Fix several security issues in x11-servers/xorg-server and slave ports which
ultimately can lead to local privilege escalations if xorg-server is running
privileged.
More info:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
MFH: 2020Q3 (implicit, security update)
Security: ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335
- GL_COMMIT is not supported by "portedit set-version"
- GL_COMMIT is no longer necessary (bug 242329)
- GitLab distfiles don't carry ordinal version in filename
- GitLab .patch links have volatile footer (Git version)
Make xorg-server default to try the xf86-input-libinput driver if a
configured driver can't be found. This only applies if a specific driver
for an input device has been configured manually in xorg, but that driver
can't be found when starting xorg.
Discussed with: manu, jbeich
MFH: 2020Q2
Wayland clients (unlike server/compositor) are not supposed to require
special privileges. Something in drm-kmod fails to authorize access to
/dev/dri/* even if user is under "video" group.
Not a port option because Xwayland doesn't know how to drop priveleges.
$ pkg install nvidia-driver
$ glxinfo
name of display: :0
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 150 (GLX)
Minor opcode of failed request: 24 (X_GLXCreateNewContext)
Value in failed request: 0x0
Serial number of failed request: 39
Current serial number in output stream: 40
"pkg-config --cflags gl" no longer contains -I/usr/local/include/libdrm
In file included from ../glx/glxdriswrast.c:39:
/usr/local/include/GL/internal/dri_interface.h:43:10: fatal error: 'drm.h' file not found
#include <drm.h>
^~~~~~~
GitLab unlike GitHub keeps the footer from git-format-patch(1) which
frequently changes on Git version upgrades. So, switch to git-diff(1)
which lacks header/footer.
Approved by: x11 (zeising via Gitter)
MFH: 2020Q2 (avoid bustage over time due to upstream infra upgrades)
Differential Revision: https://reviews.freebsd.org/D24810
Apply an upstream patch to avoid sending focus evens when grab actually does
not change. This fixes certain full screen applications. [1]
Ensure that we actually don't try to find and link against HAL even if it's
around on the system we're compiling on [2]
Add CPE information [3]
PR: 245854 [1] (with changes), 245604 [2], 197712 [3]
Submitted by: naddy@ [1], mi@ [2], arrowd [3]
Reported by: shun [3]
MFH: 2020Q2
*.pcf fonts are rendered by X11 server but if font path is disabled
only built-in fonts are available by default. While users could still
amend font path via "xset fp" the discrepancy with xorg-server gave
a bad first impression.
Reported by: jsm
Change the default mesa configuration to use DRI3 rather than the older DRI2
interface. This should improve performance somewhat, and alleviates the need
for the FIXDRM option in x11-servers/xorg-server.
Remove the FIXDRM option from x11-servers/xorg-server.
Add an UPDATING entry for the change.
For users of graphics/drm-legacy-kmod or the base graphics drivers, this might
cause regressions. If you experience problems when running OpenGL applications
please force the use of the DRI2 backend by setting the LIBGL_DRI3_DISABLE
environment variable to 1 before starting any OpenGL application. This is
easiest done by adding it to your shell startup file or .xinitrc.
Add UPDATING entry for xorg-server, detailing the change of device
configuration backend.
PR: 196678, 244306 (for tracking)
This is a workaround for a problem with certain systems [1] after
x11-servers/xorg-server was upgraded to 1.20.7. Other workarounds are
described in PR 244306.
[1]
These systems have been reported to have problems:
Sandy Bridge
Ivy Bridge
Broadwell
Kaby Lake
Whiskey Lake
PR: 244306
Submitted by: wulf
Reported by: philippe.michel7@free.fr
Approved by: x11 (zeising)
Differential Revision: https://reviews.freebsd.org/D23834
Use C11 compiler:
In file included from glxserver.h:70,
from singlepix.c:35:
../include/glx_extinit.h:33: error: redefinition of typedef '__GLXscreen'
glxscreens.h:119: error: previous declaration of '__GLXscreen' was here
Update xorg x11 servers to 1.20.7. This updates x11-servers/xorg-server,
xephyr, xorg-dmx, xorg-nestserver, xorg-vbserver and xwayland.
Enable the UDEV backend by default, instead of the DEVD backend, for
autoconfiguration of input devices on FreeBSD 12 and later.
FreeBSD 11 lacks the needed support in base and will keep on using the DEVD
backend.
Support for the HAL backend is dropped completely, it has been deprecated
for a long time.
Update and improve the DEVD backend.
Add a pkg message about sysctl configuration that might be needed when using
UDEV.
Use the upstream fix for glamour issues.
Use evdev xkb rules by default in xwayland [2]
Add x11-drivers/xf86-input-libinput to the list installed by default by
x11-drivers/xorg-drivers.
Fix net/tigervnc-server and emulators/virtualbox-ose
Bump portrevision of all x11 drivers, as well as other ports dependent on
xorg-server.
This represents work by many people over a long period. These include
wulf, ak, dumbbell, hselasky pete AT nomadlogic DOT org, jbeich, manu,
myself and possibly others (I tried to look through history, but might have
missed people. If so, I am sorry.)
PR: 196678 [1], 244129 [2]
Submitted by: hselasky, wulf [1], jbeich [2]
Obtained from: https://github.com/FreeBSDDesktop/freebsd-ports/tree/feature/xserver-1.20 (in part)
- Document DRI3 requirement as downstream patches in mesa-libs
disabled it by default due to a bug with drm-legacy-kmod.
However, Wayland is not supported on drm-legacy-kmod.
Changes: ee9f6e20de...4709d24f8e
Update graphics/wayland-protocols to 1.18
Remove the -devel version, it's not needed. Adjust dependencies for this.
PR: 244010
Submitted by: jbeich
Tested by: manu
sh: /usr/local/bin/xkbcomp: not found
sh: /usr/local/bin/xkbcomp: not found
XKB: Failed to compile keymap
Keyboard initialization failed. This could be a missing or incorrect setup of xkeyboard-config.
In file included from ../glx/glxserver.h:70,
from ../glx/indirect_dispatch.c:29:
../include/glx_extinit.h:33: error: redefinition of typedef '__GLXscreen'
../glx/glxscreens.h:119: error: previous declaration of '__GLXscreen' was here
===> xwayland-devel-1.20.0.592 depends on package: wayland-protocols>=1.18 - not found
[...]
Dependency wayland-protocols found: NO found 1.17 but need: '>= 1.18'
Run-time dependency wayland-protocols found: NO (tried pkgconfig and cmake)
[...]
install -m 555 /usr/ports/default/x11-servers/xwayland-devel/work/xserver-1cfdd1a96580733df3625bcea3384ffee3dc92df-1cfdd1a96580733df3625bcea3384ffee3dc92df/_build/hw/xwayland/Xwayland /usr/ports/default/x11-servers/xwayland-devel/work/stage/usr/local/bin
install: /usr/ports/default/x11-servers/xwayland-devel/work/xserver-1cfdd1a96580733df3625bcea3384ffee3dc92df-1cfdd1a96580733df3625bcea3384ffee3dc92df/_build/hw/xwayland/Xwayland: No such file or directory
*** Error code 71
UDEV builds Xorg against libudev-devd, allowing automatic detection of
/dev/input/* (evdev) devices with xf86-input-libinput or xf86-input-evdev.
PR: 222609
Submitted by: Greg V <greg@unrelenting.technology>
Tested by: Ivan <bsd@abinet.ru>, manu
Approved by: x11 (bapt via IRC)
This allows a port/package to install a symlink pointing
the real font directory managed by core XLFD (aka fonts.dir).
Adding a new entry of "FontPath" into the system-wide
xorg.conf or "xset fp" by users manually is no longer needed.
When both USES=fonts and ${FONTPATHSPEC} are defined,
the post-install target will install ${FONTPATHSPEC} into
${FONTPATHD} directory as a symlink to ${FONTSDIR}.
The symlink name has the following syntax:
<identifier>:[attribute:]pri=<priority>
Details can be found in xorg.conf(5). A typical example
for a bitmap font is as follows:
FONTPATHSPEC= ${PORTNAME}:unscaled:pri=60
No objection on: x11
Backport PCI IDs for various intel graphics cards, to enable MESA with these
graphics cards. According to upstream, it is safe to backport PCI IDs,
worst case is MESA fails to initialize and fall back to software rendering,
which would be the case without this patch anyway.
PR: 233221
Tested by: Yuri Pankov
Fix illegal instruction when running xserver in kvm or qemu (and possibly
others) virtualisation. This is solved by disabling sse instructions while
compiling the xf86SlowBcopy (don't ask) function.
This fix was originally committed by dim as r396167 in 2015, and then most
likely accidentally removed in r433863 in 2017.
Bump portrevision
Original commit message:
> Disable use of SSE instructions in Xorg's xf86SlowBcopy() function.
>
> When such instructions are used to copy data from/to mapped video
> memory, some hypervisors (e.g. KVM, Microsoft Hyper-V) can generate
> SIGILL or SIGBUS exceptions, causing Xorg to crash.
PR: 202643
Reported by: nogcjx@fastmail.fm
Requested by: dim
Diagnose and fix by: dim
MFH: 2019Q1
Release note:
Documentation:
* Switch to https for hadrons.org URLs.
Code cleanup
* Check strSubFamily for emptiness when assigning it.
* Use matching delete [] operator for new [].
* Use std::string instead of static buffers.
* Check error failures from socket() call.
* Do no dereference TTFont variable before using it.
* Use memcpy() instead of strncpy() to copy a fixed-length string.
* Initialize structs that go over the wire to 0.
* Remove pathname length check.
Fix portrevision, it accidentally went backwards when comitting r487789.
Bump it to 11 to ensure xwayland is rebuild after the evdev-proto changes.
Add a big note about this, so I might remember next time.
PR: 222905, 217248, 233787 (original commit), 234240 (fix)
Submitted by: Stefan Ehmann (fix)
Split out evdev headers (input.h, input-event-codes.h, uinput.h) into their
own port, devel/evdev-proto, and update those to be current with the Linux
4.19 kernel. This is done in order to be able to update the rest of the
FreeBSD input stack, which is forthcoming.
By splititng out the evdev headers we can update them independent of other
updates in v4l_compat, which makes it easier for the graphics team to keep
track of them and keep them updated as needed.
Update devel/libevdev from 1.4.4 to 1.5.9 instead of trying to make it work
with the updated headers. This will be further updated.
Update devel/py-evdev from 0.5.0 to 0.8.1 instead of trying to make it work
with the updated evdev headers.
Update consumers to use devel/evdev-proto rather than multimedia/v4l_compat
as needed, and bump portrevisions.
This is the first step in getting the FreeBSD input stack (libevdev,
libinput and so on) updated to newer versions.
Many thanks to all who have helped out with testing, code and exp-runs.
Apologies if I've forgotten to add any names.
PR: 222905, 217248, (based on, in part), 233787 (exp-run)
Submitted by: Greg V, wulf
Tested by: tcberner, kde
Exp-run by: antoine
Approved by: portmgr (antoine)
Obtained from: FreeBSDDesktop development repo
https://github.com/FreeBSDDesktop/freebsd-ports/tree/feature/inputhttps://github.com/FreeBSDDesktop/freebsd-ports/tree/feature/input-ports
Change x11/xorgproto to become a build time dependency when added to
USE_XORG. Change the dependency to be on the port, rather than a file the
port installs.
Fix fallout.
Bump portrevision on depending ports.
PR: 230909
Reviewed by: eadler
Approved by: portmgr (antoine)
Obtained from: https://github.com/FreeBSDDesktop/freebsd-ports/tree/feature/xorgproto
exp-run: antoine
Differential Revision: https://reviews.freebsd.org/D16906
Upstream used to distribute protocol headers as separate packages, but has
decided to merge those to a common package, named xorgproto. This update
tracks that change.
* Add a new port, x11/xorgproto, with are protocol headers for xorg.
* Hook the new protocol port to the build and to infrastructure in
bsd.xorg.mk.
* Update all ports with a dependency on any of the old *proto packages to
instead depend on xorgproto. Bump portrevision.
* Delete the old *proto packages, update MOVED.
PR: 230023
Submitted by: zeising
Approved by: portmgr (antoine)
exp-run by: antoine
Enabling the SECURITY extension will make ssh -X work in most cases.
This extension is enabled in many Linux distros.
PR: 221984
Submitted by: Anton Yuzhaninov
Backport security fixes for CVE-2017-10971 and CVE-2017-10972 (yes, 2017).
For some reason this was not done when the vulnerabilities were documented
in VuXML, and a typo in the version range in VuXML meant that the entries
never matched.
This fixes a memory disclosure and a couple of buffer overruns.
PR: 220584
Reported by: Vladimir Krstulja
MFH: 2018Q2
Security: ab881a74-c016-4e6d-9f7d-68c8e7cedafb
armv7, mark them so.
This is part two of a multipart commit to bring armv7 ports to parity
with armv6.
Approved by: portmgr (tier-2 blanket)
Obtained from: lonesome.com -exp run
When drawing dashed lines with GLAMOR, they were drawn partially or as
a regular (solid) line, depending on the OpenGL backend. It behaved
so because screen pixmap was bound as the dash and sampling its alpha,
which is usually just 1.0 (no dashing at all).
Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=99708
Fixed by: Eric Anholt (it's a pity that anholt@ no longer works
on FreeBSD)
Silence from: x11@
Adding PORTREVISION to explicitly bump them after the recent CVE patches
actually caused the revision to go backwards instead of forwards.
PR: 223049
Reported by: mandree
with the previous commit. Thanks to tijl for noticing what I overlooked.
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D9544
This port was first created by kwm@ then updated and improved by Johannes
Lundberg
Wayland is intended as a simpler replacement for X, easier to develop and
maintain. GNOME and KDE are expected to be ported to it.
Wayland is a protocol for a compositor to talk to its clients as well as
a C library implementation of that protocol. The compositor can be a
standalone display server running on Linux kernel modesetting and evdev
input devices, an X application, or a wayland client itself. The clients can
be traditional applications, X servers (rootless or fullscreen) or other
display servers.
Please report bugs to the FreeBSD bugtracker!
WWW: http://wayland.freedesktop.org/
WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo
PR: 210149
Submitted by: mat
Exp-run by: antoine
Sponsored by: The FreeBSD Foundation, Absolight
Differential Revision: https://reviews.freebsd.org/D6577
The comment explains the difference between net/xrdp and x11-servers/x11rdp to
avoid confusion because of their similar names.
PR: 207323
Submitted by: Koichiro IWAO <meta+ports@vmeta.jp> (maintainer)
During a recent exp-run for bug 206074, it was found that x11-servers/x11rdp
gives errors with clang 3.8.0:
/wrkdirs/usr/ports/x11-servers/x11rdp/work/x11rdp_xorg71/build_dir/include/X11/Xtrans/Xtranssock.c:1027:50: error: reference to 'in6addr_any' is ambiguous
((struct sockaddr_in6 *)&sockname)->sin6_addr = in6addr_any;
^
This is because Xtranssock.c attempts to redefine in6addr_any as a weak symbol,
which does not work with clang 3.8.0. As a fix, place the customized
in6addr_any definition between #ifdef __FreeBSD__ guards.
PR: 207192
Submitted by: dim
Reviewed by: Koichiro IWAO <meta+ports@vmeta.jp> (maintainer)
Update fontproto to 2.1.3.
Update libXfont to 1.5.1.
Update xf86-input-keyboard 1.8.1.
Update xf86-input-vmmouse to 13.1.0.
Update xf86-input-void to 1.4.1.
Update xf86-video-chips to 1.2.6.
Update xf86-video-cirrus to 1.5.3.
Update xf86-video-mach64 to 6.9.5.
Update xf86-video-neomagic to 1.2.9.
Update xf86-video-r128 to 6.10.0.
Update xf86-video-s3virge to 1.10.7.
Update xf86-video-savage to 2.3.8.
Update xf86-video-siliconmotion to 1.7.8.
Update xf86-video-sis to 0.10.8.
Update xf86-video-trident to 1.3.7.
Update xf86-video-vesa to 2.3.4.
* All other xf86-* drivers where bump and/or patched to allow them to
compile and work with the new xorg-server.
* The ATI-ums driver is removed because the API it depends on was
removed from the xorg-server.
* Add patch to sunffb to make the lack of XAA non-fatal
(not build/run tested due to lack of hardware).
* Remove the extra patches in xorg-server for arm. The code seems to
support it now natively. Please file a bug if this is not the case.
* Update the xorg-server support in virtualbox-ose-additions for vboxmouse. [1]
Submitted by: jkim@ [1]
Obtained from: Graphics devel repo
- update to 1.9.2
- pass maintainership to submitter
- add new maintainer's distfile mirror to MASTER_SITES
- specify a LICENSE
- sort USES alphabetically
- regenerate patches with make makepatch
- remove absolute path from pkg-message
- add PROVIDE, REQUIRE and KEYWORD to the rc script
PR: 202267
Submitted by: A.J. "Fonz" van Werven <freebsd@skysmurf.nl>
When such instructions are used to copy data from/to mapped video
memory, some hypervisors (e.g. KVM, Microsoft Hyper-V) can generate
SIGILL or SIGBUS exceptions, causing Xorg to crash.
Reported by: nogcjx@fastmail.fm
Approved by: x11 (bapt)
PR: 202643
MFH: 2015Q3
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
Xorg is now looking in ${LOCALBASE}/share/fonts by default
Xorg now accepts symlinks in etc/X11/fontpath.d (as decribed in Xserver(1))
Large cleanup on lots of font ports
All fonts are now properly dynamically generating fonts.dir and fonts.scale
instead of sometime overwriting existing ones)
All fonts are generating fontconfig's cache
Improve consistency in fonts ports
This knob was turned on for all version of FreeBSD in r369875
(2014-10-03) and officially deprecated. Since then, it was gradually
removed from many ports when they needed an update.
x11-servers/xorg-server was the last major user of this knob. The port
was updated to xserver 1.14 in r374982 (2014-12-19). The update got rid
of the knob, clearing the path to the final removal.
This commit changes ports who were checking for WITH_NEW_XORG and remove
its handling from bsd.port.mk.
While here, two sanity checks are added to warn user about WITH_KMS and
WITH_NEW_XORG which have no effect now.
Differential Revision: https://reviews.freebsd.org/D1351
Reviewed by: antoine, bapt, kwm
Approved by: portmgr (antoine, bapt), kwm