Fix several security issues in x11-servers/xorg-server and slave ports which
ultimately can lead to local privilege escalations if xorg-server is running
privileged.
More info:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
MFH: 2020Q3 (implicit, security update)
Security: ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335
- GL_COMMIT is not supported by "portedit set-version"
- GL_COMMIT is no longer necessary (bug 242329)
- GitLab distfiles don't carry ordinal version in filename
- GitLab .patch links have volatile footer (Git version)
Make xorg-server default to try the xf86-input-libinput driver if a
configured driver can't be found. This only applies if a specific driver
for an input device has been configured manually in xorg, but that driver
can't be found when starting xorg.
Discussed with: manu, jbeich
MFH: 2020Q2
Wayland clients (unlike server/compositor) are not supposed to require
special privileges. Something in drm-kmod fails to authorize access to
/dev/dri/* even if user is under "video" group.
Not a port option because Xwayland doesn't know how to drop priveleges.
$ pkg install nvidia-driver
$ glxinfo
name of display: :0
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 150 (GLX)
Minor opcode of failed request: 24 (X_GLXCreateNewContext)
Value in failed request: 0x0
Serial number of failed request: 39
Current serial number in output stream: 40
"pkg-config --cflags gl" no longer contains -I/usr/local/include/libdrm
In file included from ../glx/glxdriswrast.c:39:
/usr/local/include/GL/internal/dri_interface.h:43:10: fatal error: 'drm.h' file not found
#include <drm.h>
^~~~~~~
GitLab unlike GitHub keeps the footer from git-format-patch(1) which
frequently changes on Git version upgrades. So, switch to git-diff(1)
which lacks header/footer.
Approved by: x11 (zeising via Gitter)
MFH: 2020Q2 (avoid bustage over time due to upstream infra upgrades)
Differential Revision: https://reviews.freebsd.org/D24810
Apply an upstream patch to avoid sending focus evens when grab actually does
not change. This fixes certain full screen applications. [1]
Ensure that we actually don't try to find and link against HAL even if it's
around on the system we're compiling on [2]
Add CPE information [3]
PR: 245854 [1] (with changes), 245604 [2], 197712 [3]
Submitted by: naddy@ [1], mi@ [2], arrowd [3]
Reported by: shun [3]
MFH: 2020Q2
*.pcf fonts are rendered by X11 server but if font path is disabled
only built-in fonts are available by default. While users could still
amend font path via "xset fp" the discrepancy with xorg-server gave
a bad first impression.
Reported by: jsm
Change the default mesa configuration to use DRI3 rather than the older DRI2
interface. This should improve performance somewhat, and alleviates the need
for the FIXDRM option in x11-servers/xorg-server.
Remove the FIXDRM option from x11-servers/xorg-server.
Add an UPDATING entry for the change.
For users of graphics/drm-legacy-kmod or the base graphics drivers, this might
cause regressions. If you experience problems when running OpenGL applications
please force the use of the DRI2 backend by setting the LIBGL_DRI3_DISABLE
environment variable to 1 before starting any OpenGL application. This is
easiest done by adding it to your shell startup file or .xinitrc.
Add UPDATING entry for xorg-server, detailing the change of device
configuration backend.
PR: 196678, 244306 (for tracking)
This is a workaround for a problem with certain systems [1] after
x11-servers/xorg-server was upgraded to 1.20.7. Other workarounds are
described in PR 244306.
[1]
These systems have been reported to have problems:
Sandy Bridge
Ivy Bridge
Broadwell
Kaby Lake
Whiskey Lake
PR: 244306
Submitted by: wulf
Reported by: philippe.michel7@free.fr
Approved by: x11 (zeising)
Differential Revision: https://reviews.freebsd.org/D23834
Use C11 compiler:
In file included from glxserver.h:70,
from singlepix.c:35:
../include/glx_extinit.h:33: error: redefinition of typedef '__GLXscreen'
glxscreens.h:119: error: previous declaration of '__GLXscreen' was here
Update xorg x11 servers to 1.20.7. This updates x11-servers/xorg-server,
xephyr, xorg-dmx, xorg-nestserver, xorg-vbserver and xwayland.
Enable the UDEV backend by default, instead of the DEVD backend, for
autoconfiguration of input devices on FreeBSD 12 and later.
FreeBSD 11 lacks the needed support in base and will keep on using the DEVD
backend.
Support for the HAL backend is dropped completely, it has been deprecated
for a long time.
Update and improve the DEVD backend.
Add a pkg message about sysctl configuration that might be needed when using
UDEV.
Use the upstream fix for glamour issues.
Use evdev xkb rules by default in xwayland [2]
Add x11-drivers/xf86-input-libinput to the list installed by default by
x11-drivers/xorg-drivers.
Fix net/tigervnc-server and emulators/virtualbox-ose
Bump portrevision of all x11 drivers, as well as other ports dependent on
xorg-server.
This represents work by many people over a long period. These include
wulf, ak, dumbbell, hselasky pete AT nomadlogic DOT org, jbeich, manu,
myself and possibly others (I tried to look through history, but might have
missed people. If so, I am sorry.)
PR: 196678 [1], 244129 [2]
Submitted by: hselasky, wulf [1], jbeich [2]
Obtained from: https://github.com/FreeBSDDesktop/freebsd-ports/tree/feature/xserver-1.20 (in part)
- Document DRI3 requirement as downstream patches in mesa-libs
disabled it by default due to a bug with drm-legacy-kmod.
However, Wayland is not supported on drm-legacy-kmod.
Changes: ee9f6e20de...4709d24f8e
