Date: Monday, June 18, 2018 @ 15:18:17 Author: lcarlier Revision: 327128
upgpkg: xorg-server 1.20.0-9 fix FS#58962 Added: xorg-server/trunk/0001-Xext-shm-Refuse-to-work-for-remote-clients.patch Modified: xorg-server/trunk/PKGBUILD -------------------------------------------------------+ 0001-Xext-shm-Refuse-to-work-for-remote-clients.patch | 60 ++++++++++++++++ PKGBUILD | 9 +- 2 files changed, 67 insertions(+), 2 deletions(-) Added: 0001-Xext-shm-Refuse-to-work-for-remote-clients.patch =================================================================== --- 0001-Xext-shm-Refuse-to-work-for-remote-clients.patch (rev 0) +++ 0001-Xext-shm-Refuse-to-work-for-remote-clients.patch 2018-06-18 15:18:17 UTC (rev 327128) @@ -0,0 +1,60 @@ +From ec7e2b54c5b4a34b2a077082967bc3ead30e227e Mon Sep 17 00:00:00 2001 +From: Alexander Volkov <a.vol...@rusbitech.ru> +Date: Tue, 5 Jun 2018 13:05:39 +0300 +Subject: [PATCH] Xext/shm: Refuse to work for remote clients + +Avoid access to System V shared memory segment on the X server side +for clients forwarded via SSH. Also prevent them from hanging while +waiting for the reply from the ShmCreateSegment request. + +v2: Allow ShmQueryVersion request even for remote clients + +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=11080 +Signed-off-by: Alexander Volkov <a.vol...@rusbitech.ru> +Reviewed-by: Adam Jackson <a...@redhat.com> +Signed-off-by: Laurent Carlier <lordhea...@gmail.com> +--- + Xext/shm.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/Xext/shm.c b/Xext/shm.c +index fc8441c..896a966 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -1302,9 +1302,14 @@ static int + ProcShmDispatch(ClientPtr client) + { + REQUEST(xReq); +- switch (stuff->data) { +- case X_ShmQueryVersion: ++ ++ if (stuff->data == X_ShmQueryVersion) + return ProcShmQueryVersion(client); ++ ++ if (!client->local) ++ return BadRequest; ++ ++ switch (stuff->data) { + case X_ShmAttach: + return ProcShmAttach(client); + case X_ShmDetach: +@@ -1461,9 +1466,14 @@ static int _X_COLD + SProcShmDispatch(ClientPtr client) + { + REQUEST(xReq); +- switch (stuff->data) { +- case X_ShmQueryVersion: ++ ++ if (stuff->data == X_ShmQueryVersion) + return SProcShmQueryVersion(client); ++ ++ if (!client->local) ++ return BadRequest; ++ ++ switch (stuff->data) { + case X_ShmAttach: + return SProcShmAttach(client); + case X_ShmDetach: +-- +2.17.1 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-06-18 14:40:03 UTC (rev 327127) +++ PKGBUILD 2018-06-18 15:18:17 UTC (rev 327128) @@ -6,7 +6,7 @@ pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-xwayland' 'xorg-server-common' 'xorg-server-devel') pkgver=1.20.0 -pkgrel=8 +pkgrel=9 arch=('x86_64') license=('custom') groups=('xorg') @@ -27,6 +27,7 @@ xserver-2-2-glamor-Propagate-glamor_fds_from_pixmap-error-in-glamor_fd_from_pixmap.patch meson-Add-configuration-of-listening-on-tcp-unix-and-local.patch xserver-modesetting-use-drmmode_bo_import-for-rotate_fb.patch + 0001-Xext-shm-Refuse-to-work-for-remote-clients.patch xvfb-run # with updates from FC master xvfb-run.1) validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C' @@ -44,6 +45,7 @@ 'fc259a0a4acb7b70209fc599b0f4bc94942316bbc8c6995f783026b7cd455900bcb7527615d76c99bd2e0155e0035cbd619939a1f7ddf3af32ed854afe45b631' '1990daa38f2eba161ecc2f310711af85e3d76c78ca45e002dff3697da2f8a2dc53d9371b1e7e55be80a002ef9cb095c6675e19021f270d06cf2b4ea728407aea' 'e6339cb1c41e26a43caae7f3e991e9f528000676c29f5bc5a29c99bab2a5f5529efba2b9226a63d138700e6228b234eccd2982d40052b4ee41cfdff96dcc1521' + '8192f5ace7cb3780afaf06211c8a294fc3a1de27884432670f96a1f1cb0354e01a61a9e599097c9ac660b171f97f75632a7ef799df9df817425466ba5fb3c4f0' '55bbf520333f6e818b0125b37179a7039b69a0d3d2242b80a08da003d94cbf6c1fb912d880abcce318a85d7947e3eff8fbc4cdf57d7118572e8ebc56c4569af6' 'de5e2cb3c6825e6cf1f07ca0d52423e17f34d70ec7935e9dd24be5fb9883bf1e03b50ff584931bd3b41095c510ab2aa44d2573fd5feaebdcb59363b65607ff22') @@ -75,8 +77,11 @@ # Display incorrect when rotated 90 degree - FS#58637 patch -Np1 -i ../xserver-modesetting-use-drmmode_bo_import-for-rotate_fb.patch - # xserver by default listens on tcp sockets - FS##59025 + # xserver by default listens on tcp sockets - FS#59025 patch -Np1 -i ../meson-Add-configuration-of-listening-on-tcp-unix-and-local.patch + + # SSH X11 forwarding no longer works for Qt apps - FS#58962 + patch -Np1 -i ../0001-Xext-shm-Refuse-to-work-for-remote-clients.patch } build() {