diff options
| author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
|---|---|---|
| committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 15:04:55 -0700 |
| commit | d8220d28e5d53cd896b28d9dea13e2258923f35a (patch) | |
| tree | 0ae3d22871d934a49ba1689084ba6fe301ee48e0 /patches/source/xorg-server | |
| parent | 5a12e7c134274dba706667107d10d231517d3e05 (diff) | |
| download | current-13.0.tar.gz | |
Fri May 25 23:29:36 UTC 201813.0
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack13.0.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/xorg-server')
20 files changed, 1171 insertions, 0 deletions
diff --git a/patches/source/xorg-server/arch.use.flags b/patches/source/xorg-server/arch.use.flags new file mode 100644 index 00000000..f28a6cca --- /dev/null +++ b/patches/source/xorg-server/arch.use.flags @@ -0,0 +1,7 @@ +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server new file mode 100644 index 00000000..cd975050 --- /dev/null +++ b/patches/source/xorg-server/build/xorg-server @@ -0,0 +1 @@ +4_slack13.0 diff --git a/patches/source/xorg-server/configure/xorg-server b/patches/source/xorg-server/configure/xorg-server new file mode 100644 index 00000000..b6660025 --- /dev/null +++ b/patches/source/xorg-server/configure/xorg-server @@ -0,0 +1,42 @@ +# Servers to build: +BUILD_SERVERS="--enable-xorg \ + --enable-xvfb \ + --enable-xnest \ + --enable-kdrive \ + --enable-xephyr \ + --enable-xsdl \ + --enable-xfbdev" + +MESA_VERSION=${MESA_VERSION:-7.5} + +# Default font paths to be used by the X server +DEF_FONTPATH="/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/misc,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --infodir=/usr/info \ + --mandir=/usr/man \ + --disable-static \ + --with-pic \ + --with-int10=x86emu \ + --with-default-font-path="${DEF_FONTPATH}" \ + --with-module-dir=/usr/lib${LIBDIRSUFFIX}/xorg/modules \ + --with-dri-driver-path=/usr/lib${LIBDIRSUFFIX}/xorg/modules/dri \ + --with-os-name="Slackware 13.0" \ + --with-os-vendor="Slackware Linux Project" \ + --with-mesa-source=/tmp/Mesa-${MESA_VERSION} \ + --with-xkb-path=/etc/X11/xkb \ + --with-xkb-output=/var/lib/xkb \ + $BUILD_SERVERS \ + --build=$ARCH-slackware-linux + +if [ "$ARCH" = "x86_64" ]; then + # To prevent the error "No rule to make target `-ldl'" + sed -i -e 's#-ldl##' hw/xfree86/Makefile + sed -i -e 's#-lm#-lm -ldl#' hw/xfree86/Makefile +fi + diff --git a/patches/source/xorg-server/makepkg/xorg-server b/patches/source/xorg-server/makepkg/xorg-server new file mode 100644 index 00000000..67b93c97 --- /dev/null +++ b/patches/source/xorg-server/makepkg/xorg-server @@ -0,0 +1,35 @@ + +rm -r ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/bin +mv $PKG/usr/bin/Xnest ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/bin +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/man/man1 +mv $PKG/usr/man/man1/Xnest.1.gz ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/usr/man/man1 +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/install +cat $CWD/slack-desc/xorg-server-xnest > ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest/install/slack-desc +cd ${SLACK_X_BUILD_DIR}/package-xorg-server-xnest +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-xnest-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +rm -r ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/bin +mv $PKG/usr/bin/Xvfb ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/bin +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/man/man1 +mv $PKG/usr/man/man1/Xvfb.1.gz ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/usr/man/man1 +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/install +cat $CWD/slack-desc/xorg-server-xvfb > ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb/install/slack-desc +cd ${SLACK_X_BUILD_DIR}/package-xorg-server-xvfb +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-xvfb-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +rm -r ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/bin +mv $PKG/usr/bin/Xephyr ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/bin +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/man/man1 +mv $PKG/usr/man/man1/Xephyr.1.gz ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/usr/man/man1 +mkdir -p ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/install +cat $CWD/slack-desc/xorg-server-xephyr > ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr/install/slack-desc +cd ${SLACK_X_BUILD_DIR}/package-xorg-server-xephyr +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-xephyr-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + +# Build the main xorg-server package: +cd $PKG +/sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/xorg-server-${MODULAR_PACKAGE_VERSION}-$ARCH-$BUILD.txz + diff --git a/patches/source/xorg-server/modularize b/patches/source/xorg-server/modularize new file mode 100644 index 00000000..d6eb2f68 --- /dev/null +++ b/patches/source/xorg-server/modularize @@ -0,0 +1,265 @@ +# If a package is listed here, it will be built apart from the +# usual "grab bag" package that's made from each source directory. + +appres +bdftopcf +beforelight +bigreqsproto +bitmap +compiz +compositeproto +damageproto +dmxproto +dri2proto +editres +encodings +evieext +fixesproto +font-adobe-100dpi +font-adobe-75dpi +font-adobe-utopia-100dpi +font-adobe-utopia-75dpi +font-adobe-utopia-type1 +font-alias +font-arabic-misc +font-bh-100dpi +font-bh-75dpi +font-bh-lucidatypewriter-100dpi +font-bh-lucidatypewriter-75dpi +font-bh-ttf +font-bh-type1 +font-bitstream-100dpi +font-bitstream-75dpi +font-bitstream-speedo +font-bitstream-type1 +font-cronyx-cyrillic +font-cursor-misc +font-daewoo-misc +font-dec-misc +font-ibm-type1 +font-isas-misc +font-jis-misc +font-micro-misc +font-misc-cyrillic +font-misc-ethiopic +font-misc-meltho +font-misc-misc +font-mutt-misc +font-schumacher-misc +font-screen-cyrillic +font-sony-misc +font-sun-misc +font-util +font-winitzki-cyrillic +font-xfree86-type1 +fontcacheproto +fontsproto +fonttosfnt +fslsfonts +fstobdf +gccmakedep +glproto +iceauth +ico +imake +inputproto +intel-gpu-tools +kbproto +libFS +libICE +libSM +libX11 +libXScrnSaver +libXau +libXaw +libXaw3d +libXcm +libXcomposite +libXcursor +libXdamage +libXdmcp +libXevie +libXext +libXfixes +libXfont +libXfontcache +libXft +libXi +libXinerama +libXmu +libXp +libXpm +libXrandr +libXrender +libXres +libXt +libXtst +libXv +libXvMC +libXxf86dga +libXxf86misc +libXxf86vm +libdmx +libfontenc +libpciaccess +libpthread-stubs +libxcb +libxkbfile +listres +lndir +luit +makedepend +mkcomposecache +mkfontdir +mkfontscale +oclock +pixman +printproto +randrproto +recordproto +rendercheck +renderproto +resourceproto +rgb +scrnsaverproto +sessreg +setxkbmap +showfont +smproxy +twm +util-macros +videoproto +viewres +x11perf +xauth +xbacklight +xbiff +xbitmaps +xcalc +xcb-proto +xcb-util +xcb-util-image +xcb-util-keysyms +xcb-util-renderutil +xcb-util-wm +xclipboard +xclock +xcmiscproto +xcmsdb +xcompmgr +xconsole +xcursor-themes +xcursorgen +xdbedizzy +xditview +xdm +xdpyinfo +xdriinfo +xedit +xev +xextproto +xeyes +xf86-input-acecad +xf86-input-aiptek +xf86-input-evdev +xf86-input-joystick +xf86-input-penmount +xf86-input-synaptics +xf86-input-vmmouse +xf86-input-void +xf86-input-wacom +xf86-video-apm +xf86-video-ark +xf86-video-ast +xf86-video-ati +xf86-video-chips +xf86-video-cirrus +xf86-video-dummy +xf86-video-geode +xf86-video-glint +xf86-video-i128 +xf86-video-i740 +xf86-video-intel +xf86-video-mach64 +xf86-video-mga +xf86-video-modesetting +xf86-video-neomagic +xf86-video-nouveau +xf86-video-nv +xf86-video-openchrome +xf86-video-qxl +xf86-video-r128 +xf86-video-rendition +xf86-video-s3 +xf86-video-s3virge +xf86-video-savage +xf86-video-siliconmotion +xf86-video-sis +xf86-video-sisusb +xf86-video-tdfx +xf86-video-tga +xf86-video-trident +xf86-video-tseng +xf86-video-v4l +xf86-video-vesa +xf86-video-vmware +xf86-video-voodoo +xf86-video-xgi +xf86bigfontproto +xf86dga +xf86dgaproto +xf86driproto +xf86miscproto +xf86vidmodeproto +xfd +xfontsel +xfs +xfsinfo +xgamma +xgc +xhost +xineramaproto +xinit +xinput +xkbcomp +xkbevd +xkbprint +xkbutils +xkeyboard-config +xkill +xload +xlogo +xlsatoms +xlsclients +xlsfonts +xmag +xman +xmessage +xmh +xmodmap +xmore +xorg-cf-files +xorg-docs +xorg-server +xorg-server-xephyr +xorg-server-xnest +xorg-server-xvfb +xorg-sgml-doctools +xpr +xprop +xproto +xpyb +xrandr +xrdb +xrefresh +xscope +xset +xsetroot +xsm +xstdcmap +xtrans +xvidtune +xvinfo +xwd +xwininfo +xwud diff --git a/patches/source/xorg-server/noarch b/patches/source/xorg-server/noarch new file mode 100644 index 00000000..480ffc26 --- /dev/null +++ b/patches/source/xorg-server/noarch @@ -0,0 +1,76 @@ +# List packages with an $ARCH of "noarch" (i.e. packages +# that contain no binaries) here: +bigreqsproto +compositeproto +damageproto +dejavu-ttf +dmxproto +encodings +evieext +font-adobe-100dpi +font-adobe-75dpi +font-adobe-utopia-100dpi +font-adobe-utopia-75dpi +font-adobe-utopia-type1 +font-alias +font-arabic-misc +font-bh-100dpi +font-bh-75dpi +font-bh-lucidatypewriter-100dpi +font-bh-lucidatypewriter-75dpi +font-bh-ttf +font-bh-type1 +font-bitstream-100dpi +font-bitstream-75dpi +font-bitstream-speedo +font-bitstream-type1 +font-cronyx-cyrillic +font-cursor-misc +font-daewoo-misc +font-dec-misc +font-ibm-type1 +font-isas-misc +font-jis-misc +font-micro-misc +font-misc-cyrillic +font-misc-ethiopic +font-misc-meltho +font-misc-misc +font-mutt-misc +font-schumacher-misc +font-screen-cyrillic +font-sony-misc +font-sun-misc +font-winitzki-cyrillic +font-xfree86-type1 +fontcacheproto +fontsproto +gccmakedep +glproto +inputproto +kbproto +libpthread-stubs +mkfontdir +printproto +randrproto +recordproto +renderproto +resourceproto +scrnsaverproto +ttf-indic-fonts +util-macros +videoproto +x11-skel +xcmiscproto +xcursor-themes +xf86bigfontproto +xf86dgaproto +xf86driproto +xf86miscproto +xf86vidmodeproto +xineramaproto +xkeyboard-config +xorg-cf-files +xorg-docs +xproto +xtrans diff --git a/patches/source/xorg-server/package-blacklist b/patches/source/xorg-server/package-blacklist new file mode 100644 index 00000000..37762499 --- /dev/null +++ b/patches/source/xorg-server/package-blacklist @@ -0,0 +1,39 @@ +# Enter packages to skip (perhaps because they aren't used on +# this platform) below. Just the package name -- no version +# number is needed. + +# MacOS related packages: +applewmproto +windowswmproto +libAppleWM +libWindowsWM + +# Sun video cards: +xf86-video-sunbw2 +xf86-video-suncg14 +xf86-video-suncg3 +xf86-video-suncg6 +xf86-video-sunffb +xf86-video-sunleo +xf86-video-suntcx + +# Obsolete packages: +liboldX +xf86-video-amd +xf86-video-via +xkbdata +xphelloworld +xrx + +# Not applicable to us +grandr +constype + +# CAREFUL NOT TO "SHIP" THE STUFF BELOW IN THE MAIN X PACKAGES DIR! + +# This is probably obsolete, and kills "X -configure" too +xf86-video-nsc + +# We don't want this one, as it causes failure of X with no xorg.conf +xf86-video-fbdev + diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch new file mode 100644 index 00000000..996405a8 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server.patch @@ -0,0 +1,5 @@ +zcat $CWD/patch/xorg-server/x11.startwithblackscreen.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/patch/xorg-server/xorg-server.CVE-2010-2240.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/patch/xorg-server/xorg-server.CVE-2013-4396.diff.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-10971.diff.gz | patch -p1 -l --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } +zcat $CWD/patch/xorg-server/xorg-server.CVE-2017-10972.diff.gz | patch -p1 -l --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff b/patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff new file mode 100644 index 00000000..bfa9c305 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff @@ -0,0 +1,13 @@ +--- ./dix/window.c.orig 2007-01-22 23:39:15.000000000 -0600 ++++ ./dix/window.c 2007-02-14 03:21:03.000000000 -0600 +@@ -140,8 +140,8 @@ + * + ******/ + +-static unsigned char _back_lsb[4] = {0x88, 0x22, 0x44, 0x11}; +-static unsigned char _back_msb[4] = {0x11, 0x44, 0x22, 0x88}; ++static unsigned char _back_lsb[4] = {0x00, 0x00, 0x00, 0x00}; ++static unsigned char _back_msb[4] = {0x00, 0x00, 0x00, 0x00}; + + _X_EXPORT int screenIsSaved = SCREEN_SAVER_OFF; + diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff new file mode 100644 index 00000000..b4d2f095 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff @@ -0,0 +1,130 @@ +--- ./os/utils.c.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./os/utils.c 2010-08-26 15:54:46.000000000 -0500 +@@ -58,6 +58,36 @@ + #include <signal.h> + #endif + ++/* ++ * issetugid() ++ * ++ * Copyright (C) - 2007 Robert Connolly ++ * ++ * Permission to reproduce, copy, delete, distribute, transmit, use, modify, ++ * build upon or otherwise exploit this software, in any form, for any ++ * purpose, in any way, and by anyone, including by methods that have not ++ * yet been invented or conceived, is hereby granted. ++ */ ++#include <unistd.h> ++extern int __libc_enable_secure; ++int issetugid(void) ++{ ++ if (__libc_enable_secure) ++ { ++ return 1; ++ } ++ if (getuid() != geteuid()) ++ { ++ return 1; ++ } ++ if (getgid() != getegid()) ++ { ++ return 1; ++ } ++ /* Else */ ++ return 0; ++} ++ + #if defined(WIN32) && !defined(__CYGWIN__) + #include <X11/Xwinsock.h> + #endif +@@ -761,6 +791,22 @@ + UseMsg(); + } + #endif ++/* #ifdef RLIMIT_AS ++ else if ( strcmp( argv[i], "-la") == 0) ++ { ++ if (getuid() != 0 && issetugid()) { ++ FatalError("The '-la' option can only be used by root.\n"); ++ } ++ if(++i < argc) ++ { ++ limitAddressSpace = atol(argv[i]); ++ if (limitAddressSpace > 0) ++ limitAddressSpace *= 1024; ++ } ++ else ++ UseMsg(); ++ } ++#endif */ + #ifdef SERVER_LOCK + else if ( strcmp ( argv[i], "-nolock") == 0) + { +--- ./os/osinit.c.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./os/osinit.c 2010-08-26 15:27:45.000000000 -0500 +@@ -99,6 +99,14 @@ + #ifdef macII + set42sig(); + #endif ++#ifdef RLIMIT_AS ++#ifdef _XSERVER64 ++#define XORG_AS_LIMIT 10737418240LL ++#else ++#define XORG_AS_LIMIT 1610612736 ++#endif ++long limitAddressSpace = XORG_AS_LIMIT; ++#endif + + if (!been_here) { + #if !defined(__SCO__) && !defined(__CYGWIN__) && !defined(__UNIXWARE__) +@@ -187,6 +195,22 @@ + } + } + #endif ++#ifdef RLIMIT_AS ++ if (limitAddressSpace >= 0) ++ { ++ struct rlimit rlim; ++ ++ if (!getrlimit(RLIMIT_AS, &rlim)) ++ { ++ if ((limitAddressSpace > 0) ++ && (limitAddressSpace < rlim.rlim_max)) ++ rlim.rlim_cur = limitAddressSpace; ++ else ++ rlim.rlim_cur = rlim.rlim_max; ++ (void)setrlimit(RLIMIT_AS, &rlim); ++ } ++ } ++#endif + LockServer(); + been_here = TRUE; + } +--- ./include/opaque.h.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./include/opaque.h 2010-08-26 15:49:31.000000000 -0500 +@@ -67,6 +67,9 @@ + #ifdef RLIMIT_NOFILE + extern int limitNoFile; + #endif ++#ifdef RLIMIT_AS ++extern long limitAddressSpace; ++#endif + extern Bool defeatAccessControl; + extern long maxBigRequestSize; + extern Bool party_like_its_1989; +--- ./doc/Xserver.man.pre.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./doc/Xserver.man.pre 2010-08-26 15:27:45.000000000 -0500 +@@ -293,6 +293,13 @@ + A value of zero makes the stack size as large as possible. The default value + of \-1 leaves the stack space limit unchanged. + .TP 8 ++.B \-la \fIkilobytes\fP ++sets the address space limit of the server to the specified number of ++kilobytes. ++A value of zero makes address space as large as possible. ++The default value is 1572864 (1.5GB) on 32 bit architectures and ++10485760 (10GB) on 64 bit architectures. ++.TP 8 + .B \-logo + turns on the X Window System logo display in the screen-saver. + There is currently no way to change this from a client. diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2013-4396.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2013-4396.diff new file mode 100644 index 00000000..d176b846 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2013-4396.diff @@ -0,0 +1,42 @@ +--- ./dix/dixfonts.c.orig 2009-07-07 12:48:57.000000000 -0500 ++++ ./dix/dixfonts.c 2013-10-09 21:49:12.126761613 -0500 +@@ -1512,6 +1512,7 @@ + GC *pGC; + unsigned char *data; + ITclosurePtr new_closure; ++ ITclosurePtr old_closure; + + /* We're putting the client to sleep. We need to + save some state. Similar problem to that handled +@@ -1524,6 +1525,7 @@ + err = BadAlloc; + goto bail; + } ++ old_closure = c; + *new_closure = *c; + c = new_closure; + +@@ -1531,6 +1533,7 @@ + if (!data) + { + xfree(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +@@ -1542,6 +1545,7 @@ + { + xfree(c->data); + xfree(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +@@ -1555,6 +1559,7 @@ + FreeScratchGC(pGC); + xfree(c->data); + xfree(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10971.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10971.diff new file mode 100644 index 00000000..25f09ee1 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10971.diff @@ -0,0 +1,21 @@ +--- ./Xi/sendexev.c.orig 2010-04-30 04:26:35.000000000 -0500 ++++ ./Xi/sendexev.c 2017-08-15 14:58:25.709950954 -0500 +@@ -95,9 +95,17 @@ + + eventP = (xEvent *) & stuff[1]; + for (i = 0; i < stuff->num_events; i++, eventP++) { ++ if (eventP->u.u.type == GenericEvent) { ++ client->errorValue = eventP->u.u.type; ++ return BadValue; ++ } ++ + proc = EventSwapVector[eventP->u.u.type & 0177]; +- if (proc == NotImplemented) /* no swapping proc; invalid event type? */ ++ /* no swapping proc; invalid event type? */ ++ if (proc == NotImplemented) { ++ client->errorValue = eventP->u.u.type; + return (BadValue); ++ } + (*proc) (eventP, &eventT); + *eventP = eventT; + } diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10972.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10972.diff new file mode 100644 index 00000000..edddc8d6 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2017-10972.diff @@ -0,0 +1,36 @@ +From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001 +From: Michal Srb <msrb@suse.com> +Date: Wed, 24 May 2017 15:54:39 +0300 +Subject: Xi: Zero target buffer in SProcXSendExtensionEvent. + +Make sure that the xEvent eventT is initialized with zeros, the same way as +in SProcSendEvent. + +Some event swapping functions do not overwrite all 32 bytes of xEvent +structure, for example XSecurityAuthorizationRevoked. Two cooperating +clients, one swapped and the other not, can send +XSecurityAuthorizationRevoked event to each other to retrieve old stack data +from X server. This can be potentialy misused to go around ASLR or +stack-protector. + +Signed-off-by: Michal Srb <msrb@suse.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 11d8202..1cf118a 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client) + { + CARD32 *p; + int i; +- xEvent eventT; ++ xEvent eventT = { .u.u.type = 0 }; + xEvent *eventP; + EventSwapPtr proc; + +-- +cgit v0.10.2 + + diff --git a/patches/source/xorg-server/post-install/xorg-server.post-install b/patches/source/xorg-server/post-install/xorg-server.post-install new file mode 100644 index 00000000..0185cb70 --- /dev/null +++ b/patches/source/xorg-server/post-install/xorg-server.post-install @@ -0,0 +1,17 @@ +# Add COPYING file: +mkdir -p $PKG/usr/doc/xorg-server-$MODULAR_PACKAGE_VERSION +cp -a COPYING $PKG/usr/doc/xorg-server-$MODULAR_PACKAGE_VERSION + +# Don't mess with my /var/log/ permissions: +rmdir $PKG/var/log +rmdir $PKG/var + +# While I hate to have X11 take over another generic-sounding +# piece of prime filesystem real estate, this symlink will +# direct (for now) proprietary X drivers into the corrent +# location: + +( cd $PKG/usr/lib + rm -rf modules + ln -sf xorg/modules . +) diff --git a/patches/source/xorg-server/slack-desc/xorg-server b/patches/source/xorg-server/slack-desc/xorg-server new file mode 100644 index 00000000..9d25b405 --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server: xorg-server (The Xorg server, the core of the X Window System) +xorg-server: +xorg-server: Xorg is a full featured X server that was originally designed for UNIX +xorg-server: and UNIX-like operating systems running on Intel x86 hardware. It now +xorg-server: runs on a wider range of hardware and OS platforms. This work was +xorg-server: derived by the X.Org Foundation from the XFree86 Project's XFree86 +xorg-server: 4.4rc2 release. The XFree86 release was originally derived from X386 +xorg-server: 1.2 by Thomas Roell which was contributed to X11R5 by Snitily Graphics +xorg-server: Consulting Service. +xorg-server: +xorg-server: The home page for the X project is: http://www.x.org diff --git a/patches/source/xorg-server/slack-desc/xorg-server-xephyr b/patches/source/xorg-server/slack-desc/xorg-server-xephyr new file mode 100644 index 00000000..640f3d18 --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server-xephyr @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server-xephyr: xorg-server-xephyr (Improved nested X server/client) +xorg-server-xephyr: +xorg-server-xephyr: Xephyr is a nested X-Client like Xnest, but with some additional +xorg-server-xephyr: features like XRender support. +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: +xorg-server-xephyr: diff --git a/patches/source/xorg-server/slack-desc/xorg-server-xnest b/patches/source/xorg-server/slack-desc/xorg-server-xnest new file mode 100644 index 00000000..393f93bd --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server-xnest @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server-xnest: xorg-server-xnest (a nested X server) +xorg-server-xnest: +xorg-server-xnest: Xnest is an experimental nested server for X that acts as both a +xorg-server-xnest: client and a server. Xnest is a client of the real server which +xorg-server-xnest: manages windows and graphics requests on its behalf. Xnest is a +xorg-server-xnest: server to its own clients. Xnest manages windows and graphics +xorg-server-xnest: requests on their behalf. To these clients Xnest appears to be a +xorg-server-xnest: conventional server. +xorg-server-xnest: +xorg-server-xnest: +xorg-server-xnest: diff --git a/patches/source/xorg-server/slack-desc/xorg-server-xvfb b/patches/source/xorg-server/slack-desc/xorg-server-xvfb new file mode 100644 index 00000000..aff9c642 --- /dev/null +++ b/patches/source/xorg-server/slack-desc/xorg-server-xvfb @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +xorg-server-xvfb: xorg-server-xvfb (virtual framebuffer X server) +xorg-server-xvfb: +xorg-server-xvfb: Xvfb is an X server that can run on machines with no display hardware +xorg-server-xvfb: and no physical input devices. It emulates a dumb framebuffer using +xorg-server-xvfb: virtual memory. The primary use of this server is intended to be +xorg-server-xvfb: server testing. The mfb or cfb code for any depth can be exercised +xorg-server-xvfb: with this server without the need for real hardware that supports the +xorg-server-xvfb: desired depths. A secondary use is testing clients against unusual +xorg-server-xvfb: depths and screen configurations. +xorg-server-xvfb: +xorg-server-xvfb: diff --git a/patches/source/xorg-server/x11.SlackBuild b/patches/source/xorg-server/x11.SlackBuild new file mode 100755 index 00000000..ca729708 --- /dev/null +++ b/patches/source/xorg-server/x11.SlackBuild @@ -0,0 +1,364 @@ +#!/bin/sh +# Copyright 2007-2010 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# To build only a single package group, specify it as $1, like: +# ./x11.SlackBuild lib +# To build only a single package, specify both the source directory +# and the name of the package, like: +# ./x11.SlackBuild lib libX11 + +pkgbase() { + PKGEXT=$(echo $1 | rev | cut -f 1 -d . | rev) + case $PKGEXT in + 'gz' ) + PKGRETURN=$(basename $1 .tar.gz) + ;; + 'bz2' ) + PKGRETURN=$(basename $1 .tar.bz2) + ;; + 'lzma' ) + PKGRETURN=$(basename $1 .tar.lzma) + ;; + 'xz' ) + PKGRETURN=$(basename $1 .tar.xz) + ;; + *) + PKGRETURN=$(basename $1) + ;; + esac + echo $PKGRETURN +} + +# Set initial variables: +CWD=$(pwd) +TMP=${TMP:-/tmp} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i486 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# A lot of this stuff just controls the package names this time: +VERSION=${VERSION:-7.5} +BUILD=${BUILD:-1} +PKGARCH=$ARCH +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "x86_64" ]; then + LIBDIRSUFFIX="64" +else + LIBDIRSUFFIX="" +fi + +# Set up a few useful functions: + +fix_perms() { + chown -R root:root . + find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; +} + +process_man_pages() { + # Compress and if needed symlink the man pages: + if [ -d usr/man ]; then + ( cd usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.* + ) + done + ) + fi +} + +process_info_pages() { + # Compress info pages and purge "dir" file from the package: + if [ -d usr/info ]; then + ( cd usr/info + rm -f dir + gzip -9 * + ) + fi +} + +no_usr_share_doc() { + # If there are docs, move them: + if [ -d usr/share/doc ]; then + mkdir -p usr/doc + mv usr/share/doc/* usr/doc + rmdir usr/share/doc + fi +} + +# Set the compile options for the $ARCH being used: +. $CWD/arch.use.flags + +SLACK_X_BUILD_DIR=$TMP/x11-build +mkdir -p $SLACK_X_BUILD_DIR + +# Better have some binaries installed first, as this may not be +# in the "magic order". I built mine by hand through trial-and-error +# before getting this script to work. It wasn't that hard... I think. ;-) +( cd src + for x_source_dir in proto data util xcb lib app doc driver font xserver ; do + # See if $1 is a source directory like "lib": + if [ ! -z "$1" ]; then + if [ ! "$1" = "${x_source_dir}" ]; then + continue + fi + fi + PKG=${SLACK_X_BUILD_DIR}/package-${x_source_dir} + rm -rf $PKG + mkdir -p $PKG + ( cd $x_source_dir + for x_pkg in *.tar.?z* ; do + # Reset $PKGARCH to its initial value: + PKGARCH=$ARCH + PKGNAME=$(echo $x_pkg | rev | cut -f 2- -d - | rev) + # Perhaps $PKGARCH should be something different: + if grep -wq "^$PKGNAME" ${CWD}/noarch ; then + PKGARCH=noarch + fi + if grep -wq "^$PKGNAME" ${CWD}/package-blacklist ; then + continue + fi + cd $SLACK_X_BUILD_DIR + # If $2 is set, we only want to build one package: + if [ ! -z "$2" ]; then + if [ "$2" = "$PKGNAME" ]; then + # Set $PKG to a private dir for the modular package build: + PKG=$SLACK_X_BUILD_DIR/package-$PKGNAME + rm -rf $PKG + mkdir -p $PKG + else + continue + fi + else + echo + echo "Building from source ${x_pkg}" + echo + fi + if grep -wq "^$PKGNAME" ${CWD}/modularize ; then + # Set $PKG to a private dir for the modular package build: + PKG=$SLACK_X_BUILD_DIR/package-$PKGNAME + rm -rf $PKG + mkdir -p $PKG + fi + + # Let's figure out the version number on the modular package: + MODULAR_PACKAGE_VERSION=$(echo $x_pkg | rev | cut -f 3- -d . | cut -f 1 -d - | rev) + + rm -rf $(pkgbase $x_pkg) + tar xf $CWD/src/${x_source_dir}/${x_pkg} || exit 1 + cd $(pkgbase $x_pkg) || exit 1 + + fix_perms + + # If any patches are needed, call this script to apply them: + if [ -r $CWD/patch/${PKGNAME}.patch ]; then + . $CWD/patch/${PKGNAME}.patch + fi + + # I heard somewhere that -O2 breaks some chipset or another. If you encounter + # problems, please contact volkerdi@slackware.com. Thanks! :-) + + # ./configure, using custom configure script if needed: + if [ -r $CWD/configure/${PKGNAME} ]; then + . $CWD/configure/${PKGNAME} + else + # This is the default configure script: + . $CWD/configure/configure + fi + + if ! make $NUMJOBS ; then + touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed + continue + fi + + make install DESTDIR=$PKG + + mkdir -p $PKG/usr/doc/${PKGNAME}-${MODULAR_PACKAGE_VERSION} + cp -a \ + AUTHORS* COPYING* INSTALL* README* NEWS* TODO* \ + $PKG/usr/doc/${PKGNAME}-${MODULAR_PACKAGE_VERSION} + + # If there's a ChangeLog, installing at least part of the recent history + # is useful, but don't let it get totally out of control: + if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAME}-$MODULAR_PACKAGE_VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog + fi + + # Get rid of zero-length junk files: + find $PKG/usr/doc/${PKGNAME}-$MODULAR_PACKAGE_VERSION -type f -size 0 -exec rm --verbose "{}" \; + rmdir --verbose $PKG/usr/doc/${PKGNAME}-$MODULAR_PACKAGE_VERSION 2> /dev/null + + # Strip binaries: + ( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "current ar archive" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null + ) + + # If there's any special post-install things to do, do them: + if [ -r $CWD/post-install/${PKGNAME}.post-install ]; then + RUNSCRIPT=$(mktemp -p $TMP) || exit 1 + cat $CWD/post-install/${PKGNAME}.post-install \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" > $RUNSCRIPT + . $RUNSCRIPT + rm -f $RUNSCRIPT + fi + + # If this package requires some doinst.sh material, add it here: + if [ -r $CWD/doinst.sh/${PKGNAME} ]; then + mkdir -p $PKG/install + cat $CWD/doinst.sh/${PKGNAME} \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" \ + >> $PKG/install/doinst.sh + fi + + # If this is a modular package, build it here: + if [ -d $SLACK_X_BUILD_DIR/package-$PKGNAME ]; then + cd $PKG + process_man_pages + process_info_pages + no_usr_share_doc + mkdir -p $PKG/install + if [ -r $CWD/slack-desc/${PKGNAME} ]; then + cat $CWD/slack-desc/${PKGNAME} > $PKG/install/slack-desc + else + touch $PKG/install/slack-desc-missing + fi + if [ -r $CWD/build/${PKGNAME} ]; then + MODBUILD=$(cat $CWD/build/${PKGNAME}) + else + MODBUILD=$BUILD + fi + if [ -r $CWD/makepkg/${PKGNAME} ]; then + BUILD=$MODBUILD . $CWD/makepkg/${PKGNAME} + else + /sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/${PKGNAME}-${MODULAR_PACKAGE_VERSION}-${PKGARCH}-${MODBUILD}.txz + fi + fi + + # Reset $PKG to assume we're building the whole source dir: + PKG=${SLACK_X_BUILD_DIR}/package-${x_source_dir} + + done + + # Nothing here? Must have been fully modular. :-) + if [ ! -d ${SLACK_X_BUILD_DIR}/package-${x_source_dir}/etc -a \ + ! -d ${SLACK_X_BUILD_DIR}/package-${x_source_dir}/usr ]; then + continue + fi + + # Build an "x11-<sourcedir>" package for anything that wasn't built modular: + # It's safer to consider these to have binaries in them. ;-) + PKGARCH=$ARCH + cd $PKG + process_man_pages + process_info_pages + no_usr_share_doc + # If there are post-install things to do for the combined package, + # we do them here. This could be used for things like making a + # VERSION number for a combined package. :-) + if [ -r $CWD/post-install/x11-${x_source_dir}.post-install ]; then + RUNSCRIPT=$(mktemp -p $TMP) || exit 1 + cat $CWD/post-install/x11-${x_source_dir}.post-install \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" > $RUNSCRIPT + . $RUNSCRIPT + rm -f $RUNSCRIPT + fi + mkdir -p $PKG/install + if [ -r $CWD/slack-desc/x11-${x_source_dir} ]; then + cat $CWD/slack-desc/x11-${x_source_dir} > $PKG/install/slack-desc + else + touch $PKG/install/slack-desc-missing + fi + if [ -r $CWD/doinst.sh/x11-${x_source_dir} ]; then + cat $CWD/doinst.sh/x11-${x_source_dir} \ + | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" \ + >> $PKG/install/doinst.sh + fi + if [ -r $CWD/build/x11-${PKGNAME} ]; then + SRCDIRBUILD=$(cat $CWD/build/x11-${PKGNAME}) + else + SRCDIRBUILD=$BUILD + fi + if [ -r $CWD/makepkg/${PKGNAME} ]; then + BUILD=$MODBUILD . $CWD/makepkg/${PKGNAME} + else + /sbin/makepkg -l y -c n ${SLACK_X_BUILD_DIR}/x11-${x_source_dir}-${VERSION}-${PKGARCH}-${SRCDIRBUILD}.txz + fi + ) + done +) + +exit 0 + +# I don't think I'll be using the following stuff, since I went for the latest in +# "individual", rather than a release. That was mostly because version 7.1 depends +# on a version of Mesa that won't build against kernel headers this new (&etc.). + +# If environment variable "REFRESH" is exported, start by refreshing the source tree: +# export REFRESH yes +if [ ! -z "$REFRESH" ]; then + # Only works once, unless you uncomment above. + unset REFRESH + ( cd patches + lftp -c \ + "lftp ftp://ftp.x.org:/pub/X11R7.1/patches + mirror --delete --dereference . + exit" + chmod 644 * + ) + ( cd src + mkdir -p update everything + for dir in app data deprecated doc driver extras font lib proto util xserver ; do + # We won't really download "update", as problems ensue. Plus, --dereference is + # bringing us updated files when needed, so it's redundant (like "everything"). + if [ ! -d $dir ]; then + mkdir $dir + fi + ( cd $dir + lftp -c \ + "lftp ftp://ftp.x.org:/pub/X11R7.1/src/$dir + mirror -c --delete --dereference --include-glob "*.tar.bz2" . + exit" + chmod 644 * + ) + done + ) +fi + diff --git a/patches/source/xorg-server/xorg-server.SlackBuild b/patches/source/xorg-server/xorg-server.SlackBuild new file mode 100755 index 00000000..688448ec --- /dev/null +++ b/patches/source/xorg-server/xorg-server.SlackBuild @@ -0,0 +1,2 @@ +UPGRADE_PACKAGES=no ./x11.SlackBuild xserver xorg-server +mv /tmp/x11-build/*txz /tmp |