upgradepkg --install-new ${SLACK_X_BUILD_DIR}/xorg-server-xephyr-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + /sbin/upgradepkg --install-new ${SLACK_X_BUILD_DIR}/xorg-server-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz +elif [ "$UPGRADE_PACKAGES" = "always" ]; then + /sbin/upgradepkg --install-new --reinstall ${SLACK_X_BUILD_DIR}/xorg-server-xnest-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + /sbin/upgradepkg --install-new --reinstall ${SLACK_X_BUILD_DIR}/xorg-server-xvfb-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + /sbin/upgradepkg --install-new --reinstall ${SLACK_X_BUILD_DIR}/xorg-server-xephyr-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + /sbin/upgradepkg --install-new --reinstall ${SLACK_X_BUILD_DIR}/xorg-server-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz +fi + diff --git a/patches/source/xorg-server/modularize b/patches/source/xorg-server/modularize new file mode 100644 index 000000000..d6eb2f68a --- /dev/null +++ b/patches/source/xorg-server/modularize @@ -0,0 +1,265 @@ +# If a package is listed here, it will be built apart from the +# usual "grab bag" package that's made from each source directory. + +appres +bdftopcf +beforelight +bigreqsproto +bitmap +compiz +compositeproto +damageproto +dmxproto +dri2proto +editres +encodings +evieext +fixesproto +font-adobe-100dpi +font-adobe-75dpi +font-adobe-utopia-100dpi +font-adobe-utopia-75dpi +font-adobe-utopia-type1 +font-alias +font-arabic-misc +font-bh-100dpi +font-bh-75dpi +font-bh-lucidatypewriter-100dpi +font-bh-lucidatypewriter-75dpi +font-bh-ttf +font-bh-type1 +font-bitstream-100dpi +font-bitstream-75dpi +font-bitstream-speedo +font-bitstream-type1 +font-cronyx-cyrillic +font-cursor-misc +font-daewoo-misc +font-dec-misc +font-ibm-type1 +font-isas-misc +font-jis-misc +font-micro-misc +font-misc-cyrillic +font-misc-ethiopic +font-misc-meltho +font-misc-misc +font-mutt-misc +font-schumacher-misc +font-screen-cyrillic +font-sony-misc +font-sun-misc +font-util +font-winitzki-cyrillic +font-xfree86-type1 +fontcacheproto +fontsproto +fonttosfnt +fslsfonts +fstobdf +gccmakedep +glproto +iceauth +ico +imake +inputproto +intel-gpu-tools +kbproto +libFS +libICE +libSM +libX11 +libXScrnSaver +libXau +libXaw +libXaw3d +libXcm +libXcomposite +libXcursor +libXdamage +libXdmcp +libXevie +libXext +libXfixes +libXfont +libXfontcache +libXft +libXi +libXinerama +libXmu +libXp +libXpm +libXrandr +libXrender +libXres +libXt +libXtst +libXv +libXvMC +libXxf86dga +libXxf86misc +libXxf86vm +libdmx +libfontenc +libpciaccess +libpthread-stubs +libxcb +libxkbfile +listres +lndir +luit +makedepend +mkcomposecache +mkfontdir +mkfontscale +oclock +pixman +printproto +randrproto +recordproto +rendercheck +renderproto +resourceproto +rgb +scrnsaverproto +sessreg +setxkbmap +showfont +smproxy +twm +util-macros +videoproto +viewres +x11perf +xauth +xbacklight +xbiff +xbitmaps +xcalc +xcb-proto +xcb-util +xcb-util-image +xcb-util-keysyms +xcb-util-renderutil +xcb-util-wm +xclipboard +xclock +xcmiscproto +xcmsdb +xcompmgr +xconsole +xcursor-themes +xcursorgen +xdbedizzy +xditview +xdm +xdpyinfo +xdriinfo +xedit +xev +xextproto +xeyes +xf86-input-acecad +xf86-input-aiptek +xf86-input-evdev +xf86-input-joystick +xf86-input-penmount +xf86-input-synaptics +xf86-input-vmmouse +xf86-input-void +xf86-input-wacom +xf86-video-apm +xf86-video-ark +xf86-video-ast +xf86-video-ati +xf86-video-chips +xf86-video-cirrus +xf86-video-dummy +xf86-video-geode +xf86-video-glint +xf86-video-i128 +xf86-video-i740 +xf86-video-intel +xf86-video-mach64 +xf86-video-mga +xf86-video-modesetting +xf86-video-neomagic +xf86-video-nouveau +xf86-video-nv +xf86-video-openchrome +xf86-video-qxl +xf86-video-r128 +xf86-video-rendition +xf86-video-s3 +xf86-video-s3virge +xf86-video-savage +xf86-video-siliconmotion +xf86-video-sis +xf86-video-sisusb +xf86-video-tdfx +xf86-video-tga +xf86-video-trident +xf86-video-tseng +xf86-video-v4l +xf86-video-vesa +xf86-video-vmware +xf86-video-voodoo +xf86-video-xgi +xf86bigfontproto +xf86dga +xf86dgaproto +xf86driproto +xf86miscproto +xf86vidmodeproto +xfd +xfontsel +xfs +xfsinfo +xgamma +xgc +xhost +xineramaproto +xinit +xinput +xkbcomp +xkbevd +xkbprint +xkbutils +xkeyboard-config +xkill +xload +xlogo +xlsatoms +xlsclients +xlsfonts +xmag +xman +xmessage +xmh +xmodmap +xmore +xorg-cf-files +xorg-docs +xorg-server +xorg-server-xephyr +xorg-server-xnest +xorg-server-xvfb +xorg-sgml-doctools +xpr +xprop +xproto +xpyb +xrandr +xrdb +xrefresh +xscope +xset +xsetroot +xsm +xstdcmap +xtrans +xvidtune +xvinfo +xwd +xwininfo +xwud diff --git a/patches/source/xorg-server/noarch b/patches/source/xorg-server/noarch new file mode 100644 index 000000000..480ffc26c --- /dev/null +++ b/patches/source/xorg-server/noarch @@ -0,0 +1,76 @@ +# List packages with an $ARCH of "noarch" (i.e. packages +# that contain no binaries) here: +bigreqsproto +compositeproto +damageproto +dejavu-ttf +dmxproto +encodings +evieext +font-adobe-100dpi +font-adobe-75dpi +font-adobe-utopia-100dpi +font-adobe-utopia-75dpi +font-adobe-utopia-type1 +font-alias +font-arabic-misc +font-bh-100dpi +font-bh-75dpi +font-bh-lucidatypewriter-100dpi +font-bh-lucidatypewriter-75dpi +font-bh-ttf +font-bh-type1 +font-bitstream-100dpi +font-bitstream-75dpi +font-bitstream-speedo +font-bitstream-type1 +font-cronyx-cyrillic +font-cursor-misc +font-daewoo-misc +font-dec-misc +font-ibm-type1 +font-isas-misc +font-jis-misc +font-micro-misc +font-misc-cyrillic +font-misc-ethiopic +font-misc-meltho +font-misc-misc +font-mutt-misc +font-schumacher-misc +font-screen-cyrillic +font-sony-misc +font-sun-misc +font-winitzki-cyrillic +font-xfree86-type1 +fontcacheproto +fontsproto +gccmakedep +glproto +inputproto +kbproto +libpthread-stubs +mkfontdir +printproto +randrproto +recordproto +renderproto +resourceproto +scrnsaverproto +ttf-indic-fonts +util-macros +videoproto +x11-skel +xcmiscproto +xcursor-themes +xf86bigfontproto +xf86dgaproto +xf86driproto +xf86miscproto +xf86vidmodeproto +xineramaproto +xkeyboard-config +xorg-cf-files +xorg-docs +xproto +xtrans diff --git a/patches/source/xorg-server/package-blacklist b/patches/source/xorg-server/package-blacklist new file mode 100644 index 000000000..377624999 --- /dev/null +++ b/patches/source/xorg-server/package-blacklist @@ -0,0 +1,39 @@ +# Enter packages to skip (perhaps because they aren't used on +# this platform) below. Just the package name -- no version +# number is needed. + +# MacOS related packages: +applewmproto +windowswmproto +libAppleWM +libWindowsWM + +# Sun video cards: +xf86-video-sunbw2 +xf86-video-suncg14 +xf86-video-suncg3 +xf86-video-suncg6 +xf86-video-sunffb +xf86-video-sunleo +xf86-video-suntcx + +# Obsolete packages: +liboldX +xf86-video-amd +xf86-video-via +xkbdata +xphelloworld +xrx + +# Not applicable to us +grandr +constype + +# CAREFUL NOT TO "SHIP" THE STUFF BELOW IN THE MAIN X PACKAGES DIR! + +# This is probably obsolete, and kills "X -configure" too +xf86-video-nsc + +# We don't want this one, as it causes failure of X with no xorg.conf +xf86-video-fbdev + diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch new file mode 100644 index 000000000..527305187 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server.patch @@ -0,0 +1,15 @@ +zcat $CWD/patch/xorg-server/x11.startwithblackscreen.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-10971.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-10972.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-13721.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-13723.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12176.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12177.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12178.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12179_p1.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12179_p2.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12180_12181_12182.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12183.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-12184_12185_12186_12187.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } + diff --git a/patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff b/patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff new file mode 100644 index 000000000..8c0e3b546 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff @@ -0,0 +1,14 @@ +diff -Nur xorg-server-1.12.1.orig/dix/window.c xorg-server-1.12.1/dix/window.c +--- xorg-server-1.12.1.orig/dix/window.c 2012-03-29 21:57:25.000000000 -0500 ++++ xorg-server-1.12.1/dix/window.c 2012-04-13 22:01:24.456073603 -0500 +@@ -145,8 +145,8 @@ + + Bool bgNoneRoot = FALSE; + +-static unsigned char _back_lsb[4] = { 0x88, 0x22, 0x44, 0x11 }; +-static unsigned char _back_msb[4] = { 0x11, 0x44, 0x22, 0x88 }; ++static unsigned char _back_lsb[4] = { 0x00, 0x00, 0x00, 0x00 }; ++static unsigned char _back_msb[4] = { 0x00, 0x00, 0x00, 0x00 }; + + static Bool WindowParentHasDeviceCursor(WindowPtr pWin, + DeviceIntPtr pDev, CursorPtr pCurs); diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10971.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10971.diff new file mode 100644 index 000000000..00ed28ac3 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10971.diff @@ -0,0 +1,40 @@ +From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001 +From: Michal Srb <msrb@suse.com> +Date: Wed, 24 May 2017 15:54:42 +0300 +Subject: Xi: Do not try to swap GenericEvent. + +The SProcXSendExtensionEvent must not attempt to swap GenericEvent because +it is assuming that the event has fixed size and gives the swapping function +xEvent-sized buffer. + +A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway. + +Signed-off-by: Michal Srb <msrb@suse.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 5e63bfc..5c2e0fc 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client) + + eventP = (xEvent *) &stuff[1]; + for (i = 0; i < stuff->num_events; i++, eventP++) { ++ if (eventP->u.u.type == GenericEvent) { ++ client->errorValue = eventP->u.u.type; ++ return BadValue; ++ } ++ + proc = EventSwapVector[eventP->u.u.type & 0177]; +- if (proc == NotImplemented) /* no swapping proc; invalid event type? */ ++ /* no swapping proc; invalid event type? */ ++ if (proc == NotImplemented) { ++ client->errorValue = eventP->u.u.type; + return BadValue; ++ } + (*proc) (eventP, &eventT); + *eventP = eventT; + } +-- +cgit v0.10.2 diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10972.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10972.diff new file mode 100644 index 000000000..edddc8d66 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10972.diff @@ -0,0 +1,36 @@ +From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001 +From: Michal Srb <msrb@suse.com> +Date: Wed, 24 May 2017 15:54:39 +0300 +Subject: Xi: Zero target buffer in SProcXSendExtensionEvent. + +Make sure that the xEvent eventT is initialized with zeros, the same way as +in SProcSendEvent. + +Some event swapping functions do not overwrite all 32 bytes of xEvent +structure, for example XSecurityAuthorizationRevoked. Two cooperating +clients, one swapped and the other not, can send +XSecurityAuthorizationRevoked event to each other to retrieve old stack data +from X server. This can be potentialy misused to go around ASLR or +stack-protector. + +Signed-off-by: Michal Srb <msrb@suse.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 11d8202..1cf118a 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client) + { + CARD32 *p; + int i; +- xEvent eventT; ++ xEvent eventT = { .u.u.type = 0 }; + xEvent *eventP; + EventSwapPtr proc; + +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12176.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12176.diff new file mode 100644 index 000000000..9caf31247 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12176.diff @@ -0,0 +1,31 @@ +From b747da5e25be944337a9cd1415506fc06b70aa81 Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Fri, 9 Jan 2015 10:15:46 -0500 +Subject: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) + +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/dix/dispatch.c b/dix/dispatch.c +index 8b371b6..176c7a0 100644 +--- a/dix/dispatch.c ++++ b/dix/dispatch.c +@@ -3702,7 +3702,12 @@ ProcEstablishConnection(ClientPtr client) + prefix = (xConnClientPrefix *) ((char *) stuff + sz_xReq); + auth_proto = (char *) prefix + sz_xConnClientPrefix; + auth_string = auth_proto + pad_to_int32(prefix->nbytesAuthProto); +- if ((prefix->majorVersion != X_PROTOCOL) || ++ ++ if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix + ++ pad_to_int32(prefix->nbytesAuthProto) + ++ pad_to_int32(prefix->nbytesAuthString)) ++ reason = "Bad length"; ++ else if ((prefix->majorVersion != X_PROTOCOL) || + (prefix->minorVersion != X_PROTOCOL_REVISION)) + reason = "Protocol version mismatch"; + else +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12177.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12177.diff new file mode 100644 index 000000000..4a3eaa9e9 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12177.diff @@ -0,0 +1,41 @@ +From 4ca68b878e851e2136c234f40a25008297d8d831 Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Fri, 9 Jan 2015 10:09:14 -0500 +Subject: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo + (CVE-2017-12177) + +v2: Protect against integer overflow (Alan Coopersmith) + +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/dbe/dbe.c b/dbe/dbe.c +index 9a0c7a7..292a223 100644 +--- a/dbe/dbe.c ++++ b/dbe/dbe.c +@@ -574,6 +574,9 @@ ProcDbeGetVisualInfo(ClientPtr client) + XdbeScreenVisualInfo *pScrVisInfo; + + REQUEST_AT_LEAST_SIZE(xDbeGetVisualInfoReq); ++ if (stuff->n > UINT32_MAX / sizeof(CARD32)) ++ return BadLength; ++ REQUEST_FIXED_SIZE(xDbeGetVisualInfoReq, stuff->n * sizeof(CARD32)); + + if (stuff->n > UINT32_MAX / sizeof(DrawablePtr)) + return BadAlloc; +@@ -924,7 +927,7 @@ SProcDbeSwapBuffers(ClientPtr client) + + swapl(&stuff->n); + if (stuff->n > UINT32_MAX / sizeof(DbeSwapInfoRec)) +- return BadAlloc; ++ return BadLength; + REQUEST_FIXED_SIZE(xDbeSwapBuffersReq, stuff->n * sizeof(xDbeSwapInfo)); + + if (stuff->n != 0) { +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12178.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12178.diff new file mode 100644 index 000000000..8177c119d --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12178.diff @@ -0,0 +1,29 @@ +From 859b08d523307eebde7724fd1a0789c44813e821 Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Wed, 24 Dec 2014 16:22:18 -0500 +Subject: Xi: fix wrong extra length check in ProcXIChangeHierarchy + (CVE-2017-12178) + +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c +index 87f191f..cbdd912 100644 +--- a/Xi/xichangehierarchy.c ++++ b/Xi/xichangehierarchy.c +@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client) + if (!stuff->num_changes) + return rc; + +- len = ((size_t)stuff->length << 2) - sizeof(xXIAnyHierarchyChangeInfo); ++ len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq); + + any = (xXIAnyHierarchyChangeInfo *) &stuff[1]; + while (stuff->num_changes--) { +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12179_p1.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12179_p1.diff new file mode 100644 index 000000000..0b3734642 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12179_p1.diff @@ -0,0 +1,42 @@ +From 211e05ac85a294ef361b9f80d689047fa52b9076 Mon Sep 17 00:00:00 2001 +From: Michal Srb <msrb@suse.com> +Date: Fri, 7 Jul 2017 17:21:46 +0200 +Subject: Xi: Test exact size of XIBarrierReleasePointer + +Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff --git a/Xi/xibarriers.c b/Xi/xibarriers.c +index af1562e..d82ecb6 100644 +--- a/Xi/xibarriers.c ++++ b/Xi/xibarriers.c +@@ -830,10 +830,13 @@ SProcXIBarrierReleasePointer(ClientPtr client) + REQUEST(xXIBarrierReleasePointerReq); + int i; + +- info = (xXIBarrierReleasePointerInfo*) &stuff[1]; +- + swaps(&stuff->length); ++ REQUEST_AT_LEAST_SIZE(xXIBarrierReleasePointerReq); ++ + swapl(&stuff->num_barriers); ++ REQUEST_FIXED_SIZE(xXIBarrierReleasePointerReq, stuff->num_barriers * sizeof(xXIBarrierReleasePointerInfo)); ++ ++ info = (xXIBarrierReleasePointerInfo*) &stuff[1]; + for (i = 0; i < stuff->num_barriers; i++, info++) { + swaps(&info->deviceid); + swapl(&info->barrier); +@@ -853,7 +856,7 @@ ProcXIBarrierReleasePointer(ClientPtr client) + xXIBarrierReleasePointerInfo *info; + + REQUEST(xXIBarrierReleasePointerReq); +- REQUEST_AT_LEAST_SIZE(xXIBarrierReleasePointerReq); ++ REQUEST_FIXED_SIZE(xXIBarrierReleasePointerReq, stuff->num_barriers * sizeof(xXIBarrierReleasePointerInfo)); + + info = (xXIBarrierReleasePointerInfo*) &stuff[1]; + for (i = 0; i < stuff->num_barriers; i++, info++) { +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12179_p2.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12179_p2.diff new file mode 100644 index 000000000..346756033 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12179_p2.diff @@ -0,0 +1,46 @@ +From d088e3c1286b548a58e62afdc70bb40981cdb9e8 Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Fri, 9 Jan 2015 10:04:41 -0500 +Subject: Xi: integer overflow and unvalidated length in + (S)ProcXIBarrierReleasePointer + +[jcristau: originally this patch fixed the same issue as commit + 211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the + addition of these checks] + +This addresses CVE-2017-12179 + +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/Xi/xibarriers.c b/Xi/xibarriers.c +index d82ecb6..d0be701 100644 +--- a/Xi/xibarriers.c ++++ b/Xi/xibarriers.c +@@ -834,6 +834,8 @@ SProcXIBarrierReleasePointer(ClientPtr client) + REQUEST_AT_LEAST_SIZE(xXIBarrierReleasePointerReq); + + swapl(&stuff->num_barriers); ++ if (stuff->num_barriers > UINT32_MAX / sizeof(xXIBarrierReleasePointerInfo)) ++ return BadLength; + REQUEST_FIXED_SIZE(xXIBarrierReleasePointerReq, stuff->num_barriers * sizeof(xXIBarrierReleasePointerInfo)); + + info = (xXIBarrierReleasePointerInfo*) &stuff[1]; +@@ -856,6 +858,9 @@ ProcXIBarrierReleasePointer(ClientPtr client) + xXIBarrierReleasePointerInfo *info; + + REQUEST(xXIBarrierReleasePointerReq); ++ REQUEST_AT_LEAST_SIZE(xXIBarrierReleasePointerReq); ++ if (stuff->num_barriers > UINT32_MAX / sizeof(xXIBarrierReleasePointerInfo)) ++ return BadLength; + REQUEST_FIXED_SIZE(xXIBarrierReleasePointerReq, stuff->num_barriers * sizeof(xXIBarrierReleasePointerInfo)); + + info = (xXIBarrierReleasePointerInfo*) &stuff[1]; +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12180_12181_12182.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12180_12181_12182.diff new file mode 100644 index 000000000..70ebee8c2 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12180_12181_12182.diff @@ -0,0 +1,601 @@ +From 1b1d4c04695dced2463404174b50b3581dbd857b Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Sun, 21 Dec 2014 01:10:03 -0500 +Subject: hw/xfree86: unvalidated lengths + +This addresses: +CVE-2017-12180 in XFree86-VidModeExtension +CVE-2017-12181 in XFree86-DGA +CVE-2017-12182 in XFree86-DRI + +Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/Xext/vidmode.c b/Xext/vidmode.c +index 8ba919a..6e4a7c7 100644 +--- a/Xext/vidmode.c ++++ b/Xext/vidmode.c +@@ -454,6 +454,20 @@ ProcVidModeAddModeLine(ClientPtr client) + DEBUG_P("XF86VidModeAddModeline"); + + ver = ClientMajorVersion(client); ++ ++ if (ver < 2) { ++ REQUEST_AT_LEAST_SIZE(xXF86OldVidModeAddModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86OldVidModeAddModeLineReq)); ++ } ++ else { ++ REQUEST_AT_LEAST_SIZE(xXF86VidModeAddModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86VidModeAddModeLineReq)); ++ } ++ + if (ver < 2) { + /* convert from old format */ + stuff = &newstuff; +@@ -501,18 +515,6 @@ ProcVidModeAddModeLine(ClientPtr client) + stuff->after_vsyncend, stuff->after_vtotal, + (unsigned long) stuff->after_flags); + +- if (ver < 2) { +- REQUEST_AT_LEAST_SIZE(xXF86OldVidModeAddModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86OldVidModeAddModeLineReq)); +- } +- else { +- REQUEST_AT_LEAST_SIZE(xXF86VidModeAddModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86VidModeAddModeLineReq)); +- } + if (len != stuff->privsize) + return BadLength; + +@@ -622,6 +624,20 @@ ProcVidModeDeleteModeLine(ClientPtr client) + DEBUG_P("XF86VidModeDeleteModeline"); + + ver = ClientMajorVersion(client); ++ ++ if (ver < 2) { ++ REQUEST_AT_LEAST_SIZE(xXF86OldVidModeDeleteModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86OldVidModeDeleteModeLineReq)); ++ } ++ else { ++ REQUEST_AT_LEAST_SIZE(xXF86VidModeDeleteModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86VidModeDeleteModeLineReq)); ++ } ++ + if (ver < 2) { + /* convert from old format */ + stuff = &newstuff; +@@ -649,18 +665,6 @@ ProcVidModeDeleteModeLine(ClientPtr client) + stuff->vdisplay, stuff->vsyncstart, stuff->vsyncend, stuff->vtotal, + (unsigned long) stuff->flags); + +- if (ver < 2) { +- REQUEST_AT_LEAST_SIZE(xXF86OldVidModeDeleteModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86OldVidModeDeleteModeLineReq)); +- } +- else { +- REQUEST_AT_LEAST_SIZE(xXF86VidModeDeleteModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86VidModeDeleteModeLineReq)); +- } + if (len != stuff->privsize) { + DebugF("req_len = %ld, sizeof(Req) = %d, privsize = %ld, " + "len = %d, length = %d\n", +@@ -744,6 +748,20 @@ ProcVidModeModModeLine(ClientPtr client) + DEBUG_P("XF86VidModeModModeline"); + + ver = ClientMajorVersion(client); ++ ++ if (ver < 2) { ++ REQUEST_AT_LEAST_SIZE(xXF86OldVidModeModModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86OldVidModeModModeLineReq)); ++ } ++ else { ++ REQUEST_AT_LEAST_SIZE(xXF86VidModeModModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86VidModeModModeLineReq)); ++ } ++ + if (ver < 2) { + /* convert from old format */ + stuff = &newstuff; +@@ -768,18 +786,6 @@ ProcVidModeModModeLine(ClientPtr client) + stuff->vdisplay, stuff->vsyncstart, stuff->vsyncend, + stuff->vtotal, (unsigned long) stuff->flags); + +- if (ver < 2) { +- REQUEST_AT_LEAST_SIZE(xXF86OldVidModeModModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86OldVidModeModModeLineReq)); +- } +- else { +- REQUEST_AT_LEAST_SIZE(xXF86VidModeModModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86VidModeModModeLineReq)); +- } + if (len != stuff->privsize) + return BadLength; + +@@ -877,6 +883,19 @@ ProcVidModeValidateModeLine(ClientPtr client) + DEBUG_P("XF86VidModeValidateModeline"); + + ver = ClientMajorVersion(client); ++ ++ if (ver < 2) { ++ REQUEST_AT_LEAST_SIZE(xXF86OldVidModeValidateModeLineReq); ++ len = client->req_len - ++ bytes_to_int32(sizeof(xXF86OldVidModeValidateModeLineReq)); ++ } ++ else { ++ REQUEST_AT_LEAST_SIZE(xXF86VidModeValidateModeLineReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86VidModeValidateModeLineReq)); ++ } ++ + if (ver < 2) { + /* convert from old format */ + stuff = &newstuff; +@@ -905,17 +924,6 @@ ProcVidModeValidateModeLine(ClientPtr client) + stuff->vdisplay, stuff->vsyncstart, stuff->vsyncend, stuff->vtotal, + (unsigned long) stuff->flags); + +- if (ver < 2) { +- REQUEST_AT_LEAST_SIZE(xXF86OldVidModeValidateModeLineReq); +- len = client->req_len - +- bytes_to_int32(sizeof(xXF86OldVidModeValidateModeLineReq)); +- } +- else { +- REQUEST_AT_LEAST_SIZE(xXF86VidModeValidateModeLineReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86VidModeValidateModeLineReq)); +- } + if (len != stuff->privsize) + return BadLength; + +@@ -1027,6 +1035,20 @@ ProcVidModeSwitchToMode(ClientPtr client) + DEBUG_P("XF86VidModeSwitchToMode"); + + ver = ClientMajorVersion(client); ++ ++ if (ver < 2) { ++ REQUEST_AT_LEAST_SIZE(xXF86OldVidModeSwitchToModeReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86OldVidModeSwitchToModeReq)); ++ } ++ else { ++ REQUEST_AT_LEAST_SIZE(xXF86VidModeSwitchToModeReq); ++ len = ++ client->req_len - ++ bytes_to_int32(sizeof(xXF86VidModeSwitchToModeReq)); ++ } ++ + if (ver < 2) { + /* convert from old format */ + stuff = &newstuff; +@@ -1055,18 +1077,6 @@ ProcVidModeSwitchToMode(ClientPtr client) + stuff->vdisplay, stuff->vsyncstart, stuff->vsyncend, stuff->vtotal, + (unsigned long) stuff->flags); + +- if (ver < 2) { +- REQUEST_AT_LEAST_SIZE(xXF86OldVidModeSwitchToModeReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86OldVidModeSwitchToModeReq)); +- } +- else { +- REQUEST_AT_LEAST_SIZE(xXF86VidModeSwitchToModeReq); +- len = +- client->req_len - +- bytes_to_int32(sizeof(xXF86VidModeSwitchToModeReq)); +- } + if (len != stuff->privsize) + return BadLength; + +@@ -1457,6 +1467,7 @@ ProcVidModeSetGammaRamp(ClientPtr client) + VidModePtr pVidMode; + + REQUEST(xXF86VidModeSetGammaRampReq); ++ REQUEST_AT_LEAST_SIZE(xXF86VidModeSetGammaRampReq); + + if (stuff->screen >= screenInfo.numScreens) + return BadValue; +diff --git a/hw/xfree86/common/xf86DGA.c b/hw/xfree86/common/xf86DGA.c +index 95434e8..505b019 100644 +--- a/hw/xfree86/common/xf86DGA.c ++++ b/hw/xfree86/common/xf86DGA.c +@@ -1272,13 +1272,14 @@ ProcXDGAOpenFramebuffer(ClientPtr client) + char *deviceName; + int nameSize; + ++ REQUEST_SIZE_MATCH(xXDGAOpenFramebufferReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (!DGAAvailable(stuff->screen)) + return DGAErrorBase + XF86DGANoDirectVideoMode; + +- REQUEST_SIZE_MATCH(xXDGAOpenFramebufferReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1305,14 +1306,14 @@ ProcXDGACloseFramebuffer(ClientPtr client) + { + REQUEST(xXDGACloseFramebufferReq); + ++ REQUEST_SIZE_MATCH(xXDGACloseFramebufferReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (!DGAAvailable(stuff->screen)) + return DGAErrorBase + XF86DGANoDirectVideoMode; + +- REQUEST_SIZE_MATCH(xXDGACloseFramebufferReq); +- + DGACloseFramebuffer(stuff->screen); + + return Success; +@@ -1328,10 +1329,11 @@ ProcXDGAQueryModes(ClientPtr client) + xXDGAModeInfo info; + XDGAModePtr mode; + ++ REQUEST_SIZE_MATCH(xXDGAQueryModesReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + +- REQUEST_SIZE_MATCH(xXDGAQueryModesReq); + rep.type = X_Reply; + rep.length = 0; + rep.number = 0; +@@ -1443,11 +1445,12 @@ ProcXDGASetMode(ClientPtr client) + ClientPtr owner; + int size; + ++ REQUEST_SIZE_MATCH(xXDGASetModeReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + owner = DGA_GETCLIENT(stuff->screen); + +- REQUEST_SIZE_MATCH(xXDGASetModeReq); + rep.type = X_Reply; + rep.length = 0; + rep.offset = 0; +@@ -1533,14 +1536,14 @@ ProcXDGASetViewport(ClientPtr client) + { + REQUEST(xXDGASetViewportReq); + ++ REQUEST_SIZE_MATCH(xXDGASetViewportReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGASetViewportReq); +- + DGASetViewport(stuff->screen, stuff->x, stuff->y, stuff->flags); + + return Success; +@@ -1554,14 +1557,14 @@ ProcXDGAInstallColormap(ClientPtr client) + + REQUEST(xXDGAInstallColormapReq); + ++ REQUEST_SIZE_MATCH(xXDGAInstallColormapReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGAInstallColormapReq); +- + rc = dixLookupResourceByType((void **) &cmap, stuff->cmap, RT_COLORMAP, + client, DixInstallAccess); + if (rc != Success) +@@ -1575,14 +1578,14 @@ ProcXDGASelectInput(ClientPtr client) + { + REQUEST(xXDGASelectInputReq); + ++ REQUEST_SIZE_MATCH(xXDGASelectInputReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGASelectInputReq); +- + if (DGA_GETCLIENT(stuff->screen) == client) + DGASelectInput(stuff->screen, client, stuff->mask); + +@@ -1594,14 +1597,14 @@ ProcXDGAFillRectangle(ClientPtr client) + { + REQUEST(xXDGAFillRectangleReq); + ++ REQUEST_SIZE_MATCH(xXDGAFillRectangleReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGAFillRectangleReq); +- + if (Success != DGAFillRect(stuff->screen, stuff->x, stuff->y, + stuff->width, stuff->height, stuff->color)) + return BadMatch; +@@ -1614,14 +1617,14 @@ ProcXDGACopyArea(ClientPtr client) + { + REQUEST(xXDGACopyAreaReq); + ++ REQUEST_SIZE_MATCH(xXDGACopyAreaReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGACopyAreaReq); +- + if (Success != DGABlitRect(stuff->screen, stuff->srcx, stuff->srcy, + stuff->width, stuff->height, stuff->dstx, + stuff->dsty)) +@@ -1635,14 +1638,14 @@ ProcXDGACopyTransparentArea(ClientPtr client) + { + REQUEST(xXDGACopyTransparentAreaReq); + ++ REQUEST_SIZE_MATCH(xXDGACopyTransparentAreaReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGACopyTransparentAreaReq); +- + if (Success != DGABlitTransRect(stuff->screen, stuff->srcx, stuff->srcy, + stuff->width, stuff->height, stuff->dstx, + stuff->dsty, stuff->key)) +@@ -1657,13 +1660,14 @@ ProcXDGAGetViewportStatus(ClientPtr client) + REQUEST(xXDGAGetViewportStatusReq); + xXDGAGetViewportStatusReply rep; + ++ REQUEST_SIZE_MATCH(xXDGAGetViewportStatusReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGAGetViewportStatusReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1680,13 +1684,14 @@ ProcXDGASync(ClientPtr client) + REQUEST(xXDGASyncReq); + xXDGASyncReply rep; + ++ REQUEST_SIZE_MATCH(xXDGASyncReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGASyncReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1725,13 +1730,14 @@ ProcXDGAChangePixmapMode(ClientPtr client) + xXDGAChangePixmapModeReply rep; + int x, y; + ++ REQUEST_SIZE_MATCH(xXDGAChangePixmapModeReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGAChangePixmapModeReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1755,14 +1761,14 @@ ProcXDGACreateColormap(ClientPtr client) + REQUEST(xXDGACreateColormapReq); + int result; + ++ REQUEST_SIZE_MATCH(xXDGACreateColormapReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXDGACreateColormapReq); +- + if (!stuff->mode) + return BadValue; + +@@ -1791,10 +1797,11 @@ ProcXF86DGAGetVideoLL(ClientPtr client) + int num, offset, flags; + char *name; + ++ REQUEST_SIZE_MATCH(xXF86DGAGetVideoLLReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + +- REQUEST_SIZE_MATCH(xXF86DGAGetVideoLLReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1831,9 +1838,10 @@ ProcXF86DGADirectVideo(ClientPtr client) + + REQUEST(xXF86DGADirectVideoReq); + ++ REQUEST_SIZE_MATCH(xXF86DGADirectVideoReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; +- REQUEST_SIZE_MATCH(xXF86DGADirectVideoReq); + + if (!DGAAvailable(stuff->screen)) + return DGAErrorBase + XF86DGANoDirectVideoMode; +@@ -1889,10 +1897,11 @@ ProcXF86DGAGetViewPortSize(ClientPtr client) + REQUEST(xXF86DGAGetViewPortSizeReq); + xXF86DGAGetViewPortSizeReply rep; + ++ REQUEST_SIZE_MATCH(xXF86DGAGetViewPortSizeReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + +- REQUEST_SIZE_MATCH(xXF86DGAGetViewPortSizeReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1917,14 +1926,14 @@ ProcXF86DGASetViewPort(ClientPtr client) + { + REQUEST(xXF86DGASetViewPortReq); + ++ REQUEST_SIZE_MATCH(xXF86DGASetViewPortReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXF86DGASetViewPortReq); +- + if (!DGAAvailable(stuff->screen)) + return DGAErrorBase + XF86DGANoDirectVideoMode; + +@@ -1944,10 +1953,11 @@ ProcXF86DGAGetVidPage(ClientPtr client) + REQUEST(xXF86DGAGetVidPageReq); + xXF86DGAGetVidPageReply rep; + ++ REQUEST_SIZE_MATCH(xXF86DGAGetVidPageReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + +- REQUEST_SIZE_MATCH(xXF86DGAGetVidPageReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -1962,11 +1972,11 @@ ProcXF86DGASetVidPage(ClientPtr client) + { + REQUEST(xXF86DGASetVidPageReq); + ++ REQUEST_SIZE_MATCH(xXF86DGASetVidPageReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + +- REQUEST_SIZE_MATCH(xXF86DGASetVidPageReq); +- + /* silently fail */ + + return Success; +@@ -1980,14 +1990,14 @@ ProcXF86DGAInstallColormap(ClientPtr client) + + REQUEST(xXF86DGAInstallColormapReq); + ++ REQUEST_SIZE_MATCH(xXF86DGAInstallColormapReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXF86DGAInstallColormapReq); +- + if (!DGAActive(stuff->screen)) + return DGAErrorBase + XF86DGADirectNotActivated; + +@@ -2008,10 +2018,11 @@ ProcXF86DGAQueryDirectVideo(ClientPtr client) + REQUEST(xXF86DGAQueryDirectVideoReq); + xXF86DGAQueryDirectVideoReply rep; + ++ REQUEST_SIZE_MATCH(xXF86DGAQueryDirectVideoReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + +- REQUEST_SIZE_MATCH(xXF86DGAQueryDirectVideoReq); + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; +@@ -2030,14 +2041,14 @@ ProcXF86DGAViewPortChanged(ClientPtr client) + REQUEST(xXF86DGAViewPortChangedReq); + xXF86DGAViewPortChangedReply rep; + ++ REQUEST_SIZE_MATCH(xXF86DGAViewPortChangedReq); ++ + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + + if (DGA_GETCLIENT(stuff->screen) != client) + return DGAErrorBase + XF86DGADirectNotActivated; + +- REQUEST_SIZE_MATCH(xXF86DGAViewPortChangedReq); +- + if (!DGAActive(stuff->screen)) + return DGAErrorBase + XF86DGADirectNotActivated; + +diff --git a/hw/xfree86/dri/xf86dri.c b/hw/xfree86/dri/xf86dri.c +index 8f3c2d6..d356db9 100644 +--- a/hw/xfree86/dri/xf86dri.c ++++ b/hw/xfree86/dri/xf86dri.c +@@ -570,6 +570,7 @@ static int _X_COLD + SProcXF86DRIQueryDirectRenderingCapable(register ClientPtr client) + { + REQUEST(xXF86DRIQueryDirectRenderingCapableReq); ++ REQUEST_SIZE_MATCH(xXF86DRIQueryDirectRenderingCapableReq); + swaps(&stuff->length); + swapl(&stuff->screen); + return ProcXF86DRIQueryDirectRenderingCapable(client); +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12183.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12183.diff new file mode 100644 index 000000000..b88ba950e --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12183.diff @@ -0,0 +1,95 @@ +From 55caa8b08c84af2b50fbc936cf334a5a93dd7db5 Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Fri, 9 Jan 2015 11:43:05 -0500 +Subject: xfixes: unvalidated lengths (CVE-2017-12183) + +v2: Use before swap (Jeremy Huddleston Sequoia) + +v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith) + +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/xfixes/cursor.c b/xfixes/cursor.c +index c1ab3be..dc447ed 100644 +--- a/xfixes/cursor.c ++++ b/xfixes/cursor.c +@@ -281,6 +281,7 @@ int _X_COLD + SProcXFixesSelectCursorInput(ClientPtr client) + { + REQUEST(xXFixesSelectCursorInputReq); ++ REQUEST_SIZE_MATCH(xXFixesSelectCursorInputReq); + + swaps(&stuff->length); + swapl(&stuff->window); +@@ -414,7 +415,7 @@ ProcXFixesSetCursorName(ClientPtr client) + REQUEST(xXFixesSetCursorNameReq); + Atom atom; + +- REQUEST_AT_LEAST_SIZE(xXFixesSetCursorNameReq); ++ REQUEST_FIXED_SIZE(xXFixesSetCursorNameReq, stuff->nbytes); + VERIFY_CURSOR(pCursor, stuff->cursor, client, DixSetAttrAccess); + tchar = (char *) &stuff[1]; + atom = MakeAtom(tchar, stuff->nbytes, TRUE); +@@ -1007,6 +1008,8 @@ SProcXFixesCreatePointerBarrier(ClientPtr client) + int i; + CARD16 *in_devices = (CARD16 *) &stuff[1]; + ++ REQUEST_AT_LEAST_SIZE(xXFixesCreatePointerBarrierReq); ++ + swaps(&stuff->length); + swaps(&stuff->num_devices); + REQUEST_FIXED_SIZE(xXFixesCreatePointerBarrierReq, pad_to_int32(stuff->num_devices)); +diff --git a/xfixes/region.c b/xfixes/region.c +index e773701..7c0a7d2 100644 +--- a/xfixes/region.c ++++ b/xfixes/region.c +@@ -359,6 +359,7 @@ ProcXFixesCopyRegion(ClientPtr client) + RegionPtr pSource, pDestination; + + REQUEST(xXFixesCopyRegionReq); ++ REQUEST_SIZE_MATCH(xXFixesCopyRegionReq); + + VERIFY_REGION(pSource, stuff->source, client, DixReadAccess); + VERIFY_REGION(pDestination, stuff->destination, client, DixWriteAccess); +@@ -375,7 +376,7 @@ SProcXFixesCopyRegion(ClientPtr client) + REQUEST(xXFixesCopyRegionReq); + + swaps(&stuff->length); +- REQUEST_AT_LEAST_SIZE(xXFixesCopyRegionReq); ++ REQUEST_SIZE_MATCH(xXFixesCopyRegionReq); + swapl(&stuff->source); + swapl(&stuff->destination); + return (*ProcXFixesVector[stuff->xfixesReqType]) (client); +diff --git a/xfixes/saveset.c b/xfixes/saveset.c +index 2043153..fd9c7a1 100644 +--- a/xfixes/saveset.c ++++ b/xfixes/saveset.c +@@ -62,6 +62,7 @@ int _X_COLD + SProcXFixesChangeSaveSet(ClientPtr client) + { + REQUEST(xXFixesChangeSaveSetReq); ++ REQUEST_SIZE_MATCH(xXFixesChangeSaveSetReq); + + swaps(&stuff->length); + swapl(&stuff->window); +diff --git a/xfixes/xfixes.c b/xfixes/xfixes.c +index 77efd64..248bf02 100644 +--- a/xfixes/xfixes.c ++++ b/xfixes/xfixes.c +@@ -160,6 +160,7 @@ static _X_COLD int + SProcXFixesQueryVersion(ClientPtr client) + { + REQUEST(xXFixesQueryVersionReq); ++ REQUEST_SIZE_MATCH(xXFixesQueryVersionReq); + + swaps(&stuff->length); + swapl(&stuff->majorVersion); +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12184_12185_12186_12187.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12184_12185_12186_12187.diff new file mode 100644 index 000000000..d29956864 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-12184_12185_12186_12187.diff @@ -0,0 +1,139 @@ +From cad5a1050b7184d828aef9c1dd151c3ab649d37e Mon Sep 17 00:00:00 2001 +From: Nathan Kidd <nkidd@opentext.com> +Date: Fri, 9 Jan 2015 09:57:23 -0500 +Subject: Unvalidated lengths + +v2: Add overflow check and remove unnecessary check (Julien Cristau) + +This addresses: +CVE-2017-12184 in XINERAMA +CVE-2017-12185 in MIT-SCREEN-SAVER +CVE-2017-12186 in X-Resource +CVE-2017-12187 in RENDER + +Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> +Reviewed-by: Julien Cristau <jcristau@debian.org> +Signed-off-by: Nathan Kidd <nkidd@opentext.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/Xext/panoramiX.c b/Xext/panoramiX.c +index 209df29..844ea49 100644 +--- a/Xext/panoramiX.c ++++ b/Xext/panoramiX.c +@@ -988,10 +988,11 @@ ProcPanoramiXGetScreenSize(ClientPtr client) + xPanoramiXGetScreenSizeReply rep; + int rc; + ++ REQUEST_SIZE_MATCH(xPanoramiXGetScreenSizeReq); ++ + if (stuff->screen >= PanoramiXNumScreens) + return BadMatch; + +- REQUEST_SIZE_MATCH(xPanoramiXGetScreenSizeReq); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); + if (rc != Success) + return rc; +diff --git a/Xext/saver.c b/Xext/saver.c +index 0949761..f6090d8 100644 +--- a/Xext/saver.c ++++ b/Xext/saver.c +@@ -1186,6 +1186,8 @@ ProcScreenSaverUnsetAttributes(ClientPtr client) + PanoramiXRes *draw; + int rc, i; + ++ REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq); ++ + rc = dixLookupResourceByClass((void **) &draw, stuff->drawable, + XRC_DRAWABLE, client, DixWriteAccess); + if (rc != Success) +diff --git a/Xext/xres.c b/Xext/xres.c +index 21239f5..0242158 100644 +--- a/Xext/xres.c ++++ b/Xext/xres.c +@@ -947,6 +947,8 @@ ProcXResQueryResourceBytes (ClientPtr client) + ConstructResourceBytesCtx ctx; + + REQUEST_AT_LEAST_SIZE(xXResQueryResourceBytesReq); ++ if (stuff->numSpecs > UINT32_MAX / sizeof(ctx.specs[0])) ++ return BadLength; + REQUEST_FIXED_SIZE(xXResQueryResourceBytesReq, + stuff->numSpecs * sizeof(ctx.specs[0])); + +@@ -1052,8 +1054,8 @@ SProcXResQueryResourceBytes (ClientPtr client) + int c; + xXResResourceIdSpec *specs = (void*) ((char*) stuff + sizeof(*stuff)); + +- swapl(&stuff->numSpecs); + REQUEST_AT_LEAST_SIZE(xXResQueryResourceBytesReq); ++ swapl(&stuff->numSpecs); + REQUEST_FIXED_SIZE(xXResQueryResourceBytesReq, + stuff->numSpecs * sizeof(specs[0])); + +diff --git a/Xext/xvdisp.c b/Xext/xvdisp.c +index d99d3d4..5232b37 100644 +--- a/Xext/xvdisp.c ++++ b/Xext/xvdisp.c +@@ -1493,12 +1493,14 @@ XineramaXvShmPutImage(ClientPtr client) + { + REQUEST(xvShmPutImageReq); + PanoramiXRes *draw, *gc, *port; +- Bool send_event = stuff->send_event; ++ Bool send_event; + Bool isRoot; + int result, i, x, y; + + REQUEST_SIZE_MATCH(xvShmPutImageReq); + ++ send_event = stuff->send_event; ++ + result = dixLookupResourceByClass((void **) &draw, stuff->drawable, + XRC_DRAWABLE, client, DixWriteAccess); + if (result != Success) +diff --git a/hw/dmx/dmxpict.c b/hw/dmx/dmxpict.c +index 1f1022e..63caec9 100644 +--- a/hw/dmx/dmxpict.c ++++ b/hw/dmx/dmxpict.c +@@ -716,6 +716,8 @@ dmxProcRenderSetPictureFilter(ClientPtr client) + filter = (char *) (stuff + 1); + params = (XFixed *) (filter + ((stuff->nbytes + 3) & ~3)); + nparams = ((XFixed *) stuff + client->req_len) - params; ++ if (nparams < 0) ++ return BadLength; + + XRenderSetPictureFilter(dmxScreen->beDisplay, + pPictPriv->pict, filter, params, nparams); +diff --git a/pseudoramiX/pseudoramiX.c b/pseudoramiX/pseudoramiX.c +index d8b2593..95f6e10 100644 +--- a/pseudoramiX/pseudoramiX.c ++++ b/pseudoramiX/pseudoramiX.c +@@ -297,10 +297,11 @@ ProcPseudoramiXGetScreenSize(ClientPtr client) + + TRACE; + ++ REQUEST_SIZE_MATCH(xPanoramiXGetScreenSizeReq); ++ + if (stuff->screen >= pseudoramiXNumScreens) + return BadMatch; + +- REQUEST_SIZE_MATCH(xPanoramiXGetScreenSizeReq); + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); + if (rc != Success) + return rc; +diff --git a/render/render.c b/render/render.c +index ccae49a..7d94bd5 100644 +--- a/render/render.c ++++ b/render/render.c +@@ -1757,6 +1757,9 @@ ProcRenderSetPictureFilter(ClientPtr client) + name = (char *) (stuff + 1); + params = (xFixed *) (name + pad_to_int32(stuff->nbytes)); + nparams = ((xFixed *) stuff + client->req_len) - params; ++ if (nparams < 0) ++ return BadLength; ++ + result = SetPictureFilter(pPicture, name, stuff->nbytes, params, nparams); + return result; + } +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-13721.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-13721.diff new file mode 100644 index 000000000..8341a3372 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-13721.diff @@ -0,0 +1,27 @@ +From b95f25af141d33a65f6f821ea9c003f66a01e1f1 Mon Sep 17 00:00:00 2001 +From: Michal Srb <msrb@suse.com> +Date: Fri, 28 Jul 2017 16:27:10 +0200 +Subject: Xext/shm: Validate shmseg resource id (CVE-2017-13721) + +Otherwise it can belong to a non-existing client and abort X server with +FatalError "client not in use", or overwrite existing segment of another +existing client. + +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/Xext/shm.c b/Xext/shm.c +index 91ea90b..2f9a788 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -1238,6 +1238,7 @@ ProcShmCreateSegment(ClientPtr client) + }; + + REQUEST_SIZE_MATCH(xShmCreateSegmentReq); ++ LEGAL_NEW_RESOURCE(stuff->shmseg, client); + if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) { + client->errorValue = stuff->readOnly; + return BadValue; +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-13723.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-13723.diff new file mode 100644 index 000000000..6e37be485 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-13723.diff @@ -0,0 +1,116 @@ +From 94f11ca5cf011ef123bd222cabeaef6f424d76ac Mon Sep 17 00:00:00 2001 +From: Keith Packard <keithp@keithp.com> +Date: Thu, 27 Jul 2017 10:08:32 -0700 +Subject: xkb: Handle xkb formated string output safely (CVE-2017-13723) + +Generating strings for XKB data used a single shared static buffer, +which offered several opportunities for errors. Use a ring of +resizable buffers instead, to avoid problems when strings end up +longer than anticipated. + +Reviewed-by: Michal Srb <msrb@suse.com> +Signed-off-by: Keith Packard <keithp@keithp.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> + +diff --git a/xkb/xkbtext.c b/xkb/xkbtext.c +index ead2b1a..d2a2567 100644 +--- a/xkb/xkbtext.c ++++ b/xkb/xkbtext.c +@@ -47,23 +47,27 @@ + + /***====================================================================***/ + +-#define BUFFER_SIZE 512 +- +-static char textBuffer[BUFFER_SIZE]; +-static int tbNext = 0; ++#define NUM_BUFFER 8 ++static struct textBuffer { ++ int size; ++ char *buffer; ++} textBuffer[NUM_BUFFER]; ++static int textBufferIndex; + + static char * + tbGetBuffer(unsigned size) + { +- char *rtrn; ++ struct textBuffer *tb; + +- if (size >= BUFFER_SIZE) +- return NULL; +- if ((BUFFER_SIZE - tbNext) <= size) +- tbNext = 0; +- rtrn = &textBuffer[tbNext]; +- tbNext += size; +- return rtrn; ++ tb = &textBuffer[textBufferIndex]; ++ textBufferIndex = (textBufferIndex + 1) % NUM_BUFFER; ++ ++ if (size > tb->size) { ++ free(tb->buffer); ++ tb->buffer = xnfalloc(size); ++ tb->size = size; ++ } ++ return tb->buffer; + } + + /***====================================================================***/ +@@ -79,8 +83,6 @@ XkbAtomText(Atom atm, unsigned format) + int len; + + len = strlen(atmstr) + 1; +- if (len > BUFFER_SIZE) +- len = BUFFER_SIZE - 2; + rtrn = tbGetBuffer(len); + strlcpy(rtrn, atmstr, len); + } +@@ -128,8 +130,6 @@ XkbVModIndexText(XkbDescPtr xkb, unsigned ndx, unsigned format) + len = strlen(tmp) + 1; + if (format == XkbCFile) + len += 4; +- if (len >= BUFFER_SIZE) +- len = BUFFER_SIZE - 1; + rtrn = tbGetBuffer(len); + if (format == XkbCFile) { + strcpy(rtrn, "vmod_"); +@@ -140,6 +140,8 @@ XkbVModIndexText(XkbDescPtr xkb, unsigned ndx, unsigned format) + return rtrn; + } + ++#define VMOD_BUFFER_SIZE 512 ++ + char * + XkbVModMaskText(XkbDescPtr xkb, + unsigned modMask, unsigned mask, unsigned format) +@@ -147,7 +149,7 @@ XkbVModMaskText(XkbDescPtr xkb, + register int i, bit; + int len; + char *mm, *rtrn; +- char *str, buf[BUFFER_SIZE]; ++ char *str, buf[VMOD_BUFFER_SIZE]; + + if ((modMask == 0) && (mask == 0)) { + rtrn = tbGetBuffer(5); +@@ -173,7 +175,7 @@ XkbVModMaskText(XkbDescPtr xkb, + len = strlen(tmp) + 1 + (str == buf ? 0 : 1); + if (format == XkbCFile) + len += 4; +- if ((str - (buf + len)) <= BUFFER_SIZE) { ++ if ((str - (buf + len)) <= VMOD_BUFFER_SIZE) { + if (str != buf) { + if (format == XkbCFile) + *str++ = '|'; +@@ -199,8 +201,6 @@ XkbVModMaskText(XkbDescPtr xkb, + len = 0; + if (str) + len += strlen(str) + (mm == NULL ? 0 : 1); +- if (len >= BUFFER_SIZE) +- len = BUFFER_SIZE - 1; + rtrn = tbGetBuffer(len + 1); + rtrn[0] = '\0'; + +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch b/patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch new file mode 100644 index 000000000..83f673030 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch @@ -0,0 +1,49 @@ +--- b/Xi/exevents.c 2013-12-27 19:38:52.000000000 +0200 ++++ a/Xi/exevents.c 2014-03-04 19:44:15.228721619 +0200 +@@ -665,7 +665,8 @@ + DeepCopyFeedbackClasses(from, to); + + if ((dce->flags & DEVCHANGE_KEYBOARD_EVENT)) +- DeepCopyKeyboardClasses(from, to); ++ /* We need to copy to MASTER_KEYBOARD. Didn't worked with 'to'. */ ++ DeepCopyKeyboardClasses(from, GetMaster(from, MASTER_KEYBOARD)); + if ((dce->flags & DEVCHANGE_POINTER_EVENT)) + DeepCopyPointerClasses(from, to); + } +--- b/dix/getevents.c 2013-12-27 19:38:52.000000000 +0200 ++++ a/dix/getevents.c 2014-03-04 19:46:50.126336327 +0200 +@@ -706,12 +706,19 @@ + { + DeviceIntPtr master; + +- master = +- GetMaster(dev, +- (type & DEVCHANGE_POINTER_EVENT) ? MASTER_POINTER : +- MASTER_KEYBOARD); ++ /* Don't guess the master upon the event type. Use MASTER_ATTACHED, ++ * otherwise we'll never get a DeviceChangedEvent(reason:SlaveSwith). */ ++ master = GetMaster(dev, MASTER_ATTACHED); ++ /* Need to track the slave event type. Other we'le never get a ++ * DeviceChangedEvent(reason:SlaveSwith) for the 'keyboard' if the ++ * 'pointer' has been touched before. */ ++ int slave_type = (type & DEVCHANGE_KEYBOARD_EVENT) | ++ (type & DEVCHANGE_POINTER_EVENT); + +- if (master && master->last.slave != dev) { ++ if (master && ++ ((master->last.slave != dev) || ++ (master->last.slave == dev && master->last.slave_type != slave_type))) { ++ master->last.slave_type = slave_type; + CreateClassesChangedEvent(events, master, dev, + type | DEVCHANGE_SLAVE_SWITCH); + if (IsPointerDevice(master)) { +--- b/include/inputstr.h 2013-12-27 19:38:52.000000000 +0200 ++++ a/include/inputstr.h 2014-03-04 19:47:28.074051116 +0200 +@@ -577,6 +577,7 @@ + double valuators[MAX_VALUATORS]; + int numValuators; + DeviceIntPtr slave; ++ int slave_type; + ValuatorMask *scroll; + int num_touches; /* size of the touches array */ + DDXTouchPointInfoPtr touches; diff --git a/patches/source/xorg-server/post-install/xorg-server.post-install b/patches/source/xorg-server/post-install/xorg-server.post-install new file mode 100644 index 000000000..e21a0f03a --- /dev/null +++ b/patches/source/xorg-server/post-install/xorg-server.post-install @@ -0,0 +1,66 @@ +# Create the configuration directories for xorg-server 1.9.x +mkdir -p $PKG/etc/X11/xorg.conf.d $PKG/usr/share/X11/xorg.conf.d + +# Create a sample keyboard layout +# Enable zapping by default +cat << EOF > $PKG/usr/share/X11/xorg.conf.d/90-keyboard-layout.conf +Section "InputClass" + Identifier "keyboard-all" + MatchIsKeyboard "on" + MatchDevicePath "/dev/input/event*" + Driver "evdev" + Option "XkbLayout" "us" + #Option "XkbVariant" "" + Option "XkbOptions" "terminate:ctrl_alt_bksp" +EndSection + +# READ THIS FOR CUSTOM KEYBOARD INFORMATION +# +# If you want to add a custom model/layout/variant to X, you will need to COPY +# this file to /etc/X11/xorg.conf.d/ and edit that copy. After editing it to +# suit, you will need to restart X. +# +# Here's an example of the lines from above: +# +# Section "InputClass" +# Identifier "keyboard-all" +# MatchIsKeyboard "on" +# MatchDevicePath "/dev/input/event*" +# Driver "evdev" +# Option "XkbLayout" "us" +# Option "XkbVariant" "intl" +# Option "XkbOptions" "compose:rwin,terminate:ctrl_alt_bksp" +# EndSection +# +# Many desktop environments, including KDE and Xfce, have their own methods to +# configure keyboard layouts and such if you'd like to use them. +# +# If you prefer to use the "old" way of configuring keyboards (without input +# device hotplugging), then you'll need to add the following lines to the +# ServerFlags section of /etc/X11/xorg.conf: +# Option "AllowEmptyInput" "false" +# Option "AutoAddDevices" "false" +# Option "AutoEnableDevices" "false" +# Alternatively, you can break this up into separate "stubs" in the xorg.conf.d/ +# directory, but that's your call. Assuming you elect to keep a monolithic +# /etc/X11/xorg.conf file, you can now edit the Keyboard section as usual. + +EOF + +# Add COPYING file: +mkdir -p $PKG/usr/doc/xorg-server-$MODULAR_PACKAGE_VERSION +cp -a COPYING $PKG/usr/doc/xorg-server-$MODULAR_PACKAGE_VERSION + +# Don't mess with my /var/log/ permissions: +rmdir $PKG/var/log +rmdir $PKG/var + +# While I hate to have X11 take over another generic-sounding +# piece of prime filesystem real estate, this symlink will +# direct (for now) proprietary X drivers into the corrent +# location: + +( cd $PKG/usr/lib + rm -rf modules + ln -sf xorg/modules . +) diff --git a/patches/source/xorg-server/slack-desc/xorg-server b/patches/source/xorg-server/slack-desc/xorg-server new file mode 100644 index 000000000..9d25b405d --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server: xorg-server (The Xorg server, the core of the X Window System) +xorg-server: +xorg-server: Xorg is a full featured X server that was originally designed for UNIX +xorg-server: and UNIX-like operating systems running on Intel x86 hardware. It now +xorg-server: runs on a wider range of hardware and OS platforms. This work was +xorg-server: derived by the X.Org Foundation from the XFree86 Project's XFree86 +xorg-server: 4.4rc2 release. The XFree86 release was originally derived from X386 +xorg-server: 1.2 by Thomas Roell which was contributed to X11R5 by Snitily Graphics +xorg-server: Consulting Service. +xorg-server: +xorg-server: The home page for the X project is: http://www.x.org diff --git a/patches/source/xorg-server/slack-desc/xorg-server-xephyr b/patches/source/xorg-server/slack-desc/xorg-server-xephyr new file mode 100644 index 000000000..640f3d189 --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server-xephyr @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server-xephyr: xorg-server-xephyr (Improved nested X server/client) +xorg-server-xephyr: +xorg-server-xephyr: Xephyr is a nested X-Client like Xnest, but with some additional +xorg-server-xephyr: features like XRender support. +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: diff --git a/patches/source/xorg-server/slack-desc/xorg-server-xnest b/patches/source/xorg-server/slack-desc/xorg-server-xnest new file mode 100644 index 000000000..393f93bdd --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server-xnest @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server-xnest: xorg-server-xnest (a nested X server) +xorg-server-xnest: +xorg-server-xnest: Xnest is an experimental nested server for X that acts as both a +xorg-server-xnest: client and a server. Xnest is a client of the real server which +xorg-server-xnest: manages windows and graphics requests on its behalf. Xnest is a +xorg-server-xnest: server to its own clients. Xnest manages windows and graphics +xorg-server-xnest: requests on their behalf. To these clients Xnest appears to be a +xorg-server-xnest: conventional server. +xorg-server-xnest: +xorg-server-xnest: +xorg-server-xnest: diff --git a/patches/source/xorg-server/slack-desc/xorg-server-xvfb b/patches/source/xorg-server/slack-desc/xorg-server-xvfb new file mode 100644 index 000000000..aff9c642c --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server-xvfb @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server-xvfb: xorg-server-xvfb (virtual framebuffer X server) +xorg-server-xvfb: +xorg-server-xvfb: Xvfb is an X server that can run on machines with no display hardware +xorg-server-xvfb: and no physical input devices. It emulates a dumb framebuffer using +xorg-server-xvfb: virtual memory. The primary use of this server is intended to be +xorg-server-xvfb: server testing. The mfb or cfb code for any depth can be exercised +xorg-server-xvfb: with this server without the need for real hardware that supports the +xorg-server-xvfb: desired depths. A secondary use is testing clients against unusual +xorg-server-xvfb: depths and screen configurations. +xorg-server-xvfb: +xorg-server-xvfb: diff --git a/patches/source/xorg-server/x11.SlackBuild b/patches/source/xorg-server/x11.SlackBuild new file mode 100755 index 000000000..d2d75e4f0 --- /dev/null +++ b/patches/source/xorg-server/x11.SlackBuild @@ -0,0 +1,381 @@ +#!/bin/sh +# Copyright 2007-2014 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# To build only a single package group, specify it as $1, like: +# ./x11.SlackBuild lib +# To build only a single package, specify both the source directory +# and the name of the package, like: +# ./x11.SlackBuild lib libX11 + +# Upgrade packages as they are built. +# Default is to upgrade new packages (UPGRADE_PACKAGES=yes). +# To install ALL newly built packages (even if they are already installed), +# use UPGRADE_PACKAGES=always +# To not upgrade, pass UPGRADE_PACKAGES=no +UPGRADE_PACKAGES=${UPGRADE_PACKAGES:-yes} + +pkgbase() { + PKGEXT=$(echo $1 | rev | cut -f 1 -d . | rev) + case $PKGEXT in + 'gz' ) + PKGRETURN=$(basename $1 .tar.gz) + ;; + 'bz2' ) + PKGRETURN=$(basename $1 .tar.bz2) + ;; + 'lzma' ) + PKGRETURN=$(basename $1 .tar.lzma) + ;; + 'xz' ) + PKGRETURN=$(basename $1 .tar.xz) + ;; + *) + PKGRETURN=$(basename $1) + ;; + esac + echo $PKGRETURN +} + +# Set initial variables: +CWD=$(pwd) +TMP=${TMP:-/tmp} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# A lot of this stuff just controls the package names this time: +VERSION=${VERSION:-7.5} +BUILD=${BUILD:-1} +PKGARCH=$ARCH +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "x86_64" ]; then + LIBDIRSUFFIX="64" +else + LIBDIRSUFFIX="" +fi + +# Set up a few useful functions: + +fix_perms() { + chown -R root:root . + find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; +} + +process_man_pages() { + # Compress and if needed symlink the man pages: + if [ -d usr/man ]; then + ( cd usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.* + ) + done + ) + fi +} + +process_info_pages() { + # Compress info pages and purge "dir" file from the package: + if [ -d usr/info ]; then + ( cd usr/info + rm -f dir + gzip -9 * + ) + fi +} + +no_usr_share_doc() { + # If there are docs, move them: + if [ -d usr/share/doc ]; then + mkdir -p usr/doc + mv usr/share/doc/* usr/doc + rmdir usr/share/doc + fi +} + +# Set the compile options for the $ARCH being used: +. $CWD/arch.use.flags + +SLACK_X_BUILD_DIR=$TMP/x11-build +mkdir -p $SLACK_X_BUILD_DIR + +# Better have some binaries installed first, as this may not be +# in the "magic order". I built mine by hand through trial-and-error +# before getting this script to work. It wasn't that hard... I think. ;-) +( cd src + for x_source_dir in proto data util xcb lib app doc xserver driver font ; do + # See if $1 is a source directory like "lib": + if [ ! -z "$1" ]; then + if [ ! "$1" = "${x_source_dir}" ]; then + continue + fi + fi + PKG=${SLACK_X_BUILD_DIR}/package-${x_source_dir} + rm -rf $PKG + mkdir -p $PKG + ( cd $x_source_dir + for x_pkg in *.tar.?z* ; do + # Reset $PKGARCH to its initial value: + PKGARCH=$ARCH + PKGNAME=$(echo $x_pkg | rev | cut -f 2- -d - | rev) + # Perhaps $PKGARCH should be something different: + if grep -wq "^$PKGNAME" ${CWD}/noarch ; then + PKGARCH=noarch + fi + if grep -wq "^$PKGNAME" ${CWD}/package-blacklist ; then + continue + fi + cd $SLACK_X_BUILD_DIR + # If $2 is set, we only want to build one package: + if [ ! -z "$2" ]; then + if [ "$2" = "$PKGNAME" ]; then + # Set $PKG to a private dir for the modular package build: + PKG=$SLACK_X_BUILD_DIR/package-$PKGNAME + rm -rf $PKG + mkdir -p $PKG + else + continue + fi + else + echo + echo "Building from source ${x_pkg}" + echo + fi + if grep -wq "^$PKGNAME" ${CWD}/modularize ; then + # Set $PKG to a private dir for the modular package build: + PKG=$SLACK_X_BUILD_DIR/package-$PKGNAME + rm -rf $PKG + mkdir -p $PKG + fi + + # Let's figure out the version number on the modular package: + MODULAR_PACKAGE_VERSION=$(echo $x_pkg | rev | cut -f 3- -d . | cut -f 1 -d - | rev) + + rm -rf $(pkgbase $x_pkg) + tar xf $CWD/src/${x_source_dir}/${x_pkg} || exit 1 + cd $(pkgbase $x_pkg) || exit 1 + + fix_perms + + # If any patches are needed, call this script to apply them: + if [ -r $CWD/patch/${PKGNAME}.patch ]; then + . $CWD/patch/${PKGNAME}.patch + fi + + # I heard somewhere that -O2 breaks some chipset or another. If you encounter + # problems, please contact volkerdi@slackware.com. Thanks! :-) + + # ./configure, using custom configure script if needed: + if [ -r $CWD/configure/${PKGNAME} ]; then + . $CWD/configure/${PKGNAME} + else + # This is the default configure script: + . $CWD/configure/configure + fi + + if ! make $NUMJOBS ; then + touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed + continue + fi + + make install DESTDIR=$PKG + + mkdir -p $PKG/usr/doc/${PKGNAME}-${MODULAR_PACKAGE_VERSION} + cp -a \ + AUTHORS* COPYING* INSTALL* README* NEWS* TODO* \ + $PKG/usr/doc/${PKGNAME}-${MODULAR_PACKAGE_VERSION} + + # If there's a ChangeLog, installing at least part of the recent history + # is useful, but don't let it get totally out of control: + if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAME}-$MODULAR_PACKAGE_VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog + fi + + # Get rid of zero-length junk files: + find $PKG/usr/doc/${PKGNAME}-$MODULAR_PACKAGE_VERSION -type f -size 0 -exec rm --verbose "{}" \; + rmdir --verbose $PKG/usr/doc/${PKGNAME}-$MODULAR_PACKAGE_VERSION 2> /dev/null + + # Strip binaries: + ( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "current ar archive" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null + ) + + # If there's any special post-install things to do, do them: + if [ -r $CWD/post-install/${PKGNAME}.post-install ]; then + RUNSCRIPT=$(mktemp -p $TMP) || exit 1 + cat $CWD/post-install/${PKGNAME}.post-install \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" > $RUNSCRIPT + . $RUNSCRIPT + rm -f $RUNSCRIPT + fi + + # If this package requires some doinst.sh material, add it here: + if [ -r $CWD/doinst.sh/${PKGNAME} ]; then + mkdir -p $PKG/install + cat $CWD/doinst.sh/${PKGNAME} \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" \ + >> $PKG/install/doinst.sh + fi + + # If this is a modular package, build it here: + if [ -d $SLACK_X_BUILD_DIR/package-$PKGNAME ]; then + cd $PKG + process_man_pages + process_info_pages + no_usr_share_doc + mkdir -p $PKG/install + if [ -r $CWD/slack-desc/${PKGNAME} ]; then + cat $CWD/slack-desc/${PKGNAME} > $PKG/install/slack-desc + else + touch $PKG/install/slack-desc-missing + fi + if [ -r $CWD/build/${PKGNAME} ]; then + MODBUILD=$(cat $CWD/build/${PKGNAME}) + else + MODBUILD=$BUILD + fi + if [ -r $CWD/makepkg/${PKGNAME} ]; then + BUILD=$MODBUILD . $CWD/makepkg/${PKGNAME} + else + /sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/${PKGNAME}-${MODULAR_PACKAGE_VERSION}-${PKGARCH}-${MODBUILD}.txz + if [ "$UPGRADE_PACKAGES" = "yes" ]; then + /sbin/upgradepkg --install-new ${SLACK_X_BUILD_DIR}/${PKGNAME}-${MODULAR_PACKAGE_VERSION}-${PKGARCH}-${MODBUILD}.txz + elif [ "$UPGRADE_PACKAGES" = "always" ]; then + /sbin/upgradepkg --install-new --reinstall ${SLACK_X_BUILD_DIR}/${PKGNAME}-${MODULAR_PACKAGE_VERSION}-${PKGARCH}-${MODBUILD}.txz + fi + fi + fi + + # Reset $PKG to assume we're building the whole source dir: + PKG=${SLACK_X_BUILD_DIR}/package-${x_source_dir} + + done + + # Nothing here? Must have been fully modular. :-) + if [ ! -d ${SLACK_X_BUILD_DIR}/package-${x_source_dir}/etc -a \ + ! -d ${SLACK_X_BUILD_DIR}/package-${x_source_dir}/usr ]; then + continue + fi + + # Build an "x11-<sourcedir>" package for anything that wasn't built modular: + # It's safer to consider these to have binaries in them. ;-) + PKGARCH=$ARCH + cd $PKG + process_man_pages + process_info_pages + no_usr_share_doc + # If there are post-install things to do for the combined package, + # we do them here. This could be used for things like making a + # VERSION number for a combined package. :-) + if [ -r $CWD/post-install/x11-${x_source_dir}.post-install ]; then + RUNSCRIPT=$(mktemp -p $TMP) || exit 1 + cat $CWD/post-install/x11-${x_source_dir}.post-install \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" > $RUNSCRIPT + . $RUNSCRIPT + rm -f $RUNSCRIPT + fi + mkdir -p $PKG/install + if [ -r $CWD/slack-desc/x11-${x_source_dir} ]; then + cat $CWD/slack-desc/x11-${x_source_dir} > $PKG/install/slack-desc + else + touch $PKG/install/slack-desc-missing + fi + if [ -r $CWD/doinst.sh/x11-${x_source_dir} ]; then + cat $CWD/doinst.sh/x11-${x_source_dir} \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" \ + >> $PKG/install/doinst.sh + fi + if [ -r $CWD/build/x11-${PKGNAME} ]; then + SRCDIRBUILD=$(cat $CWD/build/x11-${PKGNAME}) + else + SRCDIRBUILD=$BUILD + fi + if [ -r $CWD/makepkg/${PKGNAME} ]; then + BUILD=$MODBUILD . $CWD/makepkg/${PKGNAME} + else + /sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/x11-${x_source_dir}-${VERSION}-${PKGARCH}-${SRCDIRBUILD}.txz + if [ "$UPGRADE_PACKAGES" = "yes" ]; then + /sbin/upgradepkg --install-new ${SLACK_X_BUILD_DIR}/x11-${x_source_dir}-${VERSION}-${PKGARCH}-${SRCDIRBUILD}.txz + elif [ "$UPGRADE_PACKAGES" = "always" ]; then + /sbin/upgradepkg --install-new --reinstall ${SLACK_X_BUILD_DIR}/x11-${x_source_dir}-${VERSION}-${PKGARCH}-${SRCDIRBUILD}.txz + fi + fi + ) + done +) + +exit 0 + +# I don't think I'll be using the following stuff, since I went for the latest in +# "individual", rather than a release. That was mostly because version 7.1 depends +# on a version of Mesa that won't build against kernel headers this new (&etc.). + +# If environment variable "REFRESH" is exported, start by refreshing the source tree: +# export REFRESH yes +if [ ! -z "$REFRESH" ]; then + # Only works once, unless you uncomment above. + unset REFRESH + ( cd patches + lftp -c \ + "lftp ftp://ftp.x.org:/pub/X11R7.1/patches + mirror --delete --dereference . + exit" + chmod 644 * + ) + ( cd src + mkdir -p update everything + for dir in app data deprecated doc driver extras font lib proto util xserver ; do + # We won't really download "update", as problems ensue. Plus, --dereference is + # bringing us updated files when needed, so it's redundant (like "everything"). + if [ ! -d $dir ]; then + mkdir $dir + fi + ( cd $dir + lftp -c \ + "lftp ftp://ftp.x.org:/pub/X11R7.1/src/$dir + mirror -c --delete --dereference --include-glob "*.tar.bz2" . + exit" + chmod 644 * + ) + done + ) +fi + diff --git a/patches/source/xorg-server/xorg-server.SlackBuild b/patches/source/xorg-server/xorg-server.SlackBuild new file mode 100755 index 000000000..688448ec4 --- /dev/null +++ b/patches/source/xorg-server/xorg-server.SlackBuild @@ -0,0 +1,2 @@ +UPGRADE_PACKAGES=no ./x11.SlackBuild xserver xorg-server +mv /tmp/x11-build/*txz /tmp |