From: Sergei Trofimovich Date: Sat, 22 Aug 2015 20:06:18 +0000 (+0100) Subject: x11-base/xorg-server: fix crash on FlushAllOutput, bug #555776 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ef0ca3a416ad5b5332da5eb15d388ce7f7845e53;p=gentoo.git x11-base/xorg-server: fix crash on FlushAllOutput, bug #555776 Bug: https://bugs.freedesktop.org/91316 Bug: https://bugs.gentoo.org/555776 Package-Manager: portage-2.2.20 --- diff --git a/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch b/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch new file mode 100644 index 000000000000..681819619ebc --- /dev/null +++ b/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch @@ -0,0 +1,65 @@ +https://bugs.gentoo.org/show_bug.cgi?id=555776 + +From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001 +From: Martin Peres +Date: Fri, 17 Jul 2015 17:21:26 +0300 +Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized + before use + +In WaitForSomething(), the fd_set clientsWritable may be used unitialized when +the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to +a crash in FlushAllOutput() after x11proto's commit +2c94cdb453bc641246cc8b9a876da9799bee1ce7. + +The problem did not manifest before because both the XFD_SIZE and the maximum +number of clients were set to 256. As the connectionTranslation table was +initalized for the 256 clients to 0, the test on the index not being 0 was +aborting before dereferencing the client #0. + +As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE +got bumped to 512. This lead the OutputPending fd_set to have any fd above 256 +to be uninitialized which in turns lead to reading an index after the end of +the ConnectionTranslation table. This index would then be used to find the +client corresponding to the fd marked as pending writes and would also result +to an out-of-bound access which would usually be the fatal one. + +Fix this by zeroing the clientsWritable fd_set at the beginning of +WaitForSomething(). In this case, the bottom part of the loop, which would +indirectly call FlushAllOutput, will not do any work but the next call to +select will result in the execution of the right codepath. This is exactly what +we want because we need to know the writable clients before handling them. In +the end, it also makes sure that the fds above MaxClient are initialized, +preventing the crash in FlushAllOutput(). + +Thanks to everyone involved in tracking this one down! + +Reported-by: Karol Herbst +Reported-by: Tobias Klausmann +Signed-off-by: Martin Peres +Tested-by: Martin Peres +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316 +Cc: Ilia Mirkin +Cc: Martin Peres +Cc: Olivier Fourdan +Cc: Alan Coopersmith +--- + os/WaitFor.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/os/WaitFor.c b/os/WaitFor.c +index 431f1a6..993c14e 100644 +--- a/os/WaitFor.c ++++ b/os/WaitFor.c +@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady) + Bool someReady = FALSE; + + FD_ZERO(&clientsReadable); ++ FD_ZERO(&clientsWritable); + + if (nready) + SmartScheduleStopTimer(); +-- +2.4.5 + diff --git a/x11-base/xorg-server/xorg-server-1.17.2-r1.ebuild b/x11-base/xorg-server/xorg-server-1.17.2-r1.ebuild new file mode 100644 index 000000000000..8181fa562e97 --- /dev/null +++ b/x11-base/xorg-server/xorg-server-1.17.2-r1.ebuild @@ -0,0 +1,245 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +XORG_DOC=doc +inherit xorg-2 multilib versionator flag-o-matic +EGIT_REPO_URI="git://anongit.freedesktop.org/git/xorg/xserver" + +DESCRIPTION="X.Org X servers" +SLOT="0/${PV}" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux" + +IUSE_SERVERS="dmx kdrive xephyr xnest xorg xvfb" +IUSE="${IUSE_SERVERS} glamor ipv6 minimal nptl selinux +suid systemd tslib +udev unwind wayland" + +CDEPEND=">=app-eselect/eselect-opengl-1.3.0 + dev-libs/openssl + media-libs/freetype + >=x11-apps/iceauth-1.0.2 + >=x11-apps/rgb-1.0.3 + >=x11-apps/xauth-1.0.3 + x11-apps/xkbcomp + >=x11-libs/libdrm-2.4.46 + >=x11-libs/libpciaccess-0.12.901 + >=x11-libs/libXau-1.0.4 + >=x11-libs/libXdmcp-1.0.2 + >=x11-libs/libXfont-1.4.2 + >=x11-libs/libxkbfile-1.0.4 + >=x11-libs/libxshmfence-1.1 + >=x11-libs/pixman-0.27.2 + >=x11-libs/xtrans-1.3.5 + >=x11-misc/xbitmaps-1.0.1 + >=x11-misc/xkeyboard-config-2.4.1-r3 + dmx? ( + x11-libs/libXt + >=x11-libs/libdmx-1.0.99.1 + >=x11-libs/libX11-1.1.5 + >=x11-libs/libXaw-1.0.4 + >=x11-libs/libXext-1.0.99.4 + >=x11-libs/libXfixes-5.0 + >=x11-libs/libXi-1.2.99.1 + >=x11-libs/libXmu-1.0.3 + x11-libs/libXrender + >=x11-libs/libXres-1.0.3 + >=x11-libs/libXtst-1.0.99.2 + ) + glamor? ( + media-libs/libepoxy + >=media-libs/mesa-10.3.4-r1[egl,gbm] + !x11-libs/glamor + ) + kdrive? ( + >=x11-libs/libXext-1.0.5 + x11-libs/libXv + ) + xephyr? ( + x11-libs/libxcb + x11-libs/xcb-util + x11-libs/xcb-util-image + x11-libs/xcb-util-keysyms + x11-libs/xcb-util-renderutil + x11-libs/xcb-util-wm + ) + !minimal? ( + >=x11-libs/libX11-1.1.5 + >=x11-libs/libXext-1.0.5 + >=media-libs/mesa-10.3.4-r1[nptl=] + ) + tslib? ( >=x11-libs/tslib-1.0 ) + udev? ( >=virtual/udev-150 ) + unwind? ( sys-libs/libunwind ) + wayland? ( + >=dev-libs/wayland-1.3.0 + media-libs/libepoxy + ) + >=x11-apps/xinit-1.3.3-r1 + systemd? ( + sys-apps/dbus + sys-apps/systemd + )" + +DEPEND="${CDEPEND} + sys-devel/flex + >=x11-proto/bigreqsproto-1.1.0 + >=x11-proto/compositeproto-0.4 + >=x11-proto/damageproto-1.1 + >=x11-proto/fixesproto-5.0 + >=x11-proto/fontsproto-2.1.3 + >=x11-proto/glproto-1.4.17-r1 + >=x11-proto/inputproto-2.2.99.1 + >=x11-proto/kbproto-1.0.3 + >=x11-proto/randrproto-1.4.0 + >=x11-proto/recordproto-1.13.99.1 + >=x11-proto/renderproto-0.11 + >=x11-proto/resourceproto-1.2.0 + >=x11-proto/scrnsaverproto-1.1 + >=x11-proto/trapproto-3.4.3 + >=x11-proto/videoproto-2.2.2 + >=x11-proto/xcmiscproto-1.2.0 + >=x11-proto/xextproto-7.2.99.901 + >=x11-proto/xf86dgaproto-2.0.99.1 + >=x11-proto/xf86rushproto-1.1.2 + >=x11-proto/xf86vidmodeproto-2.2.99.1 + >=x11-proto/xineramaproto-1.1.3 + >=x11-proto/xproto-7.0.26 + >=x11-proto/presentproto-1.0 + >=x11-proto/dri3proto-1.0 + dmx? ( + >=x11-proto/dmxproto-2.2.99.1 + doc? ( + || ( + www-client/links + www-client/lynx + www-client/w3m + ) + ) + ) + !minimal? ( + >=x11-proto/xf86driproto-2.1.0 + >=x11-proto/dri2proto-2.8 + )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-xserver ) + !x11-drivers/xf86-video-modesetting +" + +PDEPEND=" + xorg? ( >=x11-base/xorg-drivers-$(get_version_component_range 1-2) )" + +REQUIRED_USE="!minimal? ( + || ( ${IUSE_SERVERS} ) + ) + xephyr? ( kdrive )" + +#UPSTREAMED_PATCHES=( +# "${WORKDIR}/patches/" +#) + +PATCHES=( + "${UPSTREAMED_PATCHES[@]}" + "${FILESDIR}"/${PN}-1.17-ia64-fix_inx_outx.patch + "${FILESDIR}"/${PN}-1.12-unloadsubmodule.patch + # needed for new eselect-opengl, bug #541232 + "${FILESDIR}"/${PN}-1.17-support-multiple-Files-sections.patch + "${FILESDIR}"/${PN}-1.17.2-uninit-clientsWritable.patch +) + +pkg_pretend() { + # older gcc is not supported + [[ "${MERGE_TYPE}" != "binary" && $(gcc-major-version) -lt 4 ]] && \ + die "Sorry, but gcc earlier than 4.0 will not work for xorg-server." +} + +src_configure() { + # localstatedir is used for the log location; we need to override the default + # from ebuild.sh + # sysconfdir is used for the xorg.conf location; same applies + # NOTE: fop is used for doc generating ; and i have no idea if gentoo + # package it somewhere + XORG_CONFIGURE_OPTIONS=( + $(use_enable ipv6) + $(use_enable dmx) + $(use_enable glamor) + $(use_enable kdrive) + $(use_enable kdrive kdrive-kbd) + $(use_enable kdrive kdrive-mouse) + $(use_enable kdrive kdrive-evdev) + $(use_enable suid install-setuid) + $(use_enable tslib) + $(use_enable unwind libunwind) + $(use_enable wayland xwayland) + $(use_enable !minimal record) + $(use_enable !minimal xfree86-utils) + $(use_enable !minimal install-libxf86config) + $(use_enable !minimal dri) + $(use_enable !minimal dri2) + $(use_enable !minimal glx) + $(use_enable xephyr) + $(use_enable xnest) + $(use_enable xorg) + $(use_enable xvfb) + $(use_enable nptl glx-tls) + $(use_enable udev config-udev) + $(use_with doc doxygen) + $(use_with doc xmlto) + $(use_with systemd systemd-daemon) + $(use_enable systemd systemd-logind) + --enable-libdrm + --sysconfdir="${EPREFIX}"/etc/X11 + --localstatedir="${EPREFIX}"/var + --with-fontrootdir="${EPREFIX}"/usr/share/fonts + --with-xkb-output="${EPREFIX}"/var/lib/xkb + --disable-config-hal + --disable-linux-acpi + --without-dtrace + --without-fop + --with-os-vendor=Gentoo + --with-sha1=libcrypto + ) + + xorg-2_src_configure +} + +src_install() { + xorg-2_src_install + + server_based_install + + if ! use minimal && use xorg; then + # Install xorg.conf.example into docs + dodoc "${AUTOTOOLS_BUILD_DIR}"/hw/xfree86/xorg.conf.example + fi + + newinitd "${FILESDIR}"/xdm-setup.initd-1 xdm-setup + newinitd "${FILESDIR}"/xdm.initd-11 xdm + newconfd "${FILESDIR}"/xdm.confd-4 xdm + + # install the @x11-module-rebuild set for Portage + insinto /usr/share/portage/config/sets + newins "${FILESDIR}"/xorg-sets.conf xorg.conf +} + +pkg_postinst() { + # sets up libGL and DRI2 symlinks if needed (ie, on a fresh install) + eselect opengl set xorg-x11 --use-old +} + +pkg_postrm() { + # Get rid of module dir to ensure opengl-update works properly + if [[ -z ${REPLACED_BY_VERSION} && -e ${EROOT}/usr/$(get_libdir)/xorg/modules ]]; then + rm -rf "${EROOT}"/usr/$(get_libdir)/xorg/modules + fi +} + +server_based_install() { + if ! use xorg; then + rm "${ED}"/usr/share/man/man1/Xserver.1x \ + "${ED}"/usr/$(get_libdir)/xserver/SecurityPolicy \ + "${ED}"/usr/$(get_libdir)/pkgconfig/xorg-server.pc \ + "${ED}"/usr/share/man/man1/Xserver.1x + fi +}