X.Org X server

~thopiekar/xorg-server/+git/xorg-xserver-displaylink.Spintzyk:xserver_1.20/issue910_fix

  1. Git
  2. lp:~thopiekar/xorg-server/+git/xorg-xserver-displaylink.Spintzyk
  3. xserver_1.20/issue910_fix
Last commit made on 2021-06-08
Get this branch:
git clone -b xserver_1.20/issue910_fix https://git.launchpad.net/~thopiekar/xorg-server/+git/xorg-xserver-displaylink.Spintzyk

Branch merges

Branch information

Name:
xserver_1.20/issue910_fix
Repository:
lp:~thopiekar/xorg-server/+git/xorg-xserver-displaylink.Spintzyk

Recent commits

5dc0f1a... by Ɓukasz Spintzyk

xfree86: Change displays array to pointers array to fix invalid pointer issues after table reallocation

There are rare cases when xf86SetDepthBpp is resizing displays array in confScreen.
As that array is shared between set of ScrnInfoRec's then realloc might invalidate chached DispPtr display values in
otheres ScrnInfoRec objects.

If we will change displays array as an array of pointers to DispRec then cached DispRec pointers in ScrnInfoRec
won't be invalid after reallocation of displays array.

Signed-off-by: Lukasz <email address hidden>

23a53f0... by anarsoul

glx: fixup symbol name for get_extensions function

glxProbeDriver() concatenates __DRI_DRIVER_GET_EXTENSIONS with driver name
to get symbol name for get_extension function. Unfortunately that doesn't
work for drivers that have hyphen in their name, e.g. sun4i-drm --
get_extensions() for these uses underscore instead.

As result dlsym() doesn't find get_extension() function and AIGLX
initialization fails resulting in following message in Xorg.0.log:

(EE) AIGLX error: sun4i-drm does not export required DRI extension

Replace all non-alpha-numeric characters with underscore to fix the issue.

Signed-off-by: Vasily Khoruzhick <email address hidden>
(cherry picked from commit b56e501092169a9c0a60663d832ee71898a8bc4b)

6b767cd... by Matt Turner <email address hidden>

xserver 1.20.11

Signed-off-by: Matt Turner <email address hidden>

a1a1aa2... by Matthieu Herrb

Fix XChangeFeedbackControl() request underflow

CVE-2021-3472 / ZDI-CAN-1259

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <email address hidden>

8890c44... by Jeremy Sequoia

xquartz: Remove a check for NSAppKitVersionNumber >= NSAppKitVersionNumber10_7

This check is always true on our supported systems.

Signed-off-by: Jeremy Huddleston Sequoia <email address hidden>
(cherry picked from commit 5ae47a9d579e8cb0fbe938455faea53ed75d7098)

3c3680c... by Jeremy Sequoia

xquartz: Don't include strndup.c any more since we no longer support 10.8 and older

Signed-off-by: Jeremy Huddleston Sequoia <email address hidden>
(cherry picked from commit b960675257d301605def6008bddcccb0980a3c4c)

e1fdc85... by Jeremy Sequoia

xquartz: Add a launch trampoline to better integrate with modern versions of macOS

Fixes: https://github.com/XQuartz/XQuartz/issues/6
Signed-off-by: Jeremy Huddleston Sequoia <email address hidden>
(cherry picked from commit 694724e42c4a3eadb32891220084b03504f9586b)

8f8e9c5... by Jeremy Sequoia

xquartz: Don't process AppKit events if we haven't finished initializing

Signed-off-by: Jeremy Huddleston Sequoia <email address hidden>
(cherry picked from commit 25035229b73742f9e6a96ac3e535b30b5c6196a8)

aa6f840... by Jeremy Sequoia

xquartz: Allocate each fbconfig separately

A change during the 1.20 development cycle resulted in fbconfigs being walked
and deallocated individually during __glXScreenDestroy. This change
now avoids a use-after-free caused by that change.

==50859==ERROR: AddressSanitizer: heap-use-after-free on address 0x00010d3819c8 at pc 0x0001009d4230 bp 0x00016feca7a0 sp 0x00016feca798
READ of size 8 at 0x00010d3819c8 thread T5
    #0 0x1009d422c in __glXScreenDestroy glxscreens.c:448
    #1 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
    #2 0x1009d2734 in glxCloseScreen glxscreens.c:169
    #3 0x100740a24 in dix_main main.c:325
    #4 0x10023ed50 in server_thread quartzStartup.c:65
    #5 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
    #6 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)

0x00010d3819c8 is located 200 bytes inside of 12800-byte region [0x00010d381900,0x00010d384b00)
freed by thread T5 here:
    #0 0x101477ba8 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fba8)
    #1 0x1009d4240 in __glXScreenDestroy glxscreens.c:449
    #2 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
    #3 0x1009d2734 in glxCloseScreen glxscreens.c:169
    #4 0x100740a24 in dix_main main.c:325
    #5 0x10023ed50 in server_thread quartzStartup.c:65
    #6 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
    #7 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)

previously allocated by thread T5 here:
    #0 0x101477e38 in wrap_calloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fe38)
    #1 0x100925a40 in __glXAquaCreateVisualConfigs visualConfigs.c:116
    #2 0x10091cb24 in __glXAquaScreenProbe+0x224 (X11.bin:arm64+0x100730b24)
    #3 0x1009cd840 in xorgGlxServerInit glxext.c:528
    #4 0x10074539c in _CallCallbacks dixutils.c:743
    #5 0x100932a70 in CallCallbacks callback.h:83
    #6 0x100932478 in GlxExtensionInit vndext.c:244
    #7 0x10020a364 in InitExtensions miinitext.c:267
    #8 0x10073fe7c in dix_main main.c:197
    #9 0x10023ed50 in server_thread quartzStartup.c:65
    #10 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
    #11 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)

Regressed-in: 4b0a3cbab131eb453e2b3fc0337121969258a7be
CC: Giuseppe Bilotta <email address hidden>
Signed-off-by: Jeremy Huddleston Sequoia <email address hidden>
(cherry picked from commit 487286d47260782d331229af10df17711cbca1ea)

7aa51bb... by Jeremy Sequoia

xquartz: Fix a compiler warning about const incompatible pointer assignment

driWrap.c:541:30: error: assigning to 'GCOps *' (aka 'struct _GCOps *') from 'const GCOps *' (aka 'const struct _GCOps *') discards
      qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
        pGCPriv->originalOps = pGC->ops;
                             ^ ~~~~~~~~

Signed-off-by: Jeremy Huddleston Sequoia <email address hidden>
(cherry picked from commit 6a83fb51b7a8b2e167e7d6380229b69e5452f91f)