From: Lucas Stach <l.stach@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH 2/3] xorg-server: version bump 1.16.1 -> 1.17.1
Date: Mon, 4 May 2015 14:50:41 +0200 [thread overview]
Message-ID: <1430743842-458-2-git-send-email-l.stach@pengutronix.de> (raw)
In-Reply-To: <1430743842-458-1-git-send-email-l.stach@pengutronix.de>
Brings many security fixes and some new features. We keep the default
socket listen policy to keep the attack surface low. This can be overridden
at runtime if needed.
Also disable BINDNOW hardening, as it interferes with the xorg module loader
and prevents modules with dependencies to load correctly.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
---
rules/xorg-server.make | 29 ++++++++++-------------------
1 file changed, 10 insertions(+), 19 deletions(-)
diff --git a/rules/xorg-server.make b/rules/xorg-server.make
index 5e82580f4593..46e9514aa4a5 100644
--- a/rules/xorg-server.make
+++ b/rules/xorg-server.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_XORG_SERVER) += xorg-server
#
# Paths and names
#
-XORG_SERVER_VERSION := 1.16.1
-XORG_SERVER_MD5 := b1ff364222e921d32de40c4786e8bc47
+XORG_SERVER_VERSION := 1.17.1
+XORG_SERVER_MD5 := 5986510d59e394a50126a8e2833e79d3
XORG_SERVER := xorg-server-$(XORG_SERVER_VERSION)
XORG_SERVER_SUFFIX := tar.bz2
XORG_SERVER_URL := $(call ptx/mirror, XORG, individual/xserver/$(XORG_SERVER).$(XORG_SERVER_SUFFIX))
@@ -28,6 +28,10 @@ XORG_SERVER_DIR := $(BUILDDIR)/$(XORG_SERVER)
# Prepare
# ----------------------------------------------------------------------------
+# The xorg module loader needs lazy symbol binding
+XORG_SERVER_WRAPPER_BLACKLIST := \
+ TARGET_HARDEN_BINDNOW
+
XORG_SERVER_ENV := $(CROSS_ENV) \
ac_cv_sys_linker_h=yes \
ac_cv_file__usr_share_sgml_X11_defs_ent=no
@@ -61,7 +65,6 @@ XORG_SERVER_CONF_OPT = \
--disable-install-libxf86config \
--$(call ptx/endis, PTXCONF_XORG_SERVER_OPT_AIGLX)-aiglx \
--$(call ptx/endis, PTXCONF_XORG_SERVER_OPT_GLX_TLS)-glx-tls \
- --$(call ptx/endis, PTXCONF_XORG_SERVER_STRING_REGISTRY)-registry \
--$(call ptx/endis, PTXCONF_XORG_SERVER_EXT_COMPOSITE)-composite \
--$(call ptx/endis, PTXCONF_XORG_SERVER_EXT_SHM)-mitshm \
--$(call ptx/endis, PTXCONF_XORG_SERVER_EXT_XRES)-xres \
@@ -100,6 +103,9 @@ XORG_SERVER_CONF_OPT = \
--$(call ptx/endis, PTXCONF_XORG_SERVER_XORG)-pciaccess \
--enable-linux-acpi \
--enable-linux-apm \
+ --disable-listen-tcp \
+ --enable-listen-unix \
+ --enable-listen-local \
--disable-systemd-logind \
--disable-suid-wrapper \
--$(call ptx/endis, PTXCONF_XORG_SERVER_XORG)-xorg \
@@ -107,6 +113,7 @@ XORG_SERVER_CONF_OPT = \
--$(call ptx/endis, PTXCONF_XORG_SERVER_XVFB)-xvfb \
--$(call ptx/endis, PTXCONF_XORG_SERVER_XNEST)-xnest \
--disable-xquartz \
+ --disable-xshmfence \
--$(call ptx/endis, PTXCONF_XORG_SERVER_XWAYLAND)-xwayland \
--disable-standalone-xpbproxy \
--$(call ptx/endis, PTXCONF_XORG_SERVER_XWIN)-xwin \
@@ -239,22 +246,6 @@ ifdef PTXCONF_XORG_DRIVER_VIDEO
$(XORG_PREFIX)/lib/xorg/modules/libvgahw.so)
endif
-# FIXME: Should be included on demand only
- @$(call install_copy, xorg-server, 0, 0, 0644, -, \
- /usr/lib/xorg/modules/multimedia/bt829_drv.so)
- @$(call install_copy, xorg-server, 0, 0, 0644, -, \
- /usr/lib/xorg/modules/multimedia/tda8425_drv.so)
- @$(call install_copy, xorg-server, 0, 0, 0644, -, \
- /usr/lib/xorg/modules/multimedia/tda9850_drv.so)
- @$(call install_copy, xorg-server, 0, 0, 0644, - ,\
- /usr/lib/xorg/modules/multimedia/uda1380_drv.so)
- @$(call install_copy, xorg-server, 0, 0, 0644, -, \
- /usr/lib/xorg/modules/multimedia/fi1236_drv.so)
- @$(call install_copy, xorg-server, 0, 0, 0644, - ,\
- /usr/lib/xorg/modules/multimedia/msp3430_drv.so)
- @$(call install_copy, xorg-server, 0, 0, 0644, -, \
- /usr/lib/xorg/modules/multimedia/tda9885_drv.so)
-
ifdef PTXCONF_XORG_SERVER_EXT_GLX
@$(call install_copy, xorg-server, 0, 0, 0644, -, \
/usr/lib/xorg/modules/extensions/libglx.so)
--
2.1.4
--
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2015-05-04 12:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-04 12:50 [ptxdist] [PATCH 1/3] xorg-lib-xtrans: version bump 1.3.4 -> 1.3.5 Lucas Stach
2015-05-04 12:50 ` Lucas Stach [this message]
2015-05-04 12:50 ` [ptxdist] [PATCH 3/3] xorg-server: add xf86-video-modesetting driver option Lucas Stach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1430743842-458-2-git-send-email-l.stach@pengutronix.de \
--to=l.stach@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox