Fix several security issues in x11-servers/xorg-server and slave ports which
ultimately can lead to local privilege escalations if xorg-server is running
privileged.
More info:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
MFH: 2020Q3 (implicit, security update)
Security: ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335
- GL_COMMIT is not supported by "portedit set-version"
- GL_COMMIT is no longer necessary (bug 242329)
- GitLab distfiles don't carry ordinal version in filename
- GitLab .patch links have volatile footer (Git version)
Make xorg-server default to try the xf86-input-libinput driver if a
configured driver can't be found. This only applies if a specific driver
for an input device has been configured manually in xorg, but that driver
can't be found when starting xorg.
Discussed with: manu, jbeich
MFH: 2020Q2
Wayland clients (unlike server/compositor) are not supposed to require
special privileges. Something in drm-kmod fails to authorize access to
/dev/dri/* even if user is under "video" group.
Not a port option because Xwayland doesn't know how to drop priveleges.
$ pkg install nvidia-driver
$ glxinfo
name of display: :0
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 150 (GLX)
Minor opcode of failed request: 24 (X_GLXCreateNewContext)
Value in failed request: 0x0
Serial number of failed request: 39
Current serial number in output stream: 40
"pkg-config --cflags gl" no longer contains -I/usr/local/include/libdrm
In file included from ../glx/glxdriswrast.c:39:
/usr/local/include/GL/internal/dri_interface.h:43:10: fatal error: 'drm.h' file not found
#include <drm.h>
^~~~~~~
GitLab unlike GitHub keeps the footer from git-format-patch(1) which
frequently changes on Git version upgrades. So, switch to git-diff(1)
which lacks header/footer.
Approved by: x11 (zeising via Gitter)
MFH: 2020Q2 (avoid bustage over time due to upstream infra upgrades)
Differential Revision: https://reviews.freebsd.org/D24810
Apply an upstream patch to avoid sending focus evens when grab actually does
not change. This fixes certain full screen applications. [1]
Ensure that we actually don't try to find and link against HAL even if it's
around on the system we're compiling on [2]
Add CPE information [3]
PR: 245854 [1] (with changes), 245604 [2], 197712 [3]
Submitted by: naddy@ [1], mi@ [2], arrowd [3]
Reported by: shun [3]
MFH: 2020Q2
*.pcf fonts are rendered by X11 server but if font path is disabled
only built-in fonts are available by default. While users could still
amend font path via "xset fp" the discrepancy with xorg-server gave
a bad first impression.
Reported by: jsm
