Skip to content
Jump to bottom

Update graphics stack #944

Merged
merged 3 commits into from
Oct 25, 2018
Merged

Update graphics stack #944

merged 3 commits into from
Oct 25, 2018

Conversation

pmenzel
Copy link
Collaborator

@pmenzel pmenzel commented Oct 25, 2018
edited
Loading

Update to X.Org Server 1.20.3, fixing a security issue. This might not affect MarIuX though.

While at it, update libdrm and Mesa 3D.

Tested on keineahnung, inbetweenmove and sigchld.

@pmenzel
libdrm: Update version from 2.4.94 to 2.4.96
27de32b 
Change-log for 2.4.95:

> This release adds a fallback for realpath() which was blocked by the
> web-browser sand-boxing. While the browsers are fixed-up they seem to have
> little incentive to roll bugfix releases
>
> -Emil
>
> Ayan Kumar Halder (1):
>       libdrm: headers: Sync with drm-next
>
> Christian König (4):
>       tests/amdgpu: add unaligned VM test
>       amdgpu: remove invalid check in amdgpu_bo_alloc
>       test/amdgpu: add proper error handling v2
>       test/amdgpu: add GDS, GWS and OA tests
>
> Daniel Stone (1):
>       CI: Capture test logs as GitLab artifacts
>
> Daniel Vetter (1):
>       Add basic CONTRIBUTING file
>
> Emil Velikov (9):
>       xf86drm: fallback to normal path when realpath fails
>       intel: annotate the intel genx helpers as private
>       automake: set NM before running the tests
>       *-symbols-check: error out when using unset variables
>       gitlab-ci: pass the correct toggles to configure
>       Bump to version 2.4.95
>       Revert "Bump to version 2.4.95"
>       intel: include i915_pciids.h in the tarball
>       Bump to version 2.4.95
>
> Eric Engestrom (10):
>       add gitlab-ci builds of libdrm
>       xf86drm: merge get_normal_pci_path() into get_real_pci_path()
>       xf86drm: rename "real_path" to "pci_path"
>       gitlab-ci: use templates to deduplicate the build commands
>       headers/README: fix/add link to drm-next
>       intel: add missing drm_public exports
>       nouveau: add missing drm_public exports
>       radeon: add missing drm_public exports
>       omap: fix symbol annotations
>       freedreno: add missing drm_public
>
> Ezequiel Garcia (1):
>       tests/util: Add support for sun4i-drm driver
>
> Junwei Zhang (1):
>       amdgpu: add error return value for finding bo by cpu mapping (v2)
>
> Lucas De Marchi (19):
>       intel: add generic functions to check PCI ID
>       intel: make gen11 use generic gen macro
>       intel: make gen10 use generic gen macro
>       intel: make gen9 use generic gen macro
>       intel: get gen once for gen >= 9
>       intel: annotate public functions
>       libkms: annotate public functions
>       nouveau: annotate public functions
>       amdgpu: annotate public functions
>       libdrm: annotate public functions
>       etnaviv: annotate public functions
>       freedreno: annotate public functions
>       omap: annotate public functions
>       radeon: annotate public functions
>       tegra: annotate public functions
>       exynos: annotate public functions
>       meson: make symbols hidden by default
>       autotools: make symbols hidden by default
>       android: make symbols hidden by default
>
> Michel Dänzer (1):
>       amdgpu-symbol-check: Add amdgpu_find_bo_by_cpu_mapping
>
> Qiang Yu (2):
>       amdgpu: add amdgpu_bo_inc_ref() function.
>       amdgpu: amdgpu_bo_inc_ref don't return dummy int
>
> Rob Clark (2):
>       freedreno: fix spelling typo
>       freedreno: move ring_cache behind fd_bo_del()
>
> Stefan Agner (2):
>       modeprint: use libutil to lookup strings
>       modeprint: print encoder type
>
> Tom Anderson (1):
>       Fix build with -std=c11

Change-log for 2.4.96:

> Andrey Grodzovsky (2):
>   amdgpu/test: Allow BO mapping flags to be passed in tests
>   amdgpu/test: Fix deadlock tests for AI and RV v2
>
> Rob Clark (14):
>   xf86drmHash: remove redundant zero init
>   freedreno/msm: get rid of ring_bo unref hack
>   freedreno: expose refcnt'ing on ringbuffers
>   freedreno: add flags param for rb creation
>   freedreno/msm: support suballocation for stateobj rb's
>   freedreno: remove deprecated ringmarker API
>   freedreno/msm: remove reset of linked rings
>   freedreno/msm: simplify emit_reloc_ring() vfunc
>   freedreno/msm: use hashtable to track submit.cmds table
>   freedreno/msm: simplify msm_ringbuffer_flush()
>   freedreno/msm: handle ring-reloc to other stateobjs
>   freedreno/kgsl: fix build
>   freedreno/msm: fix c90 warning
>   Bump to version 2.4.96
>
> Thomas Hellstrom (1):
>   libdrm: Allow dynamic drm majors on linux
@pmenzel
mesalib: Update version from 18.2.1 to 18.2.3
8a676f4 
Release notes:

1.  https://www.mesa3d.org/relnotes/18.2.2.html
2.  https://www.mesa3d.org/relnotes/18.2.3.html
@pmenzel
xorg-server: Update version from 1.20.2 to 1.20.3
9814e8f 
Announcement:

> Fixes CVE-2018-14665 (local file overwrite bugs), and a trivial fix in
> fbdevhw initialization. All users are advised to upgrade. Thanks to
> Narendra Shinde and Thomas Hoger for the report, and Matthieu Herrb for
> the fix.
>
> Adam Jackson (1):
>       xserver 1.20.3
>
> Matthieu Herrb (2):
>       Disable -logfile and -modulepath when running with elevated privileges
>       LogFilePrep: add a comment to the unsafe format string.
>
> Peter Hutterer (1):
>       xfree86: fix readlink call

We are probably not affected, as our Xorg binary is not Suid.

    $ ls -lh /usr/bin/Xorg
    -rwxr-xr-x 1 root root 273 Oct 25 18:58 /usr/bin/Xorg

From *X.Org security advisory: October 25, 2018*:

> Workaround
> ==========
>
> If a patched version of the X server is not available, X.Org
> recommends to remove the setuid bit (ie chmod 755) of the installed
> Xorg binary.  Note that this can cause issues if people are starting
> the X window system using the 'startx', 'xinit' commands or variations
> thereof.
>
> X.Org recommends the use of a display manager to start X sessions,
> which does not require Xorg to be installed setuid.
@pmenzel pmenzel merged commit 8fb77e8 into master Oct 25, 2018
@pmenzel
Copy link
Collaborator Author

pmenzel commented Jun 6, 2025

Update to X.Org Server 1.20.3, fixing a security issue. This might not affect MarIuX though.

From commit 9814e8f:

We are probably not affected, as our Xorg binary is not Suid.

$ ls -lh /usr/bin/Xorg
-rwxr-xr-x 1 root root 273 Oct 25 18:58 /usr/bin/Xorg

This is unfortunately just a wrapper:

$ more /usr/bin/Xorg
#!/bin/sh
#
# Execute Xorg.wrap if it exists otherwise execute Xorg directly.
# This allows distros to put the suid wrapper in a separate package.

basedir=/usr/libexec
if [ -x "$basedir"/Xorg.wrap ]; then
    exec "$basedir"/Xorg.wrap "$@"
else
    exec "$basedir"/Xorg "$@"
fi
$ ls -lh /usr/libexec/Xorg*
-rwsr-xr-x 1 root root 14M Feb 26 13:16 /usr/libexec/Xorg
-rwsr-xr-x 1 root root 33K Feb 26 13:16 /usr/libexec/Xorg.wrap

@donald
Copy link
Collaborator

donald commented Jun 6, 2025

When Xorg.wrap is a suid wrapper, why is Xorg still setuid-root ?

Sign in to join this conversation on GitHub.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pmenzel @donald