From: Matt Turner Date: Sat, 25 Feb 2017 20:33:18 +0000 (-0800) Subject: x11-base/xorg-server: Remove 1.16.4-r5. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=06d95b1cb566c0ae19d145ee0f65ec3f8e2093ba;p=gentoo.git x11-base/xorg-server: Remove 1.16.4-r5. Bug: https://bugs.gentoo.org/607096 --- diff --git a/x11-base/xorg-server/Manifest b/x11-base/xorg-server/Manifest index 61e76ed095ee..7aa7d5f51be9 100644 --- a/x11-base/xorg-server/Manifest +++ b/x11-base/xorg-server/Manifest @@ -2,7 +2,6 @@ DIST xorg-server-1.12-cve-2014-8091..8103.patches.tar.xz 14832 SHA256 a98fd1589e DIST xorg-server-1.12.4.tar.bz2 5444761 SHA256 8ac07c35306ba3fb3c0972722dd4e919303039eca1d40ac7862560e0b2c94cf7 SHA512 70997e8ba4f948829c158e52924753c5691a783dd14e5a86fdce4fc601638dd4e0b281590876b0315a303bf8d5195bdf43ede7113d1d569415a41ab03d938d85 WHIRLPOOL bfee61329ca85ecedb991ca933de6e3a1e94e34a04d9a723a0e9c90a36e067824701c38e8a0034498ed28dfca82eb653d1e1ab5c0223020f5da69cbbf80bbf98 DIST xorg-server-1.15.2.tar.bz2 5551426 SHA256 3c0585607c654ded836da43a45a75492fc13454ff4149704fb08dac39f051163 SHA512 5fcbf0012af309f80e1db206e05d7861796146d765cd17f3963fde6da7f43f0e57d63dbbdbf2c554612a557aa4dee623ef62f7ca7d007834aafd7a46ca7bb1d6 WHIRLPOOL 22cdbad68462f9bac32b13be958df496411ca72fe47435ec7e3ebb470b121ba4b4a0e023913f31a92113c5a56bc4be660dfec5086bc1fb72a617d2cdeaa8adf1 DIST xorg-server-1.16-cve-2014-8091..8103.patches.tar.xz 27892 SHA256 47d8c9bb79c829389e7599aef1110d43afbc5bf744dbcf73d8f3cf01796d287a SHA512 f8b55c009166883b3e6ec2c8c7a2ff4ed61df6970afcc4f0efb9efa36741af194456a368d4b1c7ba9345ef973fb139a48eb50cb5a7ebc144b43749b9ffdb1f7b WHIRLPOOL 2f8b26c018f4ad4cf780ed7dcb0b844de64e7a612adc30c622d1956dfcee710086ffcc837ff0a64cdcc14d47720d82d8797374488bf0b52d77ca63adf6806885 -DIST xorg-server-1.16.4.tar.bz2 5817330 SHA256 abb6e1cc9213a9915a121f48576ff6739a0b8cdb3d32796f9a7743c9a6efc871 SHA512 f756fca65535aa921a85d8d8eb36ea2ba5b7af90a46d640b0ca76259a9abd9d323885087e11156528d95240937c70373045001ae20266a1b9e89909f007e9e74 WHIRLPOOL 63980a3e2b57d2860998344f21a6524598b3dc135c277e5a868e34b57ab5060681ae7137358b3ba8b9ca5fd622a91aeb06bd0ac9e3e5ce1f4dc55df2b2dc0e33 DIST xorg-server-1.17.4.tar.bz2 5791384 SHA256 0c4b45c116a812a996eb432d8508cf26c2ec8c3916ff2a50781796882f8d6457 SHA512 4b8377b86ca88f27dcf59db2996b2ee620ce6f181a37dc47600365db588d48f2f3ca66a3149e7c856e686e5783b1cccb2ba0827aa7413299163dfca869f4d376 WHIRLPOOL c5baa1b01e57eac9e18bd1890c0a7e2246836524645057d5e05a1a19225d863645616aafaadbf9d083ffb672d47ea1934ad8323d813533e9519f0d92f9a1c6ab DIST xorg-server-1.18.4.tar.bz2 6009508 SHA256 278459b2c31d61a15655d95a72fb79930c480a6bb8cf9226e48a07df8b1d31c8 SHA512 2055948caa1437547ea823a70d8b24584b65338bb9f1bbf75e3ad7fd60ec9684378facaffa05b7ce496d904213cd192085a43ba889a1476d5fbc813b7e41b56b WHIRLPOOL f9ba5ffb49e6ac7ca20d64d27712a0a8f10c6560256a20e9f944d6438dc5f5eebe53daf6af110084da67a622e92874969047518e72ff181de0d64d83030d629f DIST xorg-server-1.19.1.tar.bz2 6041792 SHA256 79ae2cf39d3f6c4a91201d8dad549d1d774b3420073c5a70d390040aa965a7fb SHA512 37d413fdd96ce6b15ae20ca5028331498586044cfc7a6ab0acb99201b04063c69bcd06867f2dc33237b244ce2870a1c5a4be3cbe4560f2461894f46f8d5dbdd7 WHIRLPOOL 9fab4118e866e11a7742ba63d7f681490d43718a329416fb742e268fdf56f348bc9f1f2b5229fbaac98ce78f41fc1e9e5aa7587ee120fcccaba752ff4bac1555 diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch deleted file mode 100644 index a9f803022703..000000000000 --- a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-1.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Tue, 5 May 2015 16:43:42 -0400 -Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] - -Xwayland currently allows wide-open access to the X sockets -it listens on, ignoring Xauth access control. - -This commit makes sure to enable access control on the sockets, -so one user can't snoop on another user's X-over-wayland -applications. - -Signed-off-by: Ray Strode -Reviewed-by: Daniel Stone -Reviewed-by: Alan Coopersmith -Signed-off-by: Keith Packard - -diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c -index 7e8d667..c5bee77 100644 ---- a/hw/xwayland/xwayland.c -+++ b/hw/xwayland/xwayland.c -@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) - int i; - - for (i = 0; i < xwl_screen->listen_fd_count; i++) -- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE); -+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE); - } - - static void --- -cgit v0.10.2 - diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-2.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-2.patch deleted file mode 100644 index 47b323f1ec8e..000000000000 --- a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-2.patch +++ /dev/null @@ -1,246 +0,0 @@ -From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Tue, 5 May 2015 16:43:43 -0400 -Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] - -If the X server is started without a '-auth' argument, then -it gets started wide open to all local users on the system. - -This isn't a great default access model, but changing it in -Xorg at this point would break backward compatibility. - -Xwayland, on the other hand is new, and much more targeted -in scope. It could, in theory, be changed to allow the much -more secure default of a "user who started X server can connect -clients to that server." - -This commit paves the way for that change, by adding a mechanism -for DDXs to opt-in to that behavior. They merely need to call - -LocalAccessScopeUser() - -in their init functions. - -A subsequent commit will add that call for Xwayland. - -Signed-off-by: Ray Strode -Reviewed-by: Daniel Stone -Reviewed-by: Alan Coopersmith -Signed-off-by: Keith Packard - -diff --git a/include/os.h b/include/os.h -index 6638c84..b2b96c8 100644 ---- a/include/os.h -+++ b/include/os.h -@@ -431,11 +431,28 @@ extern _X_EXPORT void - ResetHosts(const char *display); - - extern _X_EXPORT void -+EnableLocalAccess(void); -+ -+extern _X_EXPORT void -+DisableLocalAccess(void); -+ -+extern _X_EXPORT void - EnableLocalHost(void); - - extern _X_EXPORT void - DisableLocalHost(void); - -+#ifndef NO_LOCAL_CLIENT_CRED -+extern _X_EXPORT void -+EnableLocalUser(void); -+ -+extern _X_EXPORT void -+DisableLocalUser(void); -+ -+extern _X_EXPORT void -+LocalAccessScopeUser(void); -+#endif -+ - extern _X_EXPORT void - AccessUsingXdmcp(void); - -diff --git a/os/access.c b/os/access.c -index 8fa028e..75e7a69 100644 ---- a/os/access.c -+++ b/os/access.c -@@ -102,6 +102,10 @@ SOFTWARE. - #include - #include - -+#ifndef NO_LOCAL_CLIENT_CRED -+#include -+#endif -+ - #if defined(TCPCONN) || defined(STREAMSCONN) - #include - #endif /* TCPCONN || STREAMSCONN */ -@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; - static int LocalHostRequested = FALSE; - static int UsingXdmcp = FALSE; - -+static enum { -+ LOCAL_ACCESS_SCOPE_HOST = 0, -+#ifndef NO_LOCAL_CLIENT_CRED -+ LOCAL_ACCESS_SCOPE_USER, -+#endif -+} LocalAccessScope; -+ - /* FamilyServerInterpreted implementation */ - static Bool siAddrMatch(int family, void *addr, int len, HOST * host, - ClientPtr client); -@@ -237,6 +248,21 @@ static void siTypesInitialize(void); - */ - - void -+EnableLocalAccess(void) -+{ -+ switch (LocalAccessScope) { -+ case LOCAL_ACCESS_SCOPE_HOST: -+ EnableLocalHost(); -+ break; -+#ifndef NO_LOCAL_CLIENT_CRED -+ case LOCAL_ACCESS_SCOPE_USER: -+ EnableLocalUser(); -+ break; -+#endif -+ } -+} -+ -+void - EnableLocalHost(void) - { - if (!UsingXdmcp) { -@@ -249,6 +275,21 @@ EnableLocalHost(void) - * called when authorization is enabled to keep us secure - */ - void -+DisableLocalAccess(void) -+{ -+ switch (LocalAccessScope) { -+ case LOCAL_ACCESS_SCOPE_HOST: -+ DisableLocalHost(); -+ break; -+#ifndef NO_LOCAL_CLIENT_CRED -+ case LOCAL_ACCESS_SCOPE_USER: -+ DisableLocalUser(); -+ break; -+#endif -+ } -+} -+ -+void - DisableLocalHost(void) - { - HOST *self; -@@ -262,6 +303,74 @@ DisableLocalHost(void) - } - } - -+#ifndef NO_LOCAL_CLIENT_CRED -+static int GetLocalUserAddr(char **addr) -+{ -+ static const char *type = "localuser"; -+ static const char delimiter = '\0'; -+ static const char *value; -+ struct passwd *pw; -+ int length = -1; -+ -+ pw = getpwuid(getuid()); -+ -+ if (pw == NULL || pw->pw_name == NULL) -+ goto out; -+ -+ value = pw->pw_name; -+ -+ length = asprintf(addr, "%s%c%s", type, delimiter, value); -+ -+ if (length == -1) { -+ goto out; -+ } -+ -+ /* Trailing NUL */ -+ length++; -+ -+out: -+ return length; -+} -+ -+void -+EnableLocalUser(void) -+{ -+ char *addr = NULL; -+ int length = -1; -+ -+ length = GetLocalUserAddr(&addr); -+ -+ if (length == -1) -+ return; -+ -+ NewHost(FamilyServerInterpreted, addr, length, TRUE); -+ -+ free(addr); -+} -+ -+void -+DisableLocalUser(void) -+{ -+ char *addr = NULL; -+ int length = -1; -+ -+ length = GetLocalUserAddr(&addr); -+ -+ if (length == -1) -+ return; -+ -+ RemoveHost(NULL, FamilyServerInterpreted, length, addr); -+ -+ free(addr); -+} -+ -+void -+LocalAccessScopeUser(void) -+{ -+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER; -+} -+#endif -+ - /* - * called at init time when XDMCP will be used; xdmcp always - * adds local hosts manually when needed -diff --git a/os/auth.c b/os/auth.c -index 5fcb538..7da6fc6 100644 ---- a/os/auth.c -+++ b/os/auth.c -@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, - - /* - * If the authorization file has at least one entry for this server, -- * disable local host access. (loadauth > 0) -+ * disable local access. (loadauth > 0) - * - * If there are zero entries (either initially or when the - * authorization file is later reloaded), or if a valid -- * authorization file was never loaded, enable local host access. -+ * authorization file was never loaded, enable local access. - * (loadauth == 0 || !loaded) - * - * If the authorization file was loaded initially (with valid -@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, - */ - - if (loadauth > 0) { -- DisableLocalHost(); /* got at least one */ -+ DisableLocalAccess(); /* got at least one */ - loaded = TRUE; - } - else if (loadauth == 0 || !loaded) -- EnableLocalHost(); -+ EnableLocalAccess(); - } - if (name_length) { - for (i = 0; i < NUM_AUTHORIZATION; i++) { --- -cgit v0.10.2 - diff --git a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-3.patch b/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-3.patch deleted file mode 100644 index 7e8f173117ac..000000000000 --- a/x11-base/xorg-server/files/xorg-server-1.17-cve-2015-3164-3.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Tue, 5 May 2015 16:43:44 -0400 -Subject: xwayland: default to local user if no xauth file given. - [CVE-2015-3164 3/3] - -Right now if "-auth" isn't passed on the command line, we let -any user on the system connect to the Xwayland server. - -That's clearly suboptimal, given Xwayland is generally designed -to be used by one user at a time. - -This commit changes the behavior, so only the user who started the -X server can connect clients to it. - -Signed-off-by: Ray Strode -Reviewed-by: Daniel Stone -Reviewed-by: Alan Coopersmith -Signed-off-by: Keith Packard - -diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c -index c5bee77..bc92beb 100644 ---- a/hw/xwayland/xwayland.c -+++ b/hw/xwayland/xwayland.c -@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) - if (AddScreen(xwl_screen_init, argc, argv) == -1) { - FatalError("Couldn't add screen\n"); - } -+ -+ LocalAccessScopeUser(); - } --- -cgit v0.10.2 - diff --git a/x11-base/xorg-server/xorg-server-1.16.4-r5.ebuild b/x11-base/xorg-server/xorg-server-1.16.4-r5.ebuild deleted file mode 100644 index 4b776aece665..000000000000 --- a/x11-base/xorg-server/xorg-server-1.16.4-r5.ebuild +++ /dev/null @@ -1,237 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -XORG_DOC=doc -inherit xorg-2 multilib versionator flag-o-matic -EGIT_REPO_URI="git://anongit.freedesktop.org/git/xorg/xserver" - -DESCRIPTION="X.Org X servers" -SLOT="0/1.16.1" -KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux" - -IUSE_SERVERS="dmx kdrive xnest xorg xvfb" -IUSE="${IUSE_SERVERS} glamor ipv6 minimal nptl selinux +suid systemd tslib +udev unwind wayland" - -CDEPEND=">=app-eselect/eselect-opengl-1.3.0 - dev-libs/openssl:0= - media-libs/freetype - >=x11-apps/iceauth-1.0.2 - >=x11-apps/rgb-1.0.3 - >=x11-apps/xauth-1.0.3 - x11-apps/xkbcomp - >=x11-libs/libdrm-2.4.20 - >=x11-libs/libpciaccess-0.12.901 - >=x11-libs/libXau-1.0.4 - >=x11-libs/libXdmcp-1.0.2 - >=x11-libs/libXfont-1.4.2 - >=x11-libs/libxkbfile-1.0.4 - >=x11-libs/libxshmfence-1.1 - >=x11-libs/pixman-0.27.2 - >=x11-libs/xtrans-1.3.3 - >=x11-misc/xbitmaps-1.0.1 - >=x11-misc/xkeyboard-config-2.4.1-r3 - dmx? ( - x11-libs/libXt - >=x11-libs/libdmx-1.0.99.1 - >=x11-libs/libX11-1.1.5 - >=x11-libs/libXaw-1.0.4 - >=x11-libs/libXext-1.0.99.4 - >=x11-libs/libXfixes-5.0 - >=x11-libs/libXi-1.2.99.1 - >=x11-libs/libXmu-1.0.3 - x11-libs/libXrender - >=x11-libs/libXres-1.0.3 - >=x11-libs/libXtst-1.0.99.2 - ) - glamor? ( - media-libs/libepoxy - >=media-libs/mesa-10.3.4-r1[egl,gbm] - !x11-libs/glamor - ) - kdrive? ( - >=x11-libs/libXext-1.0.5 - x11-libs/libXv - ) - !minimal? ( - >=x11-libs/libX11-1.1.5 - >=x11-libs/libXext-1.0.5 - >=media-libs/mesa-10.3.4-r1[nptl=] - ) - tslib? ( >=x11-libs/tslib-1.0 ) - udev? ( >=virtual/udev-150 ) - unwind? ( sys-libs/libunwind ) - wayland? ( - >=dev-libs/wayland-1.3.0 - media-libs/libepoxy - ) - >=x11-apps/xinit-1.3 - systemd? ( - sys-apps/dbus -