x11-base/xorg-server: fix crash on FlushAllOutput, bug #555776

Bug: https://bugs.freedesktop.org/91316
Bug: https://bugs.gentoo.org/555776

Package-Manager: portage-2.2.20

2 files changed, 310 insertions, 0 deletions

diff --git a/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch b/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch
new file mode 100644
index 000000000000..681819619ebc
--- /dev/null
+++ b/x11-base/xorg-server/files/xorg-server-1.17.2-uninit-clientsWritable.patch
@@ -0,0 +1,65 @@
+https://bugs.gentoo.org/show_bug.cgi?id=555776
+
+From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001
+From: Martin Peres <martin.peres@linux.intel.com>
+Date: Fri, 17 Jul 2015 17:21:26 +0300
+Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized
+ before use
+
+In WaitForSomething(), the fd_set clientsWritable may be used unitialized when
+the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to
+a crash in FlushAllOutput() after x11proto's commit
+2c94cdb453bc641246cc8b9a876da9799bee1ce7.
+
+The problem did not manifest before because both the XFD_SIZE and the maximum
+number of clients were set to 256. As the connectionTranslation table was
+initalized for the 256 clients to 0, the test on the index not being 0 was
+aborting before dereferencing the client #0.
+
+As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE
+got bumped to 512. This lead the OutputPending fd_set to have any fd above 256
+to be uninitialized which in turns lead to reading an index after the end of
+the ConnectionTranslation table. This index would then be used to find the
+client corresponding to the fd marked as pending writes and would also result
+to an out-of-bound access which would usually be the fatal one.
+
+Fix this by zeroing the clientsWritable fd_set at the beginning of
+WaitForSomething(). In this case, the bottom part of the loop, which would
+indirectly call FlushAllOutput, will not do any work but the next call to
+select will result in the execution of the right codepath. This is exactly what
+we want because we need to know the writable clients before handling them. In
+the end, it also makes sure that the fds above MaxClient are initialized,
+preventing the crash in FlushAllOutput().
+
+Thanks to everyone involved in tracking this one down!
+
+Reported-by: Karol Herbst <freedesktop@karolherbst.de>
+Reported-by: Tobias Klausmann <tobias.klausmann@mni.thm.de>
+Signed-off-by: Martin Peres <martin.peres@linux.intel.com>
+Tested-by: Martin Peres <martin.peres@linux.intel.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316
+Cc: Ilia Mirkin  <imirkin@alum.mit.edu>
+Cc: Martin Peres <martin.peres@linux.intel.com>
+Cc: Olivier Fourdan <ofourdan@redhat.com
+Cc: Adam Jackson <ajax@redhat.com>
+Cc: Alan Coopersmith <alan.coopersmith@oracle.com
+Cc: Chris Wilson <chris@chris-wilson.co.uk>
+---
+ os/WaitFor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/os/WaitFor.c b/os/WaitFor.c
+index 431f1a6..993c14e 100644
+--- a/os/WaitFor.c
++++ b/os/WaitFor.c
+@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady)
+     Bool someReady = FALSE;
+ 
+     FD_ZERO(&clientsReadable);
++    FD_ZERO(&clientsWritable);
+ 
+     if (nready)
+         SmartScheduleStopTimer();
+-- 
+2.4.5
+
diff --git a/x11-base/xorg-server/xorg-server-1.17.2-r1.ebuild b/x11-base/xorg-server/xorg-server-1.17.2-r1.ebuild
new file mode 100644
index 000000000000..8181fa562e97
--- /dev/null
+++ b/x11-base/xorg-server/xorg-server-1.17.2-r1.ebuild
@@ -0,0 +1,245 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+XORG_DOC=doc
+inherit xorg-2 multilib versionator flag-o-matic
+EGIT_REPO_URI="git://anongit.freedesktop.org/git/xorg/xserver"
+
+DESCRIPTION="X.Org X servers"
+SLOT="0/${PV}"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux"
+
+IUSE_SERVERS="dmx kdrive xephyr xnest xorg xvfb"
+IUSE="${IUSE_SERVERS} glamor ipv6 minimal nptl selinux +suid systemd tslib +udev unwind wayland"
+
+CDEPEND=">=app-eselect/eselect-opengl-1.3.0
+	dev-libs/openssl
+	media-libs/freetype
+	>=x11-apps/iceauth-1.0.2
+	>=x11-apps/rgb-1.0.3
+	>=x11-apps/xauth-1.0.3
+	x11-apps/xkbcomp
+	>=x11-libs/libdrm-2.4.46
+	>=x11-libs/libpciaccess-0.12.901
+	>=x11-libs/libXau-1.0.4
+	>=x11-libs/libXdmcp-1.0.2
+	>=x11-libs/libXfont-1.4.2
+	>=x11-libs/libxkbfile-1.0.4
+	>=x11-libs/libxshmfence-1.1
+	>=x11-libs/pixman-0.27.2
+	>=x11-libs/xtrans-1.3.5
+	>=x11-misc/xbitmaps-1.0.1
+	>=x11-misc/xkeyboard-config-2.4.1-r3
+	dmx? (
+		x11-libs/libXt
+		>=x11-libs/libdmx-1.0.99.1
+		>=x11-libs/libX11-1.1.5
+		>=x11-libs/libXaw-1.0.4
+		>=x11-libs/libXext-1.0.99.4
+		>=x11-libs/libXfixes-5.0
+		>=x11-libs/libXi-1.2.99.1
+		>=x11-libs/libXmu-1.0.3
+		x11-libs/libXrender
+		>=x11-libs/libXres-1.0.3
+		>=x11-libs/libXtst-1.0.99.2
+	)
+	glamor? (
+		media-libs/libepoxy
+		>=media-libs/mesa-10.3.4-r1[egl,gbm]
+		!x11-libs/glamor
+	)
+	kdrive? (
+		>=x11-libs/libXext-1.0.5
+		x11-libs/libXv
+	)
+	xephyr? (
+		x11-libs/libxcb
+		x11-libs/xcb-util
+		x11-libs/xcb-util-image
+		x11-libs/xcb-util-keysyms
+		x11-libs/xcb-util-renderutil
+		x11-libs/xcb-util-wm
+	)
+	!minimal? (
+		>=x11-libs/libX11-1.1.5
+		>=x11-libs/libXext-1.0.5
+		>=media-libs/mesa-10.3.4-r1[nptl=]
+	)
+	tslib? ( >=x11-libs/tslib-1.0 )
+	udev? ( >=virtual/udev-150 )
+	unwind? ( sys-libs/libunwind )
+	wayland? (
+		>=dev-libs/wayland-1.3.0
+		media-libs/libepoxy
+	)
+	>=x11-apps/xinit-1.3.3-r1
+	systemd? (
+		sys-apps/dbus
+		sys-apps/systemd
+	)"
+
+DEPEND="${CDEPEND}
+	sys-devel/flex
+	>=x11-proto/bigreqsproto-1.1.0
+	>=x11-proto/compositeproto-0.4
+	>=x11-proto/damageproto-1.1
+	>=x11-proto/fixesproto-5.0
+	>=x11-proto/fontsproto-2.1.3
+	>=x11-proto/glproto-1.4.17-r1
+	>=x11-proto/inputproto-2.2.99.1
+	>=x11-proto/kbproto-1.0.3
+	>=x11-proto/randrproto-1.4.0
+	>=x11-proto/recordproto-1.13.99.1
+	>=x11-proto/renderproto-0.11
+	>=x11-proto/resourceproto-1.2.0
+	>=x11-proto/scrnsaverproto-1.1
+	>=x11-proto/trapproto-3.4.3
+	>=x11-proto/videoproto-2.2.2
+	>=x11-proto/xcmiscproto-1.2.0
+	>=x11-proto/xextproto-7.2.99.901
+	>=x11-proto/xf86dgaproto-2.0.99.1
+	>=x11-proto/xf86rushproto-1.1.2
+	>=x11-proto/xf86vidmodeproto-2.2.99.1
+	>=x11-proto/xineramaproto-1.1.3
+	>=x11-proto/xproto-7.0.26
+	>=x11-proto/presentproto-1.0
+	>=x11-proto/dri3proto-1.0
+	dmx? (
+		>=x11-proto/dmxproto-2.2.99.1
+		doc? (
+			|| (
+				www-client/links
+				www-client/lynx
+				www-client/w3m
+			)
+		)
+	)
+	!minimal? (
+		>=x11-proto/xf86driproto-2.1.0
+		>=x11-proto/dri2proto-2.8
+	)"
+
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-xserver )
+	!x11-drivers/xf86-video-modesetting
+"
+
+PDEPEND="
+	xorg? ( >=x11-base/xorg-drivers-$(get_version_component_range 1-2) )"
+
+REQUIRED_USE="!minimal? (
+		|| ( ${IUSE_SERVERS} )
+	)
+	xephyr? ( kdrive )"
+
+#UPSTREAMED_PATCHES=(
+#	"${WORKDIR}/patches/"
+#)
+
+PATCHES=(
+	"${UPSTREAMED_PATCHES[@]}"
+	"${FILESDIR}"/${PN}-1.17-ia64-fix_inx_outx.patch
+	"${FILESDIR}"/${PN}-1.12-unloadsubmodule.patch
+	# needed for new eselect-opengl, bug #541232
+	"${FILESDIR}"/${PN}-1.17-support-multiple-Files-sections.patch
+	"${FILESDIR}"/${PN}-1.17.2-uninit-clientsWritable.patch
+)
+
+pkg_pretend() {
+	# older gcc is not supported
+	[[ "${MERGE_TYPE}" != "binary" && $(gcc-major-version) -lt 4 ]] && \
+		die "Sorry, but gcc earlier than 4.0 will not work for xorg-server."
+}
+
+src_configure() {
+	# localstatedir is used for the log location; we need to override the default
+	#	from ebuild.sh
+	# sysconfdir is used for the xorg.conf location; same applies
+	# NOTE: fop is used for doc generating ; and i have no idea if gentoo
+	#	package it somewhere
+	XORG_CONFIGURE_OPTIONS=(
+		$(use_enable ipv6)
+		$(use_enable dmx)
+		$(use_enable glamor)
+		$(use_enable kdrive)
+		$(use_enable kdrive kdrive-kbd)
+		$(use_enable kdrive kdrive-mouse)
+		$(use_enable kdrive kdrive-evdev)
+		$(use_enable suid install-setuid)
+		$(use_enable tslib)
+		$(use_enable unwind libunwind)
+		$(use_enable wayland xwayland)
+		$(use_enable !minimal record)
+		$(use_enable !minimal xfree86-utils)
+		$(use_enable !minimal install-libxf86config)
+		$(use_enable !minimal dri)
+		$(use_enable !minimal dri2)
+		$(use_enable !minimal glx)
+		$(use_enable xephyr)
+		$(use_enable xnest)
+		$(use_enable xorg)
+		$(use_enable xvfb)
+		$(use_enable nptl glx-tls)
+		$(use_enable udev config-udev)
+		$(use_with doc doxygen)
+		$(use_with doc xmlto)
+		$(use_with systemd systemd-daemon)
+		$(use_enable systemd systemd-logind)
+		--enable-libdrm
+		--sysconfdir="${EPREFIX}"/etc/X11
+		--localstatedir="${EPREFIX}"/var
+		--with-fontrootdir="${EPREFIX}"/usr/share/fonts
+		--with-xkb-output="${EPREFIX}"/var/lib/xkb
+		--disable-config-hal
+		--disable-linux-acpi
+		--without-dtrace
+		--without-fop
+		--with-os-vendor=Gentoo
+		--with-sha1=libcrypto
+	)
+
+	xorg-2_src_configure
+}
+
+src_install() {
+	xorg-2_src_install
+
+	server_based_install
+
+	if ! use minimal &&	use xorg; then
+		# Install xorg.conf.example into docs
+		dodoc "${AUTOTOOLS_BUILD_DIR}"/hw/xfree86/xorg.conf.example
+	fi
+
+	newinitd "${FILESDIR}"/xdm-setup.initd-1 xdm-setup
+	newinitd "${FILESDIR}"/xdm.initd-11 xdm
+	newconfd "${FILESDIR}"/xdm.confd-4 xdm
+
+	# install the @x11-module-rebuild set for Portage
+	insinto /usr/share/portage/config/sets
+	newins "${FILESDIR}"/xorg-sets.conf xorg.conf
+}
+
+pkg_postinst() {
+	# sets up libGL and DRI2 symlinks if needed (ie, on a fresh install)
+	eselect opengl set xorg-x11 --use-old
+}
+
+pkg_postrm() {
+	# Get rid of module dir to ensure opengl-update works properly
+	if [[ -z ${REPLACED_BY_VERSION} && -e ${EROOT}/usr/$(get_libdir)/xorg/modules ]]; then
+		rm -rf "${EROOT}"/usr/$(get_libdir)/xorg/modules
+	fi
+}
+
+server_based_install() {
+	if ! use xorg; then
+		rm "${ED}"/usr/share/man/man1/Xserver.1x \
+			"${ED}"/usr/$(get_libdir)/xserver/SecurityPolicy \
+			"${ED}"/usr/$(get_libdir)/pkgconfig/xorg-server.pc \
+			"${ED}"/usr/share/man/man1/Xserver.1x
+	fi
+}