[arch-commits] Commit in xorg-server/trunk (5 files)
Laurent Carlier
lcarlier at archlinux.org
Mon Jun 8 19:29:46 UTC 2015
Date: Monday, June 8, 2015 @ 21:29:45
Author: lcarlier
Revision: 240425
upgpkg: xorg-server 1.17.1-6
fix FS#45245, FS#45229, CVE-2015-3164
Added:
xorg-server/trunk/0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
xorg-server/trunk/0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
xorg-server/trunk/0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
xorg-server/trunk/fix-CVE-2015-3164.patch
Modified:
xorg-server/trunk/PKGBUILD
----------------------------------------------------------------+
0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch | 210 ++++++
0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch | 51 +
0002-dix-hook-up-the-unaccelerated-valuator-masks.patch | 134 ++++
PKGBUILD | 27
fix-CVE-2015-3164.patch | 311 ++++++++++
5 files changed, 727 insertions(+), 6 deletions(-)
Added: 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
===================================================================
--- 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch (rev 0)
+++ 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch 2015-06-08 19:29:45 UTC (rev 240425)
@@ -0,0 +1,210 @@
+From e1a7f4bb5333b0271d29f785eb55f1c3273e626a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer at who-t.net>
+Date: Tue, 5 May 2015 14:18:54 +1000
+Subject: [PATCH] dix: Add unaccelerated valuators to the ValuatorMask
+
+Allows a mask to carry both accelerated and unaccelerated motion at the same
+time.
+
+This is required for xf86-input-libinput where the pointer acceleration
+happens in libinput already, but parts of the server, specifically raw events
+and DGA rely on device-specific unaccelerated data.
+
+To ease integration add this as a second set to the ValuatorMask rather than
+extending all APIs to carry a second, possibly NULL set of valuators.
+
+Note that a valuator mask should only be used in either accel/unaccel or
+standard mode at any time. Switching requires either a valuator_mask_zero()
+call or unsetting all valuators one-by-one. Trying to mix the two will produce
+a warning.
+
+The server has a shortcut for changing a mask with the
+valuator_mask_drop_unaccelerated() call. This saves us from having to loop
+through all valuators on every event, we can just drop the bits we know we
+don't want.
+
+Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
+Reviewed-by: Hans de Goede <hdegoede at redhat.com>
+---
+ dix/inpututils.c | 82 +++++++++++++++++++++++++++++++++++++++---
+ hw/xfree86/common/xf86Module.h | 2 +-
+ include/input.h | 15 ++++++++
+ include/inpututils.h | 2 ++
+ 4 files changed, 95 insertions(+), 6 deletions(-)
+
+diff --git a/dix/inpututils.c b/dix/inpututils.c
+index 5c2a32d..1363988 100644
+--- a/dix/inpututils.c
++++ b/dix/inpututils.c
+@@ -505,11 +505,8 @@ valuator_mask_isset(const ValuatorMask *mask, int valuator)
+ return mask->last_bit >= valuator && BitIsOn(mask->mask, valuator);
+ }
+
+-/**
+- * Set the valuator to the given floating-point data.
+- */
+-void
+-valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
++static inline void
++_valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
+ {
+ mask->last_bit = max(valuator, mask->last_bit);
+ SetBit(mask->mask, valuator);
+@@ -517,6 +514,17 @@ valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
+ }
+
+ /**
++ * Set the valuator to the given floating-point data.
++ */
++void
++valuator_mask_set_double(ValuatorMask *mask, int valuator, double data)
++{
++ BUG_WARN_MSG(mask->has_unaccelerated,
++ "Do not mix valuator types, zero mask first\n");
++ _valuator_mask_set_double(mask, valuator, data);
++}
++
++/**
+ * Set the valuator to the given integer data.
+ */
+ void
+@@ -594,11 +602,15 @@ valuator_mask_unset(ValuatorMask *mask, int valuator)
+
+ ClearBit(mask->mask, valuator);
+ mask->valuators[valuator] = 0.0;
++ mask->unaccelerated[valuator] = 0.0;
+
+ for (i = 0; i <= mask->last_bit; i++)
+ if (valuator_mask_isset(mask, i))
+ lastbit = max(lastbit, i);
+ mask->last_bit = lastbit;
++
++ if (mask->last_bit == -1)
++ mask->has_unaccelerated = FALSE;
+ }
+ }
+
+@@ -611,6 +623,66 @@ valuator_mask_copy(ValuatorMask *dest, const ValuatorMask *src)
+ valuator_mask_zero(dest);
+ }
+
++Bool
++valuator_mask_has_unaccelerated(const ValuatorMask *mask)
++{
++ return mask->has_unaccelerated;
++}
++
++void
++valuator_mask_drop_unaccelerated(ValuatorMask *mask)
++{
++ memset(mask->unaccelerated, 0, sizeof(mask->unaccelerated));
++ mask->has_unaccelerated = FALSE;
++}
++
++/**
++ * Set both accelerated and unaccelerated value for this mask.
++ */
++void
++valuator_mask_set_unaccelerated(ValuatorMask *mask,
++ int valuator,
++ double accel,
++ double unaccel)
++{
++ BUG_WARN_MSG(mask->last_bit != -1 && !mask->has_unaccelerated,
++ "Do not mix valuator types, zero mask first\n");
++ _valuator_mask_set_double(mask, valuator, accel);
++ mask->has_unaccelerated = TRUE;
++ mask->unaccelerated[valuator] = unaccel;
++}
++
++double
++valuator_mask_get_accelerated(const ValuatorMask *mask,
++ int valuator)
++{
++ return valuator_mask_get_double(mask, valuator);
++}
++
++double
++valuator_mask_get_unaccelerated(const ValuatorMask *mask,
++ int valuator)
++{
++ return mask->unaccelerated[valuator];
++}
++
++Bool
++valuator_mask_fetch_unaccelerated(const ValuatorMask *mask,
++ int valuator,
++ double *accel,
++ double *unaccel)
++{
++ if (valuator_mask_isset(mask, valuator)) {
++ if (accel)
++ *accel = valuator_mask_get_accelerated(mask, valuator);
++ if (unaccel)
++ *unaccel = valuator_mask_get_unaccelerated(mask, valuator);
++ return TRUE;
++ }
++ else
++ return FALSE;
++}
++
+ int
+ CountBits(const uint8_t * mask, int len)
+ {
+diff --git a/hw/xfree86/common/xf86Module.h b/hw/xfree86/common/xf86Module.h
+index e68fe9c..6133641 100644
+--- a/hw/xfree86/common/xf86Module.h
++++ b/hw/xfree86/common/xf86Module.h
+@@ -81,7 +81,7 @@ typedef enum {
+ */
+ #define ABI_ANSIC_VERSION SET_ABI_VERSION(0, 4)
+ #define ABI_VIDEODRV_VERSION SET_ABI_VERSION(19, 0)
+-#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 0)
++#define ABI_XINPUT_VERSION SET_ABI_VERSION(21, 1)
+ #define ABI_EXTENSION_VERSION SET_ABI_VERSION(9, 0)
+ #define ABI_FONT_VERSION SET_ABI_VERSION(0, 6)
+
+diff --git a/include/input.h b/include/input.h
+index bf22dc7..0a4c4f7 100644
+--- a/include/input.h
++++ b/include/input.h
+@@ -674,6 +674,21 @@ extern _X_EXPORT Bool valuator_mask_fetch(const ValuatorMask *mask,
+ extern _X_EXPORT Bool valuator_mask_fetch_double(const ValuatorMask *mask,
+ int valnum, double *val);
+
++extern _X_EXPORT Bool valuator_mask_has_unaccelerated(const ValuatorMask *mask);
++extern _X_EXPORT void valuator_mask_set_unaccelerated(ValuatorMask *mask,
++ int valuator,
++ double accel,
++ double unaccel);
++extern _X_EXPORT double valuator_mask_get_accelerated(const ValuatorMask *mask,
++ int valuator);
++extern _X_EXPORT double valuator_mask_get_unaccelerated(const ValuatorMask *mask,
++ int valuator);
++extern _X_EXPORT Bool valuator_mask_fetch_unaccelerated(const ValuatorMask *mask,
++ int valuator,
++ double *accel,
++ double *unaccel);
++extern _X_HIDDEN void valuator_mask_drop_unaccelerated(ValuatorMask *mask);
++
+ /* InputOption handling interface */
+ extern _X_EXPORT InputOption *input_option_new(InputOption *list,
+ const char *key,
+diff --git a/include/inpututils.h b/include/inpututils.h
+index 53c96ba..4e90815 100644
+--- a/include/inpututils.h
++++ b/include/inpututils.h
+@@ -36,8 +36,10 @@ extern Mask event_filters[MAXDEVICES][MAXEVENTS];
+
+ struct _ValuatorMask {
+ int8_t last_bit; /* highest bit set in mask */
++ int8_t has_unaccelerated;
+ uint8_t mask[(MAX_VALUATORS + 7) / 8];
+ double valuators[MAX_VALUATORS]; /* valuator data */
++ double unaccelerated[MAX_VALUATORS]; /* valuator data */
+ };
+
+ extern void verify_internal_event(const InternalEvent *ev);
+--
+2.4.1
+
Added: 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
===================================================================
--- 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch (rev 0)
+++ 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch 2015-06-08 19:29:45 UTC (rev 240425)
@@ -0,0 +1,51 @@
+From 612eb45a2e7a0b35cc3790870e6d0cc42eb50c74 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede at redhat.com>
+Date: Wed, 11 Feb 2015 16:26:40 +0100
+Subject: [PATCH] sdksyms.sh: Make sdksyms.sh work with gcc5.
+
+gcc5's cpp inserts patterns like this:
+
+extern
+ __attribute__((visibility("default")))
+ int WaitForSomething(int *
+ );
+
+This patch make sdksyms.sh work with this. Note my awk skills are weak, so
+there likely is a better way to deal with this.
+
+Signed-off-by: Hans de Goede <hdegoede at redhat.com>
+---
+ hw/xfree86/sdksyms.sh | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh
+index 2305073..99b0cae 100755
+--- a/hw/xfree86/sdksyms.sh
++++ b/hw/xfree86/sdksyms.sh
+@@ -350,6 +350,23 @@ BEGIN {
+ if (sdk) {
+ n = 3;
+
++ # detect the following gcc5 cpp pattern and skip it:
++ # extern
++ # # 320 "../../include/os.h" 3 4
++ # __attribute__((visibility("default")))
++ # # 320 "../../include/os.h"
++ # Note in this case the "extern " or "extern void " always has
++ # a trailing space
++ if ($0 ~ "^extern.* $") {
++ getline;
++ getline;
++ getline;
++ getline;
++ n = 1;
++ while ($n == " ")
++ n++;
++ }
++
+ # skip attribute, if any
+ while ($n ~ /^(__attribute__|__global)/ ||
+ # skip modifiers, if any
+--
+2.1.0
+
Added: 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
===================================================================
--- 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch (rev 0)
+++ 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch 2015-06-08 19:29:45 UTC (rev 240425)
@@ -0,0 +1,134 @@
+From 7504fbd2239257f1a00a1a15d02862eea81f167c Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer at who-t.net>
+Date: Tue, 5 May 2015 14:48:41 +1000
+Subject: [PATCH] dix: hook up the unaccelerated valuator masks
+
+If present, access the unaccelerated valuator mask values for DGA and XI2 raw
+events.
+
+Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
+Reviewed-by: Hans de Goede <hdegoede at redhat.com>
+---
+ dix/getevents.c | 31 ++++++++++++++++++++++---------
+ hw/xfree86/common/xf86Xinput.c | 4 ++++
+ 2 files changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/dix/getevents.c b/dix/getevents.c
+index 6fb12c5..64bf76e 100644
+--- a/dix/getevents.c
++++ b/dix/getevents.c
+@@ -213,14 +213,25 @@ init_raw(DeviceIntPtr dev, RawDeviceEvent *event, Time ms, int type, int detail)
+ }
+
+ static void
+-set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask, double *data)
++set_raw_valuators(RawDeviceEvent *event, ValuatorMask *mask,
++ BOOL use_unaccel, double *data)
+ {
+ int i;
+
++ use_unaccel = use_unaccel && valuator_mask_has_unaccelerated(mask);
++
+ for (i = 0; i < valuator_mask_size(mask); i++) {
+ if (valuator_mask_isset(mask, i)) {
++ double v;
++
+ SetBit(event->valuators.mask, i);
+- data[i] = valuator_mask_get_double(mask, i);
++
++ if (use_unaccel)
++ v = valuator_mask_get_unaccelerated(mask, i);
++ else
++ v = valuator_mask_get_double(mask, i);
++
++ data[i] = v;
+ }
+ }
+ }
+@@ -1138,11 +1149,11 @@ GetKeyboardEvents(InternalEvent *events, DeviceIntPtr pDev, int type,
+ valuator_mask_copy(&mask, mask_in);
+
+ init_raw(pDev, raw, ms, type, key_code);
+- set_raw_valuators(raw, &mask, raw->valuators.data_raw);
++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw);
+
+ clipValuators(pDev, &mask);
+
+- set_raw_valuators(raw, &mask, raw->valuators.data);
++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+
+ event = &events->device_event;
+ init_device_event(event, pDev, ms);
+@@ -1423,9 +1434,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type,
+ num_events++;
+
+ init_raw(pDev, raw, ms, type, buttons);
+- set_raw_valuators(raw, &mask, raw->valuators.data_raw);
++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw);
+ }
+
++ valuator_mask_drop_unaccelerated(&mask);
++
+ /* valuators are in driver-native format (rel or abs) */
+
+ if (flags & POINTER_ABSOLUTE) {
+@@ -1438,7 +1451,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type,
+ transformAbsolute(pDev, &mask);
+ clipAbsolute(pDev, &mask);
+ if ((flags & POINTER_NORAW) == 0 && raw)
+- set_raw_valuators(raw, &mask, raw->valuators.data);
++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+ }
+ else {
+ transformRelative(pDev, &mask);
+@@ -1446,7 +1459,7 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type,
+ if (flags & POINTER_ACCELERATE)
+ accelPointer(pDev, &mask, ms);
+ if ((flags & POINTER_NORAW) == 0 && raw)
+- set_raw_valuators(raw, &mask, raw->valuators.data);
++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+
+ moveRelative(pDev, flags, &mask);
+ }
+@@ -1951,7 +1964,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid,
+ events++;
+ num_events++;
+ init_raw(dev, raw, ms, type, client_id);
+- set_raw_valuators(raw, &mask, raw->valuators.data_raw);
++ set_raw_valuators(raw, &mask, TRUE, raw->valuators.data_raw);
+ }
+
+ event = &events->device_event;
+@@ -2013,7 +2026,7 @@ GetTouchEvents(InternalEvent *events, DeviceIntPtr dev, uint32_t ddx_touchid,
+ screeny = dev->spriteInfo->sprite->hotPhys.y;
+ }
+ if (need_rawevent)
+- set_raw_valuators(raw, &mask, raw->valuators.data);
++ set_raw_valuators(raw, &mask, FALSE, raw->valuators.data);
+
+ /* Indirect device touch coordinates are not used for cursor positioning.
+ * They are merely informational, and are provided in device coordinates.
+diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
+index 1fb5b16..5ce4c71 100644
+--- a/hw/xfree86/common/xf86Xinput.c
++++ b/hw/xfree86/common/xf86Xinput.c
+@@ -1137,12 +1137,16 @@ xf86CheckMotionEvent4DGA(DeviceIntPtr device, int is_absolute,
+ dx = valuator_mask_get(mask, 0);
+ if (is_absolute)
+ dx -= device->last.valuators[0];
++ else if (valuator_mask_has_unaccelerated(mask))
++ dx = valuator_mask_get_unaccelerated(mask, 0);
+ }
+
+ if (valuator_mask_isset(mask, 1)) {
+ dy = valuator_mask_get(mask, 1);
+ if (is_absolute)
+ dy -= device->last.valuators[1];
++ else if (valuator_mask_has_unaccelerated(mask))
++ dy = valuator_mask_get_unaccelerated(mask, 1);
+ }
+
+ if (DGAStealMotionEvent(device, idx, dx, dy))
+--
+2.4.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-06-08 19:03:33 UTC (rev 240424)
+++ PKGBUILD 2015-06-08 19:29:45 UTC (rev 240425)
@@ -5,7 +5,7 @@
pkgbase=xorg-server
pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-xwayland' 'xorg-server-common' 'xorg-server-devel')
pkgver=1.17.1
-pkgrel=5 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild
+pkgrel=6 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild
arch=('i686' 'x86_64')
license=('custom')
url="http://xorg.freedesktop.org"
@@ -23,7 +23,11 @@
os-access-fix-regression-in-server-interpreted-auth.patch
v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch
0001-int10-Fix-error-check-for-pci_device_map_legacy.patch
- 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch)
+ 0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch
+ 0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
+ 0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
+ 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
+ fix-CVE-2015-3164.patch)
validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C'
'C383B778255613DFDB409D91DB221A6900000011')
sha256sums=('2bf8e9f6f0a710dec1d2472467bff1f4e247cb6dcd76eb469aafdc8a2d7db2ab'
@@ -34,18 +38,29 @@
'8a9d76eecf8795ca645fb1ce261733965578e953f6606153ce001a0e15d036e8'
'a73e33644682d9f430db987c192da0f7193907af50539669ebd59614a5ebd0f9'
'2ea82cdbd695f21c935710847913ed58e22d3d5c0c18c96175a4a6cc1142c071'
- 'ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90')
+ 'ca89cc013844c5b50abfde4cc5e852ecdf4368f8b069ffd069a7100843c46e90'
+ 'b4a4fbddebfa614d1a97e77dde98748682ee331fbf7be394480050670d6203aa'
+ '3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7'
+ '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96'
+ 'bc6ac3e686e16f0357fd3b939c1c1f2845fdb444d5ec9c8c37fb69167cc54a28')
prepare() {
cd "${pkgbase}-${pkgver}"
- # fix FS#43884, not yet upstream
+ # fix FS#43884, merged upstream
patch -Np1 -i ../os-access-fix-regression-in-server-interpreted-auth.patch
- # partially fix FS#43867, not yet upstream
+ # partially fix FS#43867, merged upstream
patch -Np1 -i ../v2-xserver-Fix-a-crash-with-XDMCP-error-handler.patch
# fix FS#43924, merged upstream
patch -Np1 -i ../0001-int10-Fix-error-check-for-pci_device_map_legacy.patch
# fix FS#43937, merged upstream
patch -Np1 -i ../0001-mi-Partial-pie-slice-filled-arcs-may-need-more-space.patch
+ # fix FS#45245, merged upstream
+ patch -Np1 -i ../0001-sdksyms.sh-Make-sdksyms.sh-work-with-gcc5.patch
+ # fix FS#45229, merged upstream
+ patch -Np1 -i ../0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
+ patch -Np1 -i ../0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
+ # fix CVE-2015-3164, merged upstream
+ patch -Np1 -i ../fix-CVE-2015-3164.patch
}
build() {
@@ -122,7 +137,7 @@
depends=(libepoxy libxdmcp libxfont libpciaccess libdrm pixman libgcrypt libxau xorg-server-common xf86-input-evdev libxshmfence libgl)
# see xorg-server-*/hw/xfree86/common/xf86Module.h for ABI versions - we provide major numbers that drivers can depend on
# and /usr/lib/pkgconfig/xorg-server.pc in xorg-server-devel pkg
- provides=('X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21' 'X-ABI-EXTENSION_VERSION=9.0' 'x-server')
+ provides=('X-ABI-VIDEODRV_VERSION=19' 'X-ABI-XINPUT_VERSION=21.1' 'X-ABI-EXTENSION_VERSION=9.0' 'x-server')
groups=('xorg')
conflicts=('nvidia-utils<=331.20' 'glamor-egl' 'xf86-video-modesetting')
replaces=('glamor-egl' 'xf86-video-modesetting')
Added: fix-CVE-2015-3164.patch
===================================================================
--- fix-CVE-2015-3164.patch (rev 0)
+++ fix-CVE-2015-3164.patch 2015-06-08 19:29:45 UTC (rev 240425)
@@ -0,0 +1,311 @@
+From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Tue, 5 May 2015 16:43:42 -0400
+Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3]
+
+Xwayland currently allows wide-open access to the X sockets
+it listens on, ignoring Xauth access control.
+
+This commit makes sure to enable access control on the sockets,
+so one user can't snoop on another user's X-over-wayland
+applications.
+
+Signed-off-by: Ray Strode <rstrode at redhat.com>
+Reviewed-by: Daniel Stone <daniels at collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
+Signed-off-by: Keith Packard <keithp at keithp.com>
+
+diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
+index 7e8d667..c5bee77 100644
+--- a/hw/xwayland/xwayland.c
++++ b/hw/xwayland/xwayland.c
+@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen)
+ int i;
+
+ for (i = 0; i < xwl_screen->listen_fd_count; i++)
+- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
++ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
+ }
+
+ static void
+--
+cgit v0.10.2
+From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Tue, 5 May 2015 16:43:43 -0400
+Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3]
+
+If the X server is started without a '-auth' argument, then
+it gets started wide open to all local users on the system.
+
+This isn't a great default access model, but changing it in
+Xorg at this point would break backward compatibility.
+
+Xwayland, on the other hand is new, and much more targeted
+in scope. It could, in theory, be changed to allow the much
+more secure default of a "user who started X server can connect
+clients to that server."
+
+This commit paves the way for that change, by adding a mechanism
+for DDXs to opt-in to that behavior. They merely need to call
+
+LocalAccessScopeUser()
+
+in their init functions.
+
+A subsequent commit will add that call for Xwayland.
+
+Signed-off-by: Ray Strode <rstrode at redhat.com>
+Reviewed-by: Daniel Stone <daniels at collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
+Signed-off-by: Keith Packard <keithp at keithp.com>
+
+diff --git a/include/os.h b/include/os.h
+index 6638c84..b2b96c8 100644
+--- a/include/os.h
++++ b/include/os.h
+@@ -431,11 +431,28 @@ extern _X_EXPORT void
+ ResetHosts(const char *display);
+
+ extern _X_EXPORT void
++EnableLocalAccess(void);
++
++extern _X_EXPORT void
++DisableLocalAccess(void);
++
++extern _X_EXPORT void
+ EnableLocalHost(void);
+
+ extern _X_EXPORT void
+ DisableLocalHost(void);
+
++#ifndef NO_LOCAL_CLIENT_CRED
++extern _X_EXPORT void
++EnableLocalUser(void);
++
++extern _X_EXPORT void
++DisableLocalUser(void);
++
++extern _X_EXPORT void
++LocalAccessScopeUser(void);
++#endif
++
+ extern _X_EXPORT void
+ AccessUsingXdmcp(void);
+
+diff --git a/os/access.c b/os/access.c
+index 8fa028e..75e7a69 100644
+--- a/os/access.c
++++ b/os/access.c
+@@ -102,6 +102,10 @@ SOFTWARE.
+ #include <sys/ioctl.h>
+ #include <ctype.h>
+
++#ifndef NO_LOCAL_CLIENT_CRED
++#include <pwd.h>
++#endif
++
+ #if defined(TCPCONN) || defined(STREAMSCONN)
+ #include <netinet/in.h>
+ #endif /* TCPCONN || STREAMSCONN */
+@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE;
+ static int LocalHostRequested = FALSE;
+ static int UsingXdmcp = FALSE;
+
++static enum {
++ LOCAL_ACCESS_SCOPE_HOST = 0,
++#ifndef NO_LOCAL_CLIENT_CRED
++ LOCAL_ACCESS_SCOPE_USER,
++#endif
++} LocalAccessScope;
++
+ /* FamilyServerInterpreted implementation */
+ static Bool siAddrMatch(int family, void *addr, int len, HOST * host,
+ ClientPtr client);
+@@ -237,6 +248,21 @@ static void siTypesInitialize(void);
+ */
+
+ void
++EnableLocalAccess(void)
++{
++ switch (LocalAccessScope) {
++ case LOCAL_ACCESS_SCOPE_HOST:
++ EnableLocalHost();
++ break;
++#ifndef NO_LOCAL_CLIENT_CRED
++ case LOCAL_ACCESS_SCOPE_USER:
++ EnableLocalUser();
++ break;
++#endif
++ }
++}
++
++void
+ EnableLocalHost(void)
+ {
+ if (!UsingXdmcp) {
+@@ -249,6 +275,21 @@ EnableLocalHost(void)
+ * called when authorization is enabled to keep us secure
+ */
+ void
++DisableLocalAccess(void)
++{
++ switch (LocalAccessScope) {
++ case LOCAL_ACCESS_SCOPE_HOST:
++ DisableLocalHost();
++ break;
++#ifndef NO_LOCAL_CLIENT_CRED
++ case LOCAL_ACCESS_SCOPE_USER:
++ DisableLocalUser();
++ break;
++#endif
++ }
++}
++
++void
+ DisableLocalHost(void)
+ {
+ HOST *self;
+@@ -262,6 +303,74 @@ DisableLocalHost(void)
+ }
+ }
+
++#ifndef NO_LOCAL_CLIENT_CRED
++static int GetLocalUserAddr(char **addr)
++{
++ static const char *type = "localuser";
++ static const char delimiter = '\0';
++ static const char *value;
++ struct passwd *pw;
++ int length = -1;
++
++ pw = getpwuid(getuid());
++
++ if (pw == NULL || pw->pw_name == NULL)
++ goto out;
++
++ value = pw->pw_name;
++
++ length = asprintf(addr, "%s%c%s", type, delimiter, value);
++
++ if (length == -1) {
++ goto out;
++ }
++
++ /* Trailing NUL */
++ length++;
++
++out:
++ return length;
++}
++
++void
++EnableLocalUser(void)
++{
++ char *addr = NULL;
++ int length = -1;
++
++ length = GetLocalUserAddr(&addr);
++
++ if (length == -1)
++ return;
++
++ NewHost(FamilyServerInterpreted, addr, length, TRUE);
++
++ free(addr);
++}
++
++void
++DisableLocalUser(void)
++{
++ char *addr = NULL;
++ int length = -1;
++
++ length = GetLocalUserAddr(&addr);
++
++ if (length == -1)
++ return;
++
++ RemoveHost(NULL, FamilyServerInterpreted, length, addr);
++
++ free(addr);
++}
++
++void
++LocalAccessScopeUser(void)
++{
++ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER;
++}
++#endif
++
+ /*
+ * called at init time when XDMCP will be used; xdmcp always
+ * adds local hosts manually when needed
+diff --git a/os/auth.c b/os/auth.c
+index 5fcb538..7da6fc6 100644
+--- a/os/auth.c
++++ b/os/auth.c
+@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length,
+
+ /*
+ * If the authorization file has at least one entry for this server,
+- * disable local host access. (loadauth > 0)
++ * disable local access. (loadauth > 0)
+ *
+ * If there are zero entries (either initially or when the
+ * authorization file is later reloaded), or if a valid
+- * authorization file was never loaded, enable local host access.
++ * authorization file was never loaded, enable local access.
+ * (loadauth == 0 || !loaded)
+ *
+ * If the authorization file was loaded initially (with valid
+@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length,
+ */
+
+ if (loadauth > 0) {
+- DisableLocalHost(); /* got at least one */
++ DisableLocalAccess(); /* got at least one */
+ loaded = TRUE;
+ }
+ else if (loadauth == 0 || !loaded)
+- EnableLocalHost();
++ EnableLocalAccess();
+ }
+ if (name_length) {
+ for (i = 0; i < NUM_AUTHORIZATION; i++) {
+--
+cgit v0.10.2
+From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Tue, 5 May 2015 16:43:44 -0400
+Subject: xwayland: default to local user if no xauth file given.
+ [CVE-2015-3164 3/3]
+
+Right now if "-auth" isn't passed on the command line, we let
+any user on the system connect to the Xwayland server.
+
+That's clearly suboptimal, given Xwayland is generally designed
+to be used by one user at a time.
+
+This commit changes the behavior, so only the user who started the
+X server can connect clients to it.
+
+Signed-off-by: Ray Strode <rstrode at redhat.com>
+Reviewed-by: Daniel Stone <daniels at collabora.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
+Signed-off-by: Keith Packard <keithp at keithp.com>
+
+diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
+index c5bee77..bc92beb 100644
+--- a/hw/xwayland/xwayland.c
++++ b/hw/xwayland/xwayland.c
+@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
+ if (AddScreen(xwl_screen_init, argc, argv) == -1) {
+ FatalError("Couldn't add screen\n");
+ }
++
++ LocalAccessScopeUser();
+ }
+--
+cgit v0.10.2
+
More information about the arch-commits
mailing list