From 1ef182ec109a2800edbc51b4fb694016e20662a3 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 25 Jun 2025 10:50:12 +0800 Subject: [PATCH 1/5] [CVE]update to xorg-x11-server-1.20.11-26 to #ICHMDY update to xorg-x11-server-1.20.11-26 for CVE-2025-49175 Project: TC2024080204 Signed-off-by: Jacob Wang --- ...der-Avoid-0-or-less-animated-cursors.patch | 89 +++ ...low-the-integer-size-with-BigRequest.patch | 91 +++ ...nteger-overflow-on-BigRequest-length.patch | 35 ++ ...ytes-to-ignore-when-sharing-input-bu.patch | 48 ++ ...-overflow-in-RecordSanityCheckRegist.patch | 64 +++ ...overflow-in-RRChangeProviderProperty.patch | 43 ++ ...6-Check-for-RandR-provider-functions.patch | 50 ++ 0100-phytium-xorg-x11-server-bmc.patch | 192 ------- xorg-server-1.20.11-sw.patch | 526 ------------------ xorg-x11-server.spec | 66 +-- 10 files changed, 439 insertions(+), 765 deletions(-) create mode 100644 0001-render-Avoid-0-or-less-animated-cursors.patch create mode 100644 0002-os-Do-not-overflow-the-integer-size-with-BigRequest.patch create mode 100644 0003-os-Check-for-integer-overflow-on-BigRequest-length.patch create mode 100644 0004-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch create mode 100644 0005-record-Check-for-overflow-in-RecordSanityCheckRegist.patch create mode 100644 0006-randr-Check-for-overflow-in-RRChangeProviderProperty.patch create mode 100644 0007-xfree86-Check-for-RandR-provider-functions.patch delete mode 100644 0100-phytium-xorg-x11-server-bmc.patch delete mode 100644 xorg-server-1.20.11-sw.patch diff --git a/0001-render-Avoid-0-or-less-animated-cursors.patch b/0001-render-Avoid-0-or-less-animated-cursors.patch new file mode 100644 index 0000000..edd66c6 --- /dev/null +++ b/0001-render-Avoid-0-or-less-animated-cursors.patch @@ -0,0 +1,89 @@ +From 4c8e10312a721aa2f36048388284a2fd4ad97043 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Fri, 28 Mar 2025 09:43:52 +0100 +Subject: [PATCH xserver 1/7] render: Avoid 0 or less animated cursors +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Animated cursors use a series of cursors that the client can set. + +By default, the Xserver assumes at least one cursor is specified +while a client may actually pass no cursor at all. + +That causes an out-of-bound read creating the animated cursor and a +crash of the Xserver: + + | Invalid read of size 8 + | at 0x5323F4: AnimCursorCreate (animcur.c:325) + | by 0x52D4C5: ProcRenderCreateAnimCursor (render.c:1817) + | by 0x52DC80: ProcRenderDispatch (render.c:1999) + | by 0x4A1E9D: Dispatch (dispatch.c:560) + | by 0x4B0169: dix_main (main.c:284) + | by 0x4287F5: main (stubmain.c:34) + | Address 0x59aa010 is 0 bytes after a block of size 0 alloc'd + | at 0x48468D3: reallocarray (vg_replace_malloc.c:1803) + | by 0x52D3DA: ProcRenderCreateAnimCursor (render.c:1802) + | by 0x52DC80: ProcRenderDispatch (render.c:1999) + | by 0x4A1E9D: Dispatch (dispatch.c:560) + | by 0x4B0169: dix_main (main.c:284) + | by 0x4287F5: main (stubmain.c:34) + | + | Invalid read of size 2 + | at 0x5323F7: AnimCursorCreate (animcur.c:325) + | by 0x52D4C5: ProcRenderCreateAnimCursor (render.c:1817) + | by 0x52DC80: ProcRenderDispatch (render.c:1999) + | by 0x4A1E9D: Dispatch (dispatch.c:560) + | by 0x4B0169: dix_main (main.c:284) + | by 0x4287F5: main (stubmain.c:34) + | Address 0x8 is not stack'd, malloc'd or (recently) free'd + +To avoid the issue, check the number of cursors specified and return a +BadValue error in both the proc handler (early) and the animated cursor +creation (as this is a public function) if there is 0 or less cursor. + +CVE-2025-49175 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: Olivier Fourdan +Reviewed-by: José Expósito +(cherry picked from commit 0885e0b26225c90534642fe911632ec0779eebee) + +Part-of: +--- + render/animcur.c | 3 +++ + render/render.c | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/render/animcur.c b/render/animcur.c +index ef27bda27..77942d846 100644 +--- a/render/animcur.c ++++ b/render/animcur.c +@@ -304,6 +304,9 @@ AnimCursorCreate(CursorPtr *cursors, CARD32 *deltas, int ncursor, + int rc = BadAlloc, i; + AnimCurPtr ac; + ++ if (ncursor <= 0) ++ return BadValue; ++ + for (i = 0; i < screenInfo.numScreens; i++) + if (!GetAnimCurScreen(screenInfo.screens[i])) + return BadImplementation; +diff --git a/render/render.c b/render/render.c +index 456f156d4..e9bbac62d 100644 +--- a/render/render.c ++++ b/render/render.c +@@ -1788,6 +1788,8 @@ ProcRenderCreateAnimCursor(ClientPtr client) + ncursor = + (client->req_len - + (bytes_to_int32(sizeof(xRenderCreateAnimCursorReq)))) >> 1; ++ if (ncursor <= 0) ++ return BadValue; + cursors = xallocarray(ncursor, sizeof(CursorPtr) + sizeof(CARD32)); + if (!cursors) + return BadAlloc; +-- +2.49.0 + diff --git a/0002-os-Do-not-overflow-the-integer-size-with-BigRequest.patch b/0002-os-Do-not-overflow-the-integer-size-with-BigRequest.patch new file mode 100644 index 0000000..f72b33b --- /dev/null +++ b/0002-os-Do-not-overflow-the-integer-size-with-BigRequest.patch @@ -0,0 +1,91 @@ +From a99c927aec4563101f574d0a65cd451dcdd7e012 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Mon, 7 Apr 2025 16:13:34 +0200 +Subject: [PATCH xserver 2/7] os: Do not overflow the integer size with + BigRequest +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The BigRequest extension allows requests larger than the 16-bit length +limit. + +It uses integers for the request length and checks for the size not to +exceed the maxBigRequestSize limit, but does so after translating the +length to integer by multiplying the given size in bytes by 4. + +In doing so, it might overflow the integer size limit before actually +checking for the overflow, defeating the purpose of the test. + +To avoid the issue, make sure to check that the request size does not +overflow the maxBigRequestSize limit prior to any conversion. + +The caller Dispatch() function however expects the return value to be in +bytes, so we cannot just return the converted value in case of error, as +that would also overflow the integer size. + +To preserve the existing API, we use a negative value for the X11 error +code BadLength as the function only return positive values, 0 or -1 and +update the caller Dispatch() function to take that case into account to +return the error code to the offending client. + +CVE-2025-49176 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: Olivier Fourdan +Reviewed-by: Michel Dänzer +(cherry picked from commit 03731b326a80b582e48d939fe62cb1e2b10400d9) + +Part-of: +--- + dix/dispatch.c | 9 +++++---- + os/io.c | 4 ++++ + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/dix/dispatch.c b/dix/dispatch.c +index a33bfaa9e..14ccdc57a 100644 +--- a/dix/dispatch.c ++++ b/dix/dispatch.c +@@ -447,9 +447,10 @@ Dispatch(void) + + /* now, finally, deal with client requests */ + result = ReadRequestFromClient(client); +- if (result <= 0) { +- if (result < 0) +- CloseDownClient(client); ++ if (result == 0) ++ break; ++ else if (result == -1) { ++ CloseDownClient(client); + break; + } + +@@ -470,7 +471,7 @@ Dispatch(void) + client->index, + client->requestBuffer); + #endif +- if (result > (maxBigRequestSize << 2)) ++ if (result < 0 || result > (maxBigRequestSize << 2)) + result = BadLength; + else { + result = XaceHookDispatch(client, client->majorOp); +diff --git a/os/io.c b/os/io.c +index 939f51743..a05300869 100644 +--- a/os/io.c ++++ b/os/io.c +@@ -296,6 +296,10 @@ ReadRequestFromClient(ClientPtr client) + needed = get_big_req_len(request, client); + } + client->req_len = needed; ++ if (needed > MAXINT >> 2) { ++ /* Check for potential integer overflow */ ++ return -(BadLength); ++ } + needed <<= 2; /* needed is in bytes now */ + } + if (gotnow < needed) { +-- +2.49.0 + diff --git a/0003-os-Check-for-integer-overflow-on-BigRequest-length.patch b/0003-os-Check-for-integer-overflow-on-BigRequest-length.patch new file mode 100644 index 0000000..1c70fff --- /dev/null +++ b/0003-os-Check-for-integer-overflow-on-BigRequest-length.patch @@ -0,0 +1,35 @@ +From d5b66f2b1f3d9a322261d150e0da4e707a337334 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Wed, 18 Jun 2025 08:39:02 +0200 +Subject: [PATCH xserver 3/7] os: Check for integer overflow on BigRequest + length + +Check for another possible integer overflow once we get a complete xReq +with BigRequest. + +Related to CVE-2025-49176 + +Signed-off-by: Olivier Fourdan +Suggested-by: Peter Harris +Part-of: +(cherry picked from commit 4fc4d76b2c7aaed61ed2653f997783a3714c4fe1) +--- + os/io.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/os/io.c b/os/io.c +index a05300869..de5b3c921 100644 +--- a/os/io.c ++++ b/os/io.c +@@ -395,6 +395,8 @@ ReadRequestFromClient(ClientPtr client) + needed = get_big_req_len(request, client); + } + client->req_len = needed; ++ if (needed > MAXINT >> 2) ++ return -(BadLength); + needed <<= 2; + } + if (gotnow < needed) { +-- +2.49.0 + diff --git a/0004-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch b/0004-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch new file mode 100644 index 0000000..2a43cfc --- /dev/null +++ b/0004-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch @@ -0,0 +1,48 @@ +From b4f63879f2a5cf0578101591f26471238f944e9c Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Mon, 28 Apr 2025 10:46:03 +0200 +Subject: [PATCH xserver 4/7] os: Account for bytes to ignore when sharing + input buffer + +When reading requests from the clients, the input buffer might be shared +and used between different clients. + +If a given client sends a full request with non-zero bytes to ignore, +the bytes to ignore may still be non-zero even though the request is +full, in which case the buffer could be shared with another client who's +request will not be processed because of those bytes to ignore, leading +to a possible hang of the other client request. + +To avoid the issue, make sure we have zero bytes to ignore left in the +input request when sharing the input buffer with another client. + +CVE-2025-49178 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: Olivier Fourdan +Reviewed-by: Peter Hutterer +(cherry picked from commit d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2) + +Part-of: +--- + os/io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/os/io.c b/os/io.c +index de5b3c921..b7f2750b5 100644 +--- a/os/io.c ++++ b/os/io.c +@@ -444,7 +444,7 @@ ReadRequestFromClient(ClientPtr client) + */ + + gotnow -= needed; +- if (!gotnow) ++ if (!gotnow && !oci->ignoreBytes) + AvailableInput = oc; + if (move_header) { + if (client->req_len < bytes_to_int32(sizeof(xBigReq) - sizeof(xReq))) { +-- +2.49.0 + diff --git a/0005-record-Check-for-overflow-in-RecordSanityCheckRegist.patch b/0005-record-Check-for-overflow-in-RecordSanityCheckRegist.patch new file mode 100644 index 0000000..3fff69b --- /dev/null +++ b/0005-record-Check-for-overflow-in-RecordSanityCheckRegist.patch @@ -0,0 +1,64 @@ +From d943eaa6b8584e7ceebd73ee59bd84e99b09be5d Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Mon, 28 Apr 2025 11:47:15 +0200 +Subject: [PATCH xserver 5/7] record: Check for overflow in + RecordSanityCheckRegisterClients() + +The RecordSanityCheckRegisterClients() checks for the request length, +but does not check for integer overflow. + +A client might send a very large value for either the number of clients +or the number of protocol ranges that will cause an integer overflow in +the request length computation, defeating the check for request length. + +To avoid the issue, explicitly check the number of clients against the +limit of clients (which is much lower than an maximum integer value) and +the number of protocol ranges (multiplied by the record length) do not +exceed the maximum integer value. + +This way, we ensure that the final computation for the request length +will not overflow the maximum integer limit. + +CVE-2025-49179 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: Olivier Fourdan +Reviewed-by: Peter Hutterer +(cherry picked from commit 2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4) + +Part-of: +--- + record/record.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/record/record.c b/record/record.c +index a8aec23bd..afaceb55c 100644 +--- a/record/record.c ++++ b/record/record.c +@@ -45,6 +45,7 @@ and Jim Haggerty of Metheus. + #include "inputstr.h" + #include "eventconvert.h" + #include "scrnintstr.h" ++#include "opaque.h" + + #include + #include +@@ -1298,6 +1299,13 @@ RecordSanityCheckRegisterClients(RecordContextPtr pContext, ClientPtr client, + int i; + XID recordingClient; + ++ /* LimitClients is 2048 at max, way less that MAXINT */ ++ if (stuff->nClients > LimitClients) ++ return BadValue; ++ ++ if (stuff->nRanges > (MAXINT - 4 * stuff->nClients) / SIZEOF(xRecordRange)) ++ return BadValue; ++ + if (((client->req_len << 2) - SIZEOF(xRecordRegisterClientsReq)) != + 4 * stuff->nClients + SIZEOF(xRecordRange) * stuff->nRanges) + return BadLength; +-- +2.49.0 + diff --git a/0006-randr-Check-for-overflow-in-RRChangeProviderProperty.patch b/0006-randr-Check-for-overflow-in-RRChangeProviderProperty.patch new file mode 100644 index 0000000..f748f9b --- /dev/null +++ b/0006-randr-Check-for-overflow-in-RRChangeProviderProperty.patch @@ -0,0 +1,43 @@ +From 3d44c08d94e850769d7d16fce0596536370253b1 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Tue, 20 May 2025 15:18:19 +0200 +Subject: [PATCH xserver 6/7] randr: Check for overflow in + RRChangeProviderProperty() + +A client might send a request causing an integer overflow when computing +the total size to allocate in RRChangeProviderProperty(). + +To avoid the issue, check that total length in bytes won't exceed the +maximum integer value. + +CVE-2025-49180 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: Olivier Fourdan +Reviewed-by: Peter Hutterer +(cherry picked from commit 3c3a4b767b16174d3213055947ea7f4f88e10ec6) + +Part-of: +--- + randr/rrproviderproperty.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c +index b79c17f9b..7088570ee 100644 +--- a/randr/rrproviderproperty.c ++++ b/randr/rrproviderproperty.c +@@ -179,7 +179,8 @@ RRChangeProviderProperty(RRProviderPtr provider, Atom property, Atom type, + + if (mode == PropModeReplace || len > 0) { + void *new_data = NULL, *old_data = NULL; +- ++ if (total_len > MAXINT / size_in_bytes) ++ return BadValue; + total_size = total_len * size_in_bytes; + new_value.data = (void *) malloc(total_size); + if (!new_value.data && total_size) { +-- +2.49.0 + diff --git a/0007-xfree86-Check-for-RandR-provider-functions.patch b/0007-xfree86-Check-for-RandR-provider-functions.patch new file mode 100644 index 0000000..02cc596 --- /dev/null +++ b/0007-xfree86-Check-for-RandR-provider-functions.patch @@ -0,0 +1,50 @@ +From 8de5a9b2be31d14dcce3795f919b353d62e56897 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Mon, 28 Apr 2025 14:59:46 +0200 +Subject: [PATCH xserver 7/7] xfree86: Check for RandR provider functions + +Changing XRandR provider properties if the driver has set no provider +function such as the modesetting driver will cause a NULL pointer +dereference and a crash of the Xorg server. + +Related to CVE-2025-49180 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: Olivier Fourdan +Reviewed-by: Peter Hutterer +(cherry picked from commit 0235121c6a7a6eb247e2addb3b41ed6ef566853d) + +Part-of: +--- + hw/xfree86/modes/xf86RandR12.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/modes/xf86RandR12.c b/hw/xfree86/modes/xf86RandR12.c +index f220ef192..ccb7f629c 100644 +--- a/hw/xfree86/modes/xf86RandR12.c ++++ b/hw/xfree86/modes/xf86RandR12.c +@@ -2133,7 +2133,8 @@ xf86RandR14ProviderSetProperty(ScreenPtr pScreen, + /* If we don't have any property handler, then we don't care what the + * user is setting properties to. + */ +- if (config->provider_funcs->set_property == NULL) ++ if (config->provider_funcs == NULL || ++ config->provider_funcs->set_property == NULL) + return TRUE; + + /* +@@ -2151,7 +2152,8 @@ xf86RandR14ProviderGetProperty(ScreenPtr pScreen, + ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen); + xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(pScrn); + +- if (config->provider_funcs->get_property == NULL) ++ if (config->provider_funcs == NULL || ++ config->provider_funcs->get_property == NULL) + return TRUE; + + /* Should be safe even w/o vtSema */ +-- +2.49.0 + diff --git a/0100-phytium-xorg-x11-server-bmc.patch b/0100-phytium-xorg-x11-server-bmc.patch deleted file mode 100644 index a4e03d0..0000000 --- a/0100-phytium-xorg-x11-server-bmc.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 2a96fbdc5b15c1d430151cf5bb4390b97993772f Mon Sep 17 00:00:00 2001 -From: yuan0927 -Date: Tue, 21 May 2024 09:40:12 +0800 -Subject: [PATCH 2/2] modesetting: add support for phytium S5000C BMC - -This patch has been fixed to address the issue of screen distortion in the Phytium S5000C, and it works in conjunction with the patch integrated into the kernel. - -Signed-off-by: yuan0927 -Signed-off-by: WangHao ---- - hw/xfree86/drivers/modesetting/driver.c | 158 +++++++++++++++++++++++- - 1 file changed, 157 insertions(+), 1 deletion(-) - -diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c -index ef4a314..f9555e4 100644 ---- a/hw/xfree86/drivers/modesetting/driver.c -+++ b/hw/xfree86/drivers/modesetting/driver.c -@@ -1143,6 +1143,162 @@ msUpdateIntersect(modesettingPtr ms, shadowBufPtr pBuf, BoxPtr box, - return dirty; - } - -+static void align_memcpy(void *dest, void *source, size_t size) -+{ -+ char *dst1, *dst2, *p, *src, *dst; -+ -+ src = (char *)source; -+ dst = (char *)dest; -+ -+ dst1 = (char *)(((unsigned long)dst + 0xf) & ~0xf); -+ dst2 = (char *)(((unsigned long)dst + size) & ~0xf); -+ p = dst; -+ -+ while((p< dst1) && size){ -+ *p++ = *src++; -+ size--; -+ }; -+ -+ memcpy(dst1, (char *)src, (size & (~0xf))); -+ -+ src += (size & (~0xf)); -+ size = (size & 0xf); -+ -+ p = dst2; -+ while(size--){ -+ *p++ = *src++; -+ }; -+} -+ -+#define AST_BMC_VENDOR_ID 0x1a03 -+#define FT_BMC_VENDOR_ID 0x1db7 -+#define FT_BMC_DEVICE_ID 0xdc3e -+#define DRM_AST_VRAM_TYPE_DEVICE 0x0 -+#define DRM_IOCTL_AST_VRAM_TYPE_DEVICE DRM_IO(DRM_COMMAND_BASE + DRM_AST_VRAM_TYPE_DEVICE) -+#define DRM_PHYTIUM_VRAM_TYPE_DEVICE 0x0 -+#define DRM_IOCTL_PHYTIUM_VRAM_TYPE_DEVICE DRM_IO(DRM_COMMAND_BASE + DRM_PHYTIUM_VRAM_TYPE_DEVICE) -+ -+static Bool device_is_ast_bmc(struct pci_device *pci) -+{ -+ if (pci->vendor_id == AST_BMC_VENDOR_ID) { -+ return TRUE; -+ } -+ -+ return FALSE; -+} -+ -+static Bool device_is_ft_bmc(struct pci_device *pci) -+{ -+ if (pci->vendor_id == FT_BMC_VENDOR_ID && pci->device_id == FT_BMC_DEVICE_ID) { -+ return TRUE; -+ } -+ -+ return FALSE; -+} -+ -+static void -+msshadowUpdatePacked(ScreenPtr pScreen, shadowBufPtr pBuf) -+{ -+ RegionPtr damage = DamageRegion(pBuf->pDamage); -+ PixmapPtr pShadow = pBuf->pPixmap; -+ int nbox = RegionNumRects(damage); -+ BoxPtr pbox = RegionRects(damage); -+ FbBits *shaBase, *shaLine, *sha; -+ FbStride shaStride; -+ int scrBase, scrLine, scr; -+ int shaBpp; -+ _X_UNUSED int shaXoff, shaYoff; -+ int x, y, w, h, width; -+ int i; -+ FbBits *winBase = NULL, *win; -+ CARD32 winSize; -+ static Bool firstQuery = TRUE; -+ static Bool forceAlign = FALSE; -+ Bool isAstBMC = FALSE; -+ Bool isFtBMC = FALSE; -+ ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen); -+ modesettingPtr ms = modesettingPTR(pScrn); -+ struct pci_device *pci = NULL; -+ -+ if (BUS_PLATFORM == ms->pEnt->location.type) { -+ pci = ms->pEnt->location.id.plat->pdev; -+ } else if (BUS_PCI == ms->pEnt->location.type) { -+ pci = ms->pEnt->location.id.pci; -+ } -+ -+ if (pci && device_is_ast_bmc(pci)) { -+ isAstBMC = TRUE; -+ if (firstQuery) { -+ if (1 == drmIoctl(ms->fd, DRM_IOCTL_AST_VRAM_TYPE_DEVICE, NULL)) { -+ forceAlign = TRUE; -+ } -+ firstQuery = FALSE; -+ } -+ } else if (pci && device_is_ft_bmc(pci)) { -+ isFtBMC = TRUE; -+ if (firstQuery) { -+ if (1 == drmIoctl(ms->fd, DRM_IOCTL_PHYTIUM_VRAM_TYPE_DEVICE, NULL)) { -+ forceAlign = TRUE; -+ } -+ firstQuery = FALSE; -+ } -+ } -+ -+ fbGetDrawable(&pShadow->drawable, shaBase, shaStride, shaBpp, shaXoff, -+ shaYoff); -+ while (nbox--) { -+ x = pbox->x1 * shaBpp; -+ y = pbox->y1; -+ w = (pbox->x2 - pbox->x1) * shaBpp; -+ h = pbox->y2 - pbox->y1; -+ -+ scrLine = (x >> FB_SHIFT); -+ shaLine = shaBase + y * shaStride + (x >> FB_SHIFT); -+ -+ x &= FB_MASK; -+ w = (w + x + FB_MASK) >> FB_SHIFT; -+ -+ while (h--) { -+ winSize = 0; -+ scrBase = 0; -+ width = w; -+ scr = scrLine; -+ sha = shaLine; -+ while (width) { -+ /* how much remains in this window */ -+ i = scrBase + winSize - scr; -+ if (i <= 0 || scr < scrBase) { -+ winBase = (FbBits *) (*pBuf->window) (pScreen, -+ y, -+ scr * sizeof(FbBits), -+ SHADOW_WINDOW_WRITE, -+ &winSize, -+ pBuf->closure); -+ if (!winBase) -+ return; -+ scrBase = scr; -+ winSize /= sizeof(FbBits); -+ i = winSize; -+ } -+ win = winBase + (scr - scrBase); -+ if (i > width) -+ i = width; -+ width -= i; -+ scr += i; -+ if ((isFtBMC || isAstBMC) && forceAlign) { -+ align_memcpy(win, sha, i * sizeof(FbBits)); -+ } else { -+ memcpy(win, sha, i * sizeof(FbBits)); -+ } -+ sha += i; -+ } -+ shaLine += shaStride; -+ y++; -+ } -+ pbox++; -+ } -+} -+ - static void - msUpdatePacked(ScreenPtr pScreen, shadowBufPtr pBuf) - { -@@ -1193,7 +1349,7 @@ msUpdatePacked(ScreenPtr pScreen, shadowBufPtr pBuf) - if (use_3224) - shadowUpdate32to24(pScreen, pBuf); - else -- shadowUpdatePacked(pScreen, pBuf); -+ msshadowUpdatePacked(pScreen, pBuf); - } - - static Bool --- -2.39.3 - diff --git a/xorg-server-1.20.11-sw.patch b/xorg-server-1.20.11-sw.patch deleted file mode 100644 index fb97b51..0000000 --- a/xorg-server-1.20.11-sw.patch +++ /dev/null @@ -1,526 +0,0 @@ -From 3ae0cebb8e57926591d659dd43c72f961cc94990 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 29 Feb 2024 10:50:12 +0800 -Subject: [PATCH] xorg-server-1.20.11-sw.patch - -Signed-off-by: rpm-build ---- - configure.ac | 9 + - hw/xfree86/common/compiler.h | 24 ++- - hw/xfree86/dri/dri.c | 2 +- - hw/xfree86/dri/sarea.h | 2 +- - hw/xfree86/os-support/bsd/Makefile.am | 6 + - hw/xfree86/os-support/bsd/sw_64_video.c | 234 ++++++++++++++++++++++++ - hw/xfree86/os-support/linux/lnx_video.c | 4 +- - hw/xfree86/os-support/meson.build | 2 + - hw/xfree86/os-support/misc/SlowBcopy.c | 4 +- - include/xorg-config.h.in | 4 + - include/xorg-config.h.meson.in | 4 + - xkb/xkbInit.c | 2 +- - 12 files changed, 281 insertions(+), 16 deletions(-) - create mode 100644 hw/xfree86/os-support/bsd/sw_64_video.c - -diff --git a/configure.ac b/configure.ac -index 915941c..7a09cee 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -257,6 +257,14 @@ DEFAULT_INT10="x86emu" - dnl Override defaults as needed for specific platforms: - - case $host_cpu in -+ sw_64*) -+ SW_64_VIDEO=yes -+ case $host_os in -+ *freebsd*) SYS_LIBS=-lio ;; -+ *netbsd*) AC_DEFINE(USE_ALPHA_PIO, 1, [NetBSD PIO sw_64 IO]) ;; -+ esac -+ GLX_ARCH_DEFINES="-D__GLX_ALIGN64 -mieee" -+ ;; - alpha*) - ALPHA_VIDEO=yes - case $host_os in -@@ -318,6 +326,7 @@ AC_SUBST(GLX_ARCH_DEFINES) - - dnl BSD *_video.c selection - AM_CONDITIONAL(ALPHA_VIDEO, [test "x$ALPHA_VIDEO" = xyes]) -+AM_CONDITIONAL(SW_64_VIDEO, [test "x$SW_64_VIDEO" = xyes]) - AM_CONDITIONAL(ARM_VIDEO, [test "x$ARM_VIDEO" = xyes]) - AM_CONDITIONAL(I386_VIDEO, [test "x$I386_VIDEO" = xyes]) - AM_CONDITIONAL(PPC_VIDEO, [test "x$PPC_VIDEO" = xyes]) -diff --git a/hw/xfree86/common/compiler.h b/hw/xfree86/common/compiler.h -index 2b2008b..2657620 100644 ---- a/hw/xfree86/common/compiler.h -+++ b/hw/xfree86/common/compiler.h -@@ -99,6 +99,7 @@ - #if !defined(__arm__) - #if !defined(__sparc__) && !defined(__arm32__) && !defined(__nds32__) \ - && !(defined(__alpha__) && defined(__linux__)) \ -+ && !(defined(__sw_64__) && defined(__linux__)) \ - && !(defined(__ia64__) && defined(__linux__)) \ - && !(defined(__mips64) && defined(__linux__)) \ - -@@ -109,7 +110,7 @@ extern _X_EXPORT unsigned int inb(unsigned short); - extern _X_EXPORT unsigned int inw(unsigned short); - extern _X_EXPORT unsigned int inl(unsigned short); - --#else /* __sparc__, __arm32__, __alpha__, __nds32__ */ -+#else /* __sparc__, __arm32__, __alpha__, __sw_64__, __nds32__ */ - extern _X_EXPORT void outb(unsigned long, unsigned char); - extern _X_EXPORT void outw(unsigned long, unsigned short); - extern _X_EXPORT void outl(unsigned long, unsigned int); -@@ -129,7 +130,7 @@ extern _X_EXPORT void xf86WriteMmio16Le (void *, unsigned long, unsigned int); - extern _X_EXPORT void xf86WriteMmio32Be (void *, unsigned long, unsigned int); - extern _X_EXPORT void xf86WriteMmio32Le (void *, unsigned long, unsigned int); - #endif /* _SUNPRO_C */ --#endif /* __sparc__, __arm32__, __alpha__, __nds32__ */ -+#endif /* __sparc__, __arm32__, __alpha__, __sw_64__, __nds32__ */ - #endif /* __arm__ */ - - #endif /* NO_INLINE || DO_PROTOTYPES */ -@@ -149,6 +150,11 @@ extern _X_EXPORT void xf86WriteMmio32Le (void *, unsigned long, unsigned int); - #define mem_barrier() __asm__ __volatile__ ("lock; addl $0,0(%%esp)" : : : "memory") - #endif - -+#elif defined __sw_64__ -+ -+#define mem_barrier() __asm__ __volatile__ ("memb" : : : "memory") -+#define write_mem_barrier() __asm__ __volatile__ ("memb" : : : "memory") -+ - #elif defined __alpha__ - - #define mem_barrier() __asm__ __volatile__ ("mb" : : : "memory") -@@ -213,7 +219,7 @@ extern _X_EXPORT void xf86WriteMmio32Le (void *, unsigned long, unsigned int); - #endif - - #ifdef __GNUC__ --#if defined(__alpha__) -+#if defined(__alpha__) || defined(__sw_64__) - - #ifdef __linux__ - /* for Linux on Alpha, we use the LIBC _inx/_outx routines */ -@@ -955,7 +961,7 @@ inl(unsigned PORT_SIZE port) - #define MMIO_IS_BE - #endif - --#ifdef __alpha__ -+#if defined __alpha__ || defined __sw_64__ - static inline int - xf86ReadMmio8(void *Base, unsigned long Offset) - { -@@ -1068,7 +1074,7 @@ extern _X_EXPORT void xf86SlowBCopyToBus(unsigned char *, unsigned char *, int); - xf86WriteMmio32(base, offset, (CARD32)(val)) - #endif - --#else /* !__alpha__ && !__powerpc__ && !__sparc__ */ -+#else /* !__alpha__ && !__sw_64__ && !__powerpc__ && !__sparc__ */ - - #define MMIO_IN8(base, offset) \ - *(volatile CARD8 *)(((CARD8*)(base)) + (offset)) -@@ -1083,19 +1089,19 @@ extern _X_EXPORT void xf86SlowBCopyToBus(unsigned char *, unsigned char *, int); - #define MMIO_OUT32(base, offset, val) \ - *(volatile CARD32 *)(void *)(((CARD8*)(base)) + (offset)) = (val) - --#endif /* __alpha__ */ -+#endif /* __alpha__, __sw_64__ */ - - /* - * With Intel, the version in os-support/misc/SlowBcopy.s is used. - * This avoids port I/O during the copy (which causes problems with - * some hardware). - */ --#ifdef __alpha__ -+#if defined __alpha__ || defined __sw_64___ - #define slowbcopy_tobus(src,dst,count) xf86SlowBCopyToBus(src,dst,count) - #define slowbcopy_frombus(src,dst,count) xf86SlowBCopyFromBus(src,dst,count) --#else /* __alpha__ */ -+#else /* __alpha__, __sw_64__ */ - #define slowbcopy_tobus(src,dst,count) xf86SlowBcopy(src,dst,count) - #define slowbcopy_frombus(src,dst,count) xf86SlowBcopy(src,dst,count) --#endif /* __alpha__ */ -+#endif /* __alpha__, __sw_64__ */ - - #endif /* _COMPILER_H */ -diff --git a/hw/xfree86/dri/dri.c b/hw/xfree86/dri/dri.c -index 9f70759..091681e 100644 ---- a/hw/xfree86/dri/dri.c -+++ b/hw/xfree86/dri/dri.c -@@ -2012,7 +2012,7 @@ DRISpinLockTimeout(drmLock * lock, int val, unsigned long timeout /* in mS */ ) - { - int count = 10000; - --#if !defined(__alpha__) && !defined(__powerpc__) -+#if !defined(__alpha__) && !defined(__powerpc__) && !defined(__sw_64__) - char ret; - #else - int ret; -diff --git a/hw/xfree86/dri/sarea.h b/hw/xfree86/dri/sarea.h -index 1bef242..cd7e416 100644 ---- a/hw/xfree86/dri/sarea.h -+++ b/hw/xfree86/dri/sarea.h -@@ -39,7 +39,7 @@ - #include "xf86drm.h" - - /* SAREA area needs to be at least a page */ --#if defined(__alpha__) -+#if defined(__alpha__) || defined(__sw_64__) - #define SAREA_MAX 0x2000 - #elif defined(__ia64__) - #define SAREA_MAX 0x10000 /* 64kB */ -diff --git a/hw/xfree86/os-support/bsd/Makefile.am b/hw/xfree86/os-support/bsd/Makefile.am -index 66ac838..38fe659 100644 ---- a/hw/xfree86/os-support/bsd/Makefile.am -+++ b/hw/xfree86/os-support/bsd/Makefile.am -@@ -29,6 +29,12 @@ ARCH_SOURCES = \ - alpha_video.c - endif - -+if SW_64_VIDEO -+# Cheat here and piggyback other sw_64 bits on SW_64_VIDEO. -+ARCH_SOURCES = \ -+ sw_64_video.c -+endif -+ - if ARM_VIDEO - ARCH_SOURCES = arm_video.c - endif -diff --git a/hw/xfree86/os-support/bsd/sw_64_video.c b/hw/xfree86/os-support/bsd/sw_64_video.c -new file mode 100644 -index 0000000..7c42435 ---- /dev/null -+++ b/hw/xfree86/os-support/bsd/sw_64_video.c -@@ -0,0 +1,234 @@ -+/* -+ * Copyright 1992 by Rich Murphey -+ * Copyright 1993 by David Wexelblat -+ * -+ * Permission to use, copy, modify, distribute, and sell this software and its -+ * documentation for any purpose is hereby granted without fee, provided that -+ * the above copyright notice appear in all copies and that both that -+ * copyright notice and this permission notice appear in supporting -+ * documentation, and that the names of Rich Murphey and David Wexelblat -+ * not be used in advertising or publicity pertaining to distribution of -+ * the software without specific, written prior permission. Rich Murphey and -+ * David Wexelblat make no representations about the suitability of this -+ * software for any purpose. It is provided "as is" without express or -+ * implied warranty. -+ * -+ * RICH MURPHEY AND DAVID WEXELBLAT DISCLAIM ALL WARRANTIES WITH REGARD TO -+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -+ * FITNESS, IN NO EVENT SHALL RICH MURPHEY OR DAVID WEXELBLAT BE LIABLE FOR -+ * ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER -+ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF -+ * CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ * -+ */ -+ -+#ifdef HAVE_XORG_CONFIG_H -+#include -+#endif -+ -+#include -+#include "xf86.h" -+#include "xf86Priv.h" -+ -+#include -+#ifndef __NetBSD__ -+#include -+#endif -+ -+#include "xf86_OSlib.h" -+#include "xf86OSpriv.h" -+ -+#if defined(__NetBSD__) && !defined(MAP_FILE) -+#define MAP_FLAGS MAP_SHARED -+#else -+#define MAP_FLAGS (MAP_FILE | MAP_SHARED) -+#endif -+ -+#ifndef __NetBSD__ -+extern unsigned long dense_base(void); -+#else /* __NetBSD__ */ -+static struct sw_64_bus_window *abw; -+static int abw_count = -1; -+ -+static void -+init_abw(void) -+{ -+ if (abw_count < 0) { -+ abw_count = sw_64_bus_getwindows(SW_64_BUS_TYPE_PCI_MEM, &abw); -+ if (abw_count <= 0) -+ FatalError("init_abw: sw_64_bus_getwindows failed\n"); -+ } -+} -+ -+static unsigned long -+dense_base(void) -+{ -+ if (abw_count < 0) -+ init_abw(); -+ -+ /* XXX check abst_flags for ABST_DENSE just to be safe? */ -+ xf86Msg(X_INFO, "dense base = %#lx\n", abw[0].abw_abst.abst_sys_start); /* XXXX */ -+ return abw[0].abw_abst.abst_sys_start; -+} -+ -+#endif /* __NetBSD__ */ -+ -+#define BUS_BASE dense_base() -+ -+/***************************************************************************/ -+/* Video Memory Mapping section */ -+/***************************************************************************/ -+ -+#ifdef __OpenBSD__ -+#define SYSCTL_MSG "\tCheck that you have set 'machdep.allowaperture=1'\n"\ -+ "\tin /etc/sysctl.conf and reboot your machine\n" \ -+ "\trefer to xf86(4) for details" -+#endif -+ -+static int devMemFd = -1; -+ -+#ifdef HAS_APERTURE_DRV -+#define DEV_APERTURE "/dev/xf86" -+#endif -+ -+/* -+ * Check if /dev/mem can be mmap'd. If it can't print a warning when -+ * "warn" is TRUE. -+ */ -+static void -+checkDevMem(Bool warn) -+{ -+ static Bool devMemChecked = FALSE; -+ int fd; -+ void *base; -+ -+ if (devMemChecked) -+ return; -+ devMemChecked = TRUE; -+ -+#ifdef HAS_APERTURE_DRV -+ /* Try the aperture driver first */ -+ if ((fd = open(DEV_APERTURE, O_RDWR)) >= 0) { -+ /* Try to map a page at the VGA address */ -+ base = mmap((caddr_t) 0, 4096, PROT_READ | PROT_WRITE, -+ MAP_FLAGS, fd, (off_t) 0xA0000 + BUS_BASE); -+ -+ if (base != MAP_FAILED) { -+ munmap((caddr_t) base, 4096); -+ devMemFd = fd; -+ xf86Msg(X_INFO, "checkDevMem: using aperture driver %s\n", -+ DEV_APERTURE); -+ return; -+ } -+ else { -+ if (warn) { -+ xf86Msg(X_WARNING, "checkDevMem: failed to mmap %s (%s)\n", -+ DEV_APERTURE, strerror(errno)); -+ } -+ } -+ } -+#endif -+ if ((fd = open(DEV_MEM, O_RDWR)) >= 0) { -+ /* Try to map a page at the VGA address */ -+ base = mmap((caddr_t) 0, 4096, PROT_READ | PROT_WRITE, -+ MAP_FLAGS, fd, (off_t) 0xA0000 + BUS_BASE); -+ -+ if (base != MAP_FAILED) { -+ munmap((caddr_t) base, 4096); -+ devMemFd = fd; -+ return; -+ } -+ else { -+ if (warn) { -+ xf86Msg(X_WARNING, "checkDevMem: failed to mmap %s (%s)\n", -+ DEV_MEM, strerror(errno)); -+ } -+ } -+ } -+ if (warn) { -+#ifndef HAS_APERTURE_DRV -+ xf86Msg(X_WARNING, "checkDevMem: failed to open/mmap %s (%s)\n", -+ DEV_MEM, strerror(errno)); -+#else -+#ifndef __OpenBSD__ -+ xf86Msg(X_WARNING, "checkDevMem: failed to open %s and %s\n" -+ "\t(%s)\n", DEV_APERTURE, DEV_MEM, strerror(errno)); -+#else /* __OpenBSD__ */ -+ xf86Msg(X_WARNING, "checkDevMem: failed to open %s and %s\n" -+ "\t(%s)\n%s", DEV_APERTURE, DEV_MEM, strerror(errno), -+ SYSCTL_MSG); -+#endif /* __OpenBSD__ */ -+#endif -+ xf86ErrorF("\tlinear framebuffer access unavailable\n"); -+ } -+ return; -+} -+ -+void -+xf86OSInitVidMem(VidMemInfoPtr pVidMem) -+{ -+ checkDevMem(TRUE); -+ -+ pVidMem->initialised = TRUE; -+} -+ -+#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__OpenBSD__) -+ -+extern int ioperm(unsigned long from, unsigned long num, int on); -+ -+Bool -+xf86EnableIO() -+{ -+ if (!ioperm(0, 65536, TRUE)) -+ return TRUE; -+ return FALSE; -+} -+ -+void -+xf86DisableIO() -+{ -+ return; -+} -+ -+#endif /* __FreeBSD_kernel__ || __OpenBSD__ */ -+ -+#ifdef USE_SW_64_PIO -+ -+Bool -+xf86EnableIO() -+{ -+ sw_64_pci_io_enable(1); -+ return TRUE; -+} -+ -+void -+xf86DisableIO() -+{ -+ sw_64_pci_io_enable(0); -+} -+ -+#endif /* USE_SW_64_PIO */ -+ -+extern int readDense8(void *Base, register unsigned long Offset); -+extern int readDense16(void *Base, register unsigned long Offset); -+extern int readDense32(void *Base, register unsigned long Offset); -+extern void -+ writeDense8(int Value, void *Base, register unsigned long Offset); -+extern void -+ writeDense16(int Value, void *Base, register unsigned long Offset); -+extern void -+ writeDense32(int Value, void *Base, register unsigned long Offset); -+ -+void (*xf86WriteMmio8) (int Value, void *Base, unsigned long Offset) -+ = writeDense8; -+void (*xf86WriteMmio16) (int Value, void *Base, unsigned long Offset) -+ = writeDense16; -+void (*xf86WriteMmio32) (int Value, void *Base, unsigned long Offset) -+ = writeDense32; -+int (*xf86ReadMmio8) (void *Base, unsigned long Offset) -+ = readDense8; -+int (*xf86ReadMmio16) (void *Base, unsigned long Offset) -+ = readDense16; -+int (*xf86ReadMmio32) (void *Base, unsigned long Offset) -+ = readDense32; -diff --git a/hw/xfree86/os-support/linux/lnx_video.c b/hw/xfree86/os-support/linux/lnx_video.c -index 04e4509..d4d7349 100644 ---- a/hw/xfree86/os-support/linux/lnx_video.c -+++ b/hw/xfree86/os-support/linux/lnx_video.c -@@ -111,7 +111,7 @@ hwDisableIO(void) - } - - #elif defined(__i386__) || defined(__x86_64__) || defined(__ia64__) || \ -- defined(__alpha__) -+ defined(__alpha__) || defined(__sw_64__) - - static Bool - hwEnableIO(void) -@@ -121,7 +121,7 @@ hwEnableIO(void) - strerror(errno)); - return FALSE; - } --#if !defined(__alpha__) -+#if !defined(__alpha__) && !defined(__sw_64__) - /* XXX: this is actually not trapping anything because of iopl(3) - * above */ - ioperm(0x40, 4, 0); /* trap access to the timer chip */ -diff --git a/hw/xfree86/os-support/meson.build b/hw/xfree86/os-support/meson.build -index b6e5c97..0e2a127 100644 ---- a/hw/xfree86/os-support/meson.build -+++ b/hw/xfree86/os-support/meson.build -@@ -100,6 +100,8 @@ elif host_machine.system().endswith('bsd') - srcs_xorg_os_support += 'shared/ioperm_noop.c' - elif host_machine.cpu_family() == 'alpha' - srcs_xorg_os_support += 'bsd/alpha_video.c' -+ elif host_machine.cpu_family() == 'sw_64' -+ srcs_xorg_os_support += 'bsd/sw_64_video.c' - endif - - if host_machine.system() == 'freebsd' -diff --git a/hw/xfree86/os-support/misc/SlowBcopy.c b/hw/xfree86/os-support/misc/SlowBcopy.c -index 9d82c71..a7d9a7b 100644 ---- a/hw/xfree86/os-support/misc/SlowBcopy.c -+++ b/hw/xfree86/os-support/misc/SlowBcopy.c -@@ -1,5 +1,5 @@ - /******************************************************************************* -- for Alpha Linux -+ for Alpha/Sw_64 Linux - *******************************************************************************/ - - /* -@@ -55,7 +55,7 @@ xf86SlowBcopy(unsigned char *src, unsigned char *dst, int len) - *dst++ = *src++; - } - --#ifdef __alpha__ -+#if defined __alpha__ || defined __sw_64__ - - #ifdef __linux__ - -diff --git a/include/xorg-config.h.in b/include/xorg-config.h.in -index bf555eb..c1dc7b6 100644 ---- a/include/xorg-config.h.in -+++ b/include/xorg-config.h.in -@@ -82,6 +82,10 @@ - /* Building vgahw module */ - #undef WITH_VGAHW - -+/* NetBSD PIO sw_64 IO */ -+#undef USE_SW_64_PIO -+ -+/* BSD AMD64 iopl */ - /* NetBSD PIO alpha IO */ - #undef USE_ALPHA_PIO - -diff --git a/include/xorg-config.h.meson.in b/include/xorg-config.h.meson.in -index 1e4213f..96d86b2 100644 ---- a/include/xorg-config.h.meson.in -+++ b/include/xorg-config.h.meson.in -@@ -79,6 +79,10 @@ - /* Building vgahw module */ - #mesondefine WITH_VGAHW - -+/* NetBSD PIO sw_64 IO */ -+#mesondefine USE_SW_64_PIO -+ -+/* BSD AMD64 iopl */ - /* NetBSD PIO alpha IO */ - #mesondefine USE_ALPHA_PIO - -diff --git a/xkb/xkbInit.c b/xkb/xkbInit.c -index 9e45b4b..c290fac 100644 ---- a/xkb/xkbInit.c -+++ b/xkb/xkbInit.c -@@ -53,7 +53,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. - - #define CREATE_ATOM(s) MakeAtom(s,sizeof(s)-1,1) - --#if defined(__alpha) || defined(__alpha__) -+#if defined(__alpha) || defined(__alpha__) || defined(__sw_64) || defined(__sw_64__) - #define LED_COMPOSE 2 - #define LED_CAPS 3 - #define LED_SCROLL 4 --- -2.31.1 - diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 78e54e0..89827d1 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -9,7 +9,6 @@ # check out the master branch, pull, cherry-pick, and push. # X.org requires lazy relocations to work. -%define anolis_release .0.1 %undefine _hardened_build %undefine _strict_symbol_defs_build @@ -47,7 +46,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server Version: 1.20.11 -Release: 25%{?gitdate:.%{gitdate}}%{anolis_release}%{?dist} +Release: 26%{?gitdate:.%{gitdate}}%{?dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -103,7 +102,6 @@ Patch18: 0001-mustard-Work-around-broken-fbdev-headers.patch # fix to be upstreamed Patch100: 0001-linux-Make-platform-device-probe-less-fragile.patch Patch102: 0001-xfree86-ensure-the-readlink-buffer-is-null-terminate.patch -Patch103: 0100-phytium-xorg-x11-server-bmc.patch # fix already upstream Patch200: 0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch @@ -192,7 +190,18 @@ Patch10048: 0004-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch Patch10049: 0001-render-Avoid-possible-double-free-in-ProcRenderAddGl.patch # CVE-2024-9632 Patch10050: 0001-xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch -Patch20000: xorg-server-1.20.11-sw.patch +# CVE-2025-49175: Out-of-bounds access in X Rendering extension +Patch10051: 0001-render-Avoid-0-or-less-animated-cursors.patch +# CVE-2025-49176: Integer overflow in Big Requests Extension +Patch10052: 0002-os-Do-not-overflow-the-integer-size-with-BigRequest.patch +Patch10053: 0003-os-Check-for-integer-overflow-on-BigRequest-length.patch +# CVE-2025-49178: Unprocessed client request via bytes to ignore +Patch10054: 0004-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch +# CVE-2025-49179: Integer overflow in X Record extension +Patch10055: 0005-record-Check-for-overflow-in-RecordSanityCheckRegist.patch +# CVE-2025-49180: Integer overflow in RandR extension +Patch10056: 0006-randr-Check-for-overflow-in-RRChangeProviderProperty.patch +Patch10057: 0007-xfree86-Check-for-RandR-provider-functions.patch BuildRequires: make BuildRequires: systemtap-sdt-devel @@ -275,11 +284,6 @@ Obsoletes: xorg-x11-glamor < %{version}-%{release} Provides: xorg-x11-glamor = %{version}-%{release} Obsoletes: xorg-x11-drv-modesetting < %{version}-%{release} Provides: xorg-x11-drv-modesetting = %{version}-%{release} -Provides: /usr/bin/X -Provides: /usr/bin/Xorg -Provides: /usr/bin/cvt -Provides: /usr/bin/gtf - # Dropped from F25 Obsoletes: xorg-x11-drv-vmmouse < 13.1.0-4 @@ -293,7 +297,6 @@ Requires: xorg-x11-drv-vesa %endif %endif Requires: libEGL -Requires: glibc %description Xorg X.org X11 is an open source implementation of the X Window System. It @@ -306,9 +309,7 @@ upon. Summary: A nested server Group: User Interface/X Requires: xorg-x11-server-common >= %{version}-%{release} -Requires: glibc Provides: Xnest -Provides: /usr/bin/Xnest %description Xnest Xnest is an X server which has been implemented as an ordinary @@ -322,20 +323,7 @@ applications without running them on their real X server. Summary: Distributed Multihead X Server and utilities Group: User Interface/X Requires: xorg-x11-server-common >= %{version}-%{release} -Requires: glibc Provides: Xdmx -Provides: /usr/bin/Xdmx -Provides: /usr/bin/dmxaddinput -Provides: /usr/bin/dmxaddscreen -Provides: /usr/bin/dmxinfo -Provides: /usr/bin/dmxreconfig -Provides: /usr/bin/dmxresize -Provides: /usr/bin/dmxrminput -Provides: /usr/bin/dmxrmscreen -Provides: /usr/bin/dmxtodmx -Provides: /usr/bin/dmxwininfo -Provides: /usr/bin/vdltodmx -Provides: /usr/bin/xdmxconfig %description Xdmx Xdmx is proxy X server that provides multi-head support for multiple displays @@ -358,8 +346,6 @@ Requires: xorg-x11-server-common >= %{version}-%{release} Requires: xorg-x11-xauth Requires: util-linux Provides: Xvfb -Provides: /usr/bin/Xvfb -Provides: /usr/bin/xvfb-run %description Xvfb Xvfb (X Virtual Frame Buffer) is an X server that is able to run on @@ -373,9 +359,7 @@ is normally used for testing servers. Summary: A nested server Group: User Interface/X Requires: xorg-x11-server-common >= %{version}-%{release} -Requires: glibc Provides: Xephyr -Provides: /usr/bin/Xephyr %description Xephyr Xephyr is an X server which has been implemented as an ordinary @@ -395,11 +379,9 @@ Requires: xorg-x11-util-macros Requires: xorg-x11-proto-devel Requires: libXfont2-devel Requires: pkgconfig pixman-devel libpciaccess-devel -Requires: glibc Provides: xorg-x11-server-static Obsoletes: xorg-x11-glamor-devel < %{version}-%{release} Provides: xorg-x11-glamor-devel = %{version}-%{release} -Provides: /usr/bin/xserver-sdk-abi-requires %description devel The SDK package provides the developmental files which are necessary for @@ -417,14 +399,6 @@ BuildArch: noarch Xserver source code needed to build VNC server (Xvnc) -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: xorg-x11-server-common = %{version}-%{release} - -%description doc -Doc pages for %{name}. - %prep %autosetup -N -n %{pkgname}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}} rm -rf .git @@ -553,10 +527,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %endif } -%files doc -%doc COPYING %files common +%doc COPYING %{_mandir}/man1/Xserver.1* %{_libdir}/xorg/protocol.txt %dir %{_localstatedir}/lib/xkb @@ -644,6 +617,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man1/Xephyr.1* %files devel +%doc COPYING #{_docdir}/xorg-server %{_bindir}/xserver-sdk-abi-requires %{_libdir}/pkgconfig/xorg-server.pc @@ -656,12 +630,10 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %changelog -* Tue Nov 05 2024 Hangbo Fan - 1.20.11-25.0.1 -- Add doc sub package -- Fix doc package installation (wangkaiyuan@inspur.com) -- cherry-pick `add sw arch #1ba6a0036d929c82c5516a18350d5c27cc28e210`. (nijie@wxiat.com) -- cherry-pick: `add sw arch #3b1aa1ee2c00aeebe71a618589826c2d1cab136e`. (Weisson@linux.alibaba.com) -- Fix the splash screen issue in the phytium S5000C (yuanxia2073@phytium.com.cn) +* Wed Jun 18 2025 Olivier Fourdan - 1.20.11-26 +- CVE fix for: CVE-2025-49175 (RHEL-97273), CVE-2025-49176 (RHEL-97329), + CVE-2025-49178 (RHEL-97369), CVE-2025-49179 (RHEL-97422), + CVE-2025-49180 (RHEL-97235) * Tue Oct 29 2024 José Expósito - 1.20.11-25 - CVE fix for CVE-2024-9632 -- Gitee From be412ac204d89b347bc588de1fcee71f24c70a6a Mon Sep 17 00:00:00 2001 From: HangBo Fan Date: Sat, 16 Jul 2022 15:41:56 +0800 Subject: [PATCH 2/5] spec: add doc sub package --- xorg-x11-server.spec | 45 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 89827d1..c39a210 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -9,6 +9,7 @@ # check out the master branch, pull, cherry-pick, and push. # X.org requires lazy relocations to work. +%define anolis_release .0.1 %undefine _hardened_build %undefine _strict_symbol_defs_build @@ -46,7 +47,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server Version: 1.20.11 -Release: 26%{?gitdate:.%{gitdate}}%{?dist} +Release: 26%{?gitdate:.%{gitdate}}%{anolis_release}%{?dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -284,6 +285,11 @@ Obsoletes: xorg-x11-glamor < %{version}-%{release} Provides: xorg-x11-glamor = %{version}-%{release} Obsoletes: xorg-x11-drv-modesetting < %{version}-%{release} Provides: xorg-x11-drv-modesetting = %{version}-%{release} +Provides: /usr/bin/X +Provides: /usr/bin/Xorg +Provides: /usr/bin/cvt +Provides: /usr/bin/gtf + # Dropped from F25 Obsoletes: xorg-x11-drv-vmmouse < 13.1.0-4 @@ -297,6 +303,7 @@ Requires: xorg-x11-drv-vesa %endif %endif Requires: libEGL +Requires: glibc %description Xorg X.org X11 is an open source implementation of the X Window System. It @@ -309,7 +316,9 @@ upon. Summary: A nested server Group: User Interface/X Requires: xorg-x11-server-common >= %{version}-%{release} +Requires: glibc Provides: Xnest +Provides: /usr/bin/Xnest %description Xnest Xnest is an X server which has been implemented as an ordinary @@ -323,7 +332,20 @@ applications without running them on their real X server. Summary: Distributed Multihead X Server and utilities Group: User Interface/X Requires: xorg-x11-server-common >= %{version}-%{release} +Requires: glibc Provides: Xdmx +Provides: /usr/bin/Xdmx +Provides: /usr/bin/dmxaddinput +Provides: /usr/bin/dmxaddscreen +Provides: /usr/bin/dmxinfo +Provides: /usr/bin/dmxreconfig +Provides: /usr/bin/dmxresize +Provides: /usr/bin/dmxrminput +Provides: /usr/bin/dmxrmscreen +Provides: /usr/bin/dmxtodmx +Provides: /usr/bin/dmxwininfo +Provides: /usr/bin/vdltodmx +Provides: /usr/bin/xdmxconfig %description Xdmx Xdmx is proxy X server that provides multi-head support for multiple displays @@ -346,6 +368,8 @@ Requires: xorg-x11-server-common >= %{version}-%{release} Requires: xorg-x11-xauth Requires: util-linux Provides: Xvfb +Provides: /usr/bin/Xvfb +Provides: /usr/bin/xvfb-run %description Xvfb Xvfb (X Virtual Frame Buffer) is an X server that is able to run on @@ -359,7 +383,9 @@ is normally used for testing servers. Summary: A nested server Group: User Interface/X Requires: xorg-x11-server-common >= %{version}-%{release} +Requires: glibc Provides: Xephyr +Provides: /usr/bin/Xephyr %description Xephyr Xephyr is an X server which has been implemented as an ordinary @@ -379,9 +405,11 @@ Requires: xorg-x11-util-macros Requires: xorg-x11-proto-devel Requires: libXfont2-devel Requires: pkgconfig pixman-devel libpciaccess-devel +Requires: glibc Provides: xorg-x11-server-static Obsoletes: xorg-x11-glamor-devel < %{version}-%{release} Provides: xorg-x11-glamor-devel = %{version}-%{release} +Provides: /usr/bin/xserver-sdk-abi-requires %description devel The SDK package provides the developmental files which are necessary for @@ -399,6 +427,14 @@ BuildArch: noarch Xserver source code needed to build VNC server (Xvnc) +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description doc +Doc pages for %{name}. + %prep %autosetup -N -n %{pkgname}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}} rm -rf .git @@ -527,9 +563,10 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %endif } +%files doc +%doc COPYING %files common -%doc COPYING %{_mandir}/man1/Xserver.1* %{_libdir}/xorg/protocol.txt %dir %{_localstatedir}/lib/xkb @@ -617,7 +654,6 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man1/Xephyr.1* %files devel -%doc COPYING #{_docdir}/xorg-server %{_bindir}/xserver-sdk-abi-requires %{_libdir}/pkgconfig/xorg-server.pc @@ -630,6 +666,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %changelog +* Wed Jun 25 2025 Hangbo Fan - 1.20.11-26.0.1 +- Add doc sub package + * Wed Jun 18 2025 Olivier Fourdan - 1.20.11-26 - CVE fix for: CVE-2025-49175 (RHEL-97273), CVE-2025-49176 (RHEL-97329), CVE-2025-49178 (RHEL-97369), CVE-2025-49179 (RHEL-97422), -- Gitee From de4af8fc9f2b679dbc6be67566cba3750df6c518 Mon Sep 17 00:00:00 2001 From: wangkaiyuan Date: Mon, 19 Dec 2022 01:47:48 +0000 Subject: [PATCH 3/5] Fix doc package installation Signed-off-by: wangkaiyuan --- xorg-x11-server.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index c39a210..a9f9c8b 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -430,7 +430,7 @@ Xserver source code needed to build VNC server (Xvnc) %package doc Summary: Documents for %{name} BuildArch: noarch -Requires: %{name} = %{version}-%{release} +Requires: xorg-x11-server-common = %{version}-%{release} %description doc Doc pages for %{name}. @@ -668,6 +668,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %changelog * Wed Jun 25 2025 Hangbo Fan - 1.20.11-26.0.1 - Add doc sub package +- Fix doc package installation (wangkaiyuan@inspur.com) * Wed Jun 18 2025 Olivier Fourdan - 1.20.11-26 - CVE fix for: CVE-2025-49175 (RHEL-97273), CVE-2025-49176 (RHEL-97329), -- Gitee From 91993a16e3650c0bd077f79fe647d1e0fc2eb484 Mon Sep 17 00:00:00 2001 From: Weisson Date: Thu, 29 Feb 2024 15:14:42 +0800 Subject: [PATCH 4/5] cherry-pick: `add sw arch #3b1aa1ee2c00aeebe71a618589826c2d1cab136e`. Signed-off-by: Weisson --- xorg-server-1.20.11-sw.patch | 526 +++++++++++++++++++++++++++++++++++ xorg-x11-server.spec | 3 + 2 files changed, 529 insertions(+) create mode 100644 xorg-server-1.20.11-sw.patch diff --git a/xorg-server-1.20.11-sw.patch b/xorg-server-1.20.11-sw.patch new file mode 100644 index 0000000..fb97b51 --- /dev/null +++ b/xorg-server-1.20.11-sw.patch @@ -0,0 +1,526 @@ +From 3ae0cebb8e57926591d659dd43c72f961cc94990 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 29 Feb 2024 10:50:12 +0800 +Subject: [PATCH] xorg-server-1.20.11-sw.patch + +Signed-off-by: rpm-build +--- + configure.ac | 9 + + hw/xfree86/common/compiler.h | 24 ++- + hw/xfree86/dri/dri.c | 2 +- + hw/xfree86/dri/sarea.h | 2 +- + hw/xfree86/os-support/bsd/Makefile.am | 6 + + hw/xfree86/os-support/bsd/sw_64_video.c | 234 ++++++++++++++++++++++++ + hw/xfree86/os-support/linux/lnx_video.c | 4 +- + hw/xfree86/os-support/meson.build | 2 + + hw/xfree86/os-support/misc/SlowBcopy.c | 4 +- + include/xorg-config.h.in | 4 + + include/xorg-config.h.meson.in | 4 + + xkb/xkbInit.c | 2 +- + 12 files changed, 281 insertions(+), 16 deletions(-) + create mode 100644 hw/xfree86/os-support/bsd/sw_64_video.c + +diff --git a/configure.ac b/configure.ac +index 915941c..7a09cee 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -257,6 +257,14 @@ DEFAULT_INT10="x86emu" + dnl Override defaults as needed for specific platforms: + + case $host_cpu in ++ sw_64*) ++ SW_64_VIDEO=yes ++ case $host_os in ++ *freebsd*) SYS_LIBS=-lio ;; ++ *netbsd*) AC_DEFINE(USE_ALPHA_PIO, 1, [NetBSD PIO sw_64 IO]) ;; ++ esac ++ GLX_ARCH_DEFINES="-D__GLX_ALIGN64 -mieee" ++ ;; + alpha*) + ALPHA_VIDEO=yes + case $host_os in +@@ -318,6 +326,7 @@ AC_SUBST(GLX_ARCH_DEFINES) + + dnl BSD *_video.c selection + AM_CONDITIONAL(ALPHA_VIDEO, [test "x$ALPHA_VIDEO" = xyes]) ++AM_CONDITIONAL(SW_64_VIDEO, [test "x$SW_64_VIDEO" = xyes]) + AM_CONDITIONAL(ARM_VIDEO, [test "x$ARM_VIDEO" = xyes]) + AM_CONDITIONAL(I386_VIDEO, [test "x$I386_VIDEO" = xyes]) + AM_CONDITIONAL(PPC_VIDEO, [test "x$PPC_VIDEO" = xyes]) +diff --git a/hw/xfree86/common/compiler.h b/hw/xfree86/common/compiler.h +index 2b2008b..2657620 100644 +--- a/hw/xfree86/common/compiler.h ++++ b/hw/xfree86/common/compiler.h +@@ -99,6 +99,7 @@ + #if !defined(__arm__) + #if !defined(__sparc__) && !defined(__arm32__) && !defined(__nds32__) \ + && !(defined(__alpha__) && defined(__linux__)) \ ++ && !(defined(__sw_64__) && defined(__linux__)) \ + && !(defined(__ia64__) && defined(__linux__)) \ + && !(defined(__mips64) && defined(__linux__)) \ + +@@ -109,7 +110,7 @@ extern _X_EXPORT unsigned int inb(unsigned short); + extern _X_EXPORT unsigned int inw(unsigned short); + extern _X_EXPORT unsigned int inl(unsigned short); + +-#else /* __sparc__, __arm32__, __alpha__, __nds32__ */ ++#else /* __sparc__, __arm32__, __alpha__, __sw_64__, __nds32__ */ + extern _X_EXPORT void outb(unsigned long, unsigned char); + extern _X_EXPORT void outw(unsigned long, unsigned short); + extern _X_EXPORT void outl(unsigned long, unsigned int); +@@ -129,7 +130,7 @@ extern _X_EXPORT void xf86WriteMmio16Le (void *, unsigned long, unsigned int); + extern _X_EXPORT void xf86WriteMmio32Be (void *, unsigned long, unsigned int); + extern _X_EXPORT void xf86WriteMmio32Le (void *, unsigned long, unsigned int); + #endif /* _SUNPRO_C */ +-#endif /* __sparc__, __arm32__, __alpha__, __nds32__ */ ++#endif /* __sparc__, __arm32__, __alpha__, __sw_64__, __nds32__ */ + #endif /* __arm__ */ + + #endif /* NO_INLINE || DO_PROTOTYPES */ +@@ -149,6 +150,11 @@ extern _X_EXPORT void xf86WriteMmio32Le (void *, unsigned long, unsigned int); + #define mem_barrier() __asm__ __volatile__ ("lock; addl $0,0(%%esp)" : : : "memory") + #endif + ++#elif defined __sw_64__ ++ ++#define mem_barrier() __asm__ __volatile__ ("memb" : : : "memory") ++#define write_mem_barrier() __asm__ __volatile__ ("memb" : : : "memory") ++ + #elif defined __alpha__ + + #define mem_barrier() __asm__ __volatile__ ("mb" : : : "memory") +@@ -213,7 +219,7 @@ extern _X_EXPORT void xf86WriteMmio32Le (void *, unsigned long, unsigned int); + #endif + + #ifdef __GNUC__ +-#if defined(__alpha__) ++#if defined(__alpha__) || defined(__sw_64__) + + #ifdef __linux__ + /* for Linux on Alpha, we use the LIBC _inx/_outx routines */ +@@ -955,7 +961,7 @@ inl(unsigned PORT_SIZE port) + #define MMIO_IS_BE + #endif + +-#ifdef __alpha__ ++#if defined __alpha__ || defined __sw_64__ + static inline int + xf86ReadMmio8(void *Base, unsigned long Offset) + { +@@ -1068,7 +1074,7 @@ extern _X_EXPORT void xf86SlowBCopyToBus(unsigned char *, unsigned char *, int); + xf86WriteMmio32(base, offset, (CARD32)(val)) + #endif + +-#else /* !__alpha__ && !__powerpc__ && !__sparc__ */ ++#else /* !__alpha__ && !__sw_64__ && !__powerpc__ && !__sparc__ */ + + #define MMIO_IN8(base, offset) \ + *(volatile CARD8 *)(((CARD8*)(base)) + (offset)) +@@ -1083,19 +1089,19 @@ extern _X_EXPORT void xf86SlowBCopyToBus(unsigned char *, unsigned char *, int); + #define MMIO_OUT32(base, offset, val) \ + *(volatile CARD32 *)(void *)(((CARD8*)(base)) + (offset)) = (val) + +-#endif /* __alpha__ */ ++#endif /* __alpha__, __sw_64__ */ + + /* + * With Intel, the version in os-support/misc/SlowBcopy.s is used. + * This avoids port I/O during the copy (which causes problems with + * some hardware). + */ +-#ifdef __alpha__ ++#if defined __alpha__ || defined __sw_64___ + #define slowbcopy_tobus(src,dst,count) xf86SlowBCopyToBus(src,dst,count) + #define slowbcopy_frombus(src,dst,count) xf86SlowBCopyFromBus(src,dst,count) +-#else /* __alpha__ */ ++#else /* __alpha__, __sw_64__ */ + #define slowbcopy_tobus(src,dst,count) xf86SlowBcopy(src,dst,count) + #define slowbcopy_frombus(src,dst,count) xf86SlowBcopy(src,dst,count) +-#endif /* __alpha__ */ ++#endif /* __alpha__, __sw_64__ */ + + #endif /* _COMPILER_H */ +diff --git a/hw/xfree86/dri/dri.c b/hw/xfree86/dri/dri.c +index 9f70759..091681e 100644 +--- a/hw/xfree86/dri/dri.c ++++ b/hw/xfree86/dri/dri.c +@@ -2012,7 +2012,7 @@ DRISpinLockTimeout(drmLock * lock, int val, unsigned long timeout /* in mS */ ) + { + int count = 10000; + +-#if !defined(__alpha__) && !defined(__powerpc__) ++#if !defined(__alpha__) && !defined(__powerpc__) && !defined(__sw_64__) + char ret; + #else + int ret; +diff --git a/hw/xfree86/dri/sarea.h b/hw/xfree86/dri/sarea.h +index 1bef242..cd7e416 100644 +--- a/hw/xfree86/dri/sarea.h ++++ b/hw/xfree86/dri/sarea.h +@@ -39,7 +39,7 @@ + #include "xf86drm.h" + + /* SAREA area needs to be at least a page */ +-#if defined(__alpha__) ++#if defined(__alpha__) || defined(__sw_64__) + #define SAREA_MAX 0x2000 + #elif defined(__ia64__) + #define SAREA_MAX 0x10000 /* 64kB */ +diff --git a/hw/xfree86/os-support/bsd/Makefile.am b/hw/xfree86/os-support/bsd/Makefile.am +index 66ac838..38fe659 100644 +--- a/hw/xfree86/os-support/bsd/Makefile.am ++++ b/hw/xfree86/os-support/bsd/Makefile.am +@@ -29,6 +29,12 @@ ARCH_SOURCES = \ + alpha_video.c + endif + ++if SW_64_VIDEO ++# Cheat here and piggyback other sw_64 bits on SW_64_VIDEO. ++ARCH_SOURCES = \ ++ sw_64_video.c ++endif ++ + if ARM_VIDEO + ARCH_SOURCES = arm_video.c + endif +diff --git a/hw/xfree86/os-support/bsd/sw_64_video.c b/hw/xfree86/os-support/bsd/sw_64_video.c +new file mode 100644 +index 0000000..7c42435 +--- /dev/null ++++ b/hw/xfree86/os-support/bsd/sw_64_video.c +@@ -0,0 +1,234 @@ ++/* ++ * Copyright 1992 by Rich Murphey ++ * Copyright 1993 by David Wexelblat ++ * ++ * Permission to use, copy, modify, distribute, and sell this software and its ++ * documentation for any purpose is hereby granted without fee, provided that ++ * the above copyright notice appear in all copies and that both that ++ * copyright notice and this permission notice appear in supporting ++ * documentation, and that the names of Rich Murphey and David Wexelblat ++ * not be used in advertising or publicity pertaining to distribution of ++ * the software without specific, written prior permission. Rich Murphey and ++ * David Wexelblat make no representations about the suitability of this ++ * software for any purpose. It is provided "as is" without express or ++ * implied warranty. ++ * ++ * RICH MURPHEY AND DAVID WEXELBLAT DISCLAIM ALL WARRANTIES WITH REGARD TO ++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND ++ * FITNESS, IN NO EVENT SHALL RICH MURPHEY OR DAVID WEXELBLAT BE LIABLE FOR ++ * ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ++ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF ++ * CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN ++ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * ++ */ ++ ++#ifdef HAVE_XORG_CONFIG_H ++#include ++#endif ++ ++#include ++#include "xf86.h" ++#include "xf86Priv.h" ++ ++#include ++#ifndef __NetBSD__ ++#include ++#endif ++ ++#include "xf86_OSlib.h" ++#include "xf86OSpriv.h" ++ ++#if defined(__NetBSD__) && !defined(MAP_FILE) ++#define MAP_FLAGS MAP_SHARED ++#else ++#define MAP_FLAGS (MAP_FILE | MAP_SHARED) ++#endif ++ ++#ifndef __NetBSD__ ++extern unsigned long dense_base(void); ++#else /* __NetBSD__ */ ++static struct sw_64_bus_window *abw; ++static int abw_count = -1; ++ ++static void ++init_abw(void) ++{ ++ if (abw_count < 0) { ++ abw_count = sw_64_bus_getwindows(SW_64_BUS_TYPE_PCI_MEM, &abw); ++ if (abw_count <= 0) ++ FatalError("init_abw: sw_64_bus_getwindows failed\n"); ++ } ++} ++ ++static unsigned long ++dense_base(void) ++{ ++ if (abw_count < 0) ++ init_abw(); ++ ++ /* XXX check abst_flags for ABST_DENSE just to be safe? */ ++ xf86Msg(X_INFO, "dense base = %#lx\n", abw[0].abw_abst.abst_sys_start); /* XXXX */ ++ return abw[0].abw_abst.abst_sys_start; ++} ++ ++#endif /* __NetBSD__ */ ++ ++#define BUS_BASE dense_base() ++ ++/***************************************************************************/ ++/* Video Memory Mapping section */ ++/***************************************************************************/ ++ ++#ifdef __OpenBSD__ ++#define SYSCTL_MSG "\tCheck that you have set 'machdep.allowaperture=1'\n"\ ++ "\tin /etc/sysctl.conf and reboot your machine\n" \ ++ "\trefer to xf86(4) for details" ++#endif ++ ++static int devMemFd = -1; ++ ++#ifdef HAS_APERTURE_DRV ++#define DEV_APERTURE "/dev/xf86" ++#endif ++ ++/* ++ * Check if /dev/mem can be mmap'd. If it can't print a warning when ++ * "warn" is TRUE. ++ */ ++static void ++checkDevMem(Bool warn) ++{ ++ static Bool devMemChecked = FALSE; ++ int fd; ++ void *base; ++ ++ if (devMemChecked) ++ return; ++ devMemChecked = TRUE; ++ ++#ifdef HAS_APERTURE_DRV ++ /* Try the aperture driver first */ ++ if ((fd = open(DEV_APERTURE, O_RDWR)) >= 0) { ++ /* Try to map a page at the VGA address */ ++ base = mmap((caddr_t) 0, 4096, PROT_READ | PROT_WRITE, ++ MAP_FLAGS, fd, (off_t) 0xA0000 + BUS_BASE); ++ ++ if (base != MAP_FAILED) { ++ munmap((caddr_t) base, 4096); ++ devMemFd = fd; ++ xf86Msg(X_INFO, "checkDevMem: using aperture driver %s\n", ++ DEV_APERTURE); ++ return; ++ } ++ else { ++ if (warn) { ++ xf86Msg(X_WARNING, "checkDevMem: failed to mmap %s (%s)\n", ++ DEV_APERTURE, strerror(errno)); ++ } ++ } ++ } ++#endif ++ if ((fd = open(DEV_MEM, O_RDWR)) >= 0) { ++ /* Try to map a page at the VGA address */ ++ base = mmap((caddr_t) 0, 4096, PROT_READ | PROT_WRITE, ++ MAP_FLAGS, fd, (off_t) 0xA0000 + BUS_BASE); ++ ++ if (base != MAP_FAILED) { ++ munmap((caddr_t) base, 4096); ++ devMemFd = fd; ++ return; ++ } ++ else { ++ if (warn) { ++ xf86Msg(X_WARNING, "checkDevMem: failed to mmap %s (%s)\n", ++ DEV_MEM, strerror(errno)); ++ } ++ } ++ } ++ if (warn) { ++#ifndef HAS_APERTURE_DRV ++ xf86Msg(X_WARNING, "checkDevMem: failed to open/mmap %s (%s)\n", ++ DEV_MEM, strerror(errno)); ++#else ++#ifndef __OpenBSD__ ++ xf86Msg(X_WARNING, "checkDevMem: failed to open %s and %s\n" ++ "\t(%s)\n", DEV_APERTURE, DEV_MEM, strerror(errno)); ++#else /* __OpenBSD__ */ ++ xf86Msg(X_WARNING, "checkDevMem: failed to open %s and %s\n" ++ "\t(%s)\n%s", DEV_APERTURE, DEV_MEM, strerror(errno), ++ SYSCTL_MSG); ++#endif /* __OpenBSD__ */ ++#endif ++ xf86ErrorF("\tlinear framebuffer access unavailable\n"); ++ } ++ return; ++} ++ ++void ++xf86OSInitVidMem(VidMemInfoPtr pVidMem) ++{ ++ checkDevMem(TRUE); ++ ++ pVidMem->initialised = TRUE; ++} ++ ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__OpenBSD__) ++ ++extern int ioperm(unsigned long from, unsigned long num, int on); ++ ++Bool ++xf86EnableIO() ++{ ++ if (!ioperm(0, 65536, TRUE)) ++ return TRUE; ++ return FALSE; ++} ++ ++void ++xf86DisableIO() ++{ ++ return; ++} ++ ++#endif /* __FreeBSD_kernel__ || __OpenBSD__ */ ++ ++#ifdef USE_SW_64_PIO ++ ++Bool ++xf86EnableIO() ++{ ++ sw_64_pci_io_enable(1); ++ return TRUE; ++} ++ ++void ++xf86DisableIO() ++{ ++ sw_64_pci_io_enable(0); ++} ++ ++#endif /* USE_SW_64_PIO */ ++ ++extern int readDense8(void *Base, register unsigned long Offset); ++extern int readDense16(void *Base, register unsigned long Offset); ++extern int readDense32(void *Base, register unsigned long Offset); ++extern void ++ writeDense8(int Value, void *Base, register unsigned long Offset); ++extern void ++ writeDense16(int Value, void *Base, register unsigned long Offset); ++extern void ++ writeDense32(int Value, void *Base, register unsigned long Offset); ++ ++void (*xf86WriteMmio8) (int Value, void *Base, unsigned long Offset) ++ = writeDense8; ++void (*xf86WriteMmio16) (int Value, void *Base, unsigned long Offset) ++ = writeDense16; ++void (*xf86WriteMmio32) (int Value, void *Base, unsigned long Offset) ++ = writeDense32; ++int (*xf86ReadMmio8) (void *Base, unsigned long Offset) ++ = readDense8; ++int (*xf86ReadMmio16) (void *Base, unsigned long Offset) ++ = readDense16; ++int (*xf86ReadMmio32) (void *Base, unsigned long Offset) ++ = readDense32; +diff --git a/hw/xfree86/os-support/linux/lnx_video.c b/hw/xfree86/os-support/linux/lnx_video.c +index 04e4509..d4d7349 100644 +--- a/hw/xfree86/os-support/linux/lnx_video.c ++++ b/hw/xfree86/os-support/linux/lnx_video.c +@@ -111,7 +111,7 @@ hwDisableIO(void) + } + + #elif defined(__i386__) || defined(__x86_64__) || defined(__ia64__) || \ +- defined(__alpha__) ++ defined(__alpha__) || defined(__sw_64__) + + static Bool + hwEnableIO(void) +@@ -121,7 +121,7 @@ hwEnableIO(void) + strerror(errno)); + return FALSE; + } +-#if !defined(__alpha__) ++#if !defined(__alpha__) && !defined(__sw_64__) + /* XXX: this is actually not trapping anything because of iopl(3) + * above */ + ioperm(0x40, 4, 0); /* trap access to the timer chip */ +diff --git a/hw/xfree86/os-support/meson.build b/hw/xfree86/os-support/meson.build +index b6e5c97..0e2a127 100644 +--- a/hw/xfree86/os-support/meson.build ++++ b/hw/xfree86/os-support/meson.build +@@ -100,6 +100,8 @@ elif host_machine.system().endswith('bsd') + srcs_xorg_os_support += 'shared/ioperm_noop.c' + elif host_machine.cpu_family() == 'alpha' + srcs_xorg_os_support += 'bsd/alpha_video.c' ++ elif host_machine.cpu_family() == 'sw_64' ++ srcs_xorg_os_support += 'bsd/sw_64_video.c' + endif + + if host_machine.system() == 'freebsd' +diff --git a/hw/xfree86/os-support/misc/SlowBcopy.c b/hw/xfree86/os-support/misc/SlowBcopy.c +index 9d82c71..a7d9a7b 100644 +--- a/hw/xfree86/os-support/misc/SlowBcopy.c ++++ b/hw/xfree86/os-support/misc/SlowBcopy.c +@@ -1,5 +1,5 @@ + /******************************************************************************* +- for Alpha Linux ++ for Alpha/Sw_64 Linux + *******************************************************************************/ + + /* +@@ -55,7 +55,7 @@ xf86SlowBcopy(unsigned char *src, unsigned char *dst, int len) + *dst++ = *src++; + } + +-#ifdef __alpha__ ++#if defined __alpha__ || defined __sw_64__ + + #ifdef __linux__ + +diff --git a/include/xorg-config.h.in b/include/xorg-config.h.in +index bf555eb..c1dc7b6 100644 +--- a/include/xorg-config.h.in ++++ b/include/xorg-config.h.in +@@ -82,6 +82,10 @@ + /* Building vgahw module */ + #undef WITH_VGAHW + ++/* NetBSD PIO sw_64 IO */ ++#undef USE_SW_64_PIO ++ ++/* BSD AMD64 iopl */ + /* NetBSD PIO alpha IO */ + #undef USE_ALPHA_PIO + +diff --git a/include/xorg-config.h.meson.in b/include/xorg-config.h.meson.in +index 1e4213f..96d86b2 100644 +--- a/include/xorg-config.h.meson.in ++++ b/include/xorg-config.h.meson.in +@@ -79,6 +79,10 @@ + /* Building vgahw module */ + #mesondefine WITH_VGAHW + ++/* NetBSD PIO sw_64 IO */ ++#mesondefine USE_SW_64_PIO ++ ++/* BSD AMD64 iopl */ + /* NetBSD PIO alpha IO */ + #mesondefine USE_ALPHA_PIO + +diff --git a/xkb/xkbInit.c b/xkb/xkbInit.c +index 9e45b4b..c290fac 100644 +--- a/xkb/xkbInit.c ++++ b/xkb/xkbInit.c +@@ -53,7 +53,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. + + #define CREATE_ATOM(s) MakeAtom(s,sizeof(s)-1,1) + +-#if defined(__alpha) || defined(__alpha__) ++#if defined(__alpha) || defined(__alpha__) || defined(__sw_64) || defined(__sw_64__) + #define LED_COMPOSE 2 + #define LED_CAPS 3 + #define LED_SCROLL 4 +-- +2.31.1 + diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index a9f9c8b..f4f431e 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -203,6 +203,7 @@ Patch10055: 0005-record-Check-for-overflow-in-RecordSanityCheckRegist.patch # CVE-2025-49180: Integer overflow in RandR extension Patch10056: 0006-randr-Check-for-overflow-in-RRChangeProviderProperty.patch Patch10057: 0007-xfree86-Check-for-RandR-provider-functions.patch +Patch20000: xorg-server-1.20.11-sw.patch BuildRequires: make BuildRequires: systemtap-sdt-devel @@ -669,6 +670,8 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete * Wed Jun 25 2025 Hangbo Fan - 1.20.11-26.0.1 - Add doc sub package - Fix doc package installation (wangkaiyuan@inspur.com) +- cherry-pick `add sw arch #1ba6a0036d929c82c5516a18350d5c27cc28e210`. (nijie@wxiat.com) +- cherry-pick: `add sw arch #3b1aa1ee2c00aeebe71a618589826c2d1cab136e`. (Weisson@linux.alibaba.com) * Wed Jun 18 2025 Olivier Fourdan - 1.20.11-26 - CVE fix for: CVE-2025-49175 (RHEL-97273), CVE-2025-49176 (RHEL-97329), -- Gitee From 3092414374973d4d84f09d43c61889a093d85c6c Mon Sep 17 00:00:00 2001 From: yuan0927 Date: Tue, 21 May 2024 10:08:47 +0800 Subject: [PATCH 5/5] modesetting: add support for phytium S5000C BMC ANBZ: #8989 This patch has been fixed to address the issue of screen distortion in the Phytium S5000C, and it works in conjunction with the patch integrated into the kernel. Signed-off-by: yuan0927 Signed-off-by: WangHao --- 0100-phytium-xorg-x11-server-bmc.patch | 192 +++++++++++++++++++++++++ xorg-x11-server.spec | 2 + 2 files changed, 194 insertions(+) create mode 100644 0100-phytium-xorg-x11-server-bmc.patch diff --git a/0100-phytium-xorg-x11-server-bmc.patch b/0100-phytium-xorg-x11-server-bmc.patch new file mode 100644 index 0000000..a4e03d0 --- /dev/null +++ b/0100-phytium-xorg-x11-server-bmc.patch @@ -0,0 +1,192 @@ +From 2a96fbdc5b15c1d430151cf5bb4390b97993772f Mon Sep 17 00:00:00 2001 +From: yuan0927 +Date: Tue, 21 May 2024 09:40:12 +0800 +Subject: [PATCH 2/2] modesetting: add support for phytium S5000C BMC + +This patch has been fixed to address the issue of screen distortion in the Phytium S5000C, and it works in conjunction with the patch integrated into the kernel. + +Signed-off-by: yuan0927 +Signed-off-by: WangHao +--- + hw/xfree86/drivers/modesetting/driver.c | 158 +++++++++++++++++++++++- + 1 file changed, 157 insertions(+), 1 deletion(-) + +diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c +index ef4a314..f9555e4 100644 +--- a/hw/xfree86/drivers/modesetting/driver.c ++++ b/hw/xfree86/drivers/modesetting/driver.c +@@ -1143,6 +1143,162 @@ msUpdateIntersect(modesettingPtr ms, shadowBufPtr pBuf, BoxPtr box, + return dirty; + } + ++static void align_memcpy(void *dest, void *source, size_t size) ++{ ++ char *dst1, *dst2, *p, *src, *dst; ++ ++ src = (char *)source; ++ dst = (char *)dest; ++ ++ dst1 = (char *)(((unsigned long)dst + 0xf) & ~0xf); ++ dst2 = (char *)(((unsigned long)dst + size) & ~0xf); ++ p = dst; ++ ++ while((p< dst1) && size){ ++ *p++ = *src++; ++ size--; ++ }; ++ ++ memcpy(dst1, (char *)src, (size & (~0xf))); ++ ++ src += (size & (~0xf)); ++ size = (size & 0xf); ++ ++ p = dst2; ++ while(size--){ ++ *p++ = *src++; ++ }; ++} ++ ++#define AST_BMC_VENDOR_ID 0x1a03 ++#define FT_BMC_VENDOR_ID 0x1db7 ++#define FT_BMC_DEVICE_ID 0xdc3e ++#define DRM_AST_VRAM_TYPE_DEVICE 0x0 ++#define DRM_IOCTL_AST_VRAM_TYPE_DEVICE DRM_IO(DRM_COMMAND_BASE + DRM_AST_VRAM_TYPE_DEVICE) ++#define DRM_PHYTIUM_VRAM_TYPE_DEVICE 0x0 ++#define DRM_IOCTL_PHYTIUM_VRAM_TYPE_DEVICE DRM_IO(DRM_COMMAND_BASE + DRM_PHYTIUM_VRAM_TYPE_DEVICE) ++ ++static Bool device_is_ast_bmc(struct pci_device *pci) ++{ ++ if (pci->vendor_id == AST_BMC_VENDOR_ID) { ++ return TRUE; ++ } ++ ++ return FALSE; ++} ++ ++static Bool device_is_ft_bmc(struct pci_device *pci) ++{ ++ if (pci->vendor_id == FT_BMC_VENDOR_ID && pci->device_id == FT_BMC_DEVICE_ID) { ++ return TRUE; ++ } ++ ++ return FALSE; ++} ++ ++static void ++msshadowUpdatePacked(ScreenPtr pScreen, shadowBufPtr pBuf) ++{ ++ RegionPtr damage = DamageRegion(pBuf->pDamage); ++ PixmapPtr pShadow = pBuf->pPixmap; ++ int nbox = RegionNumRects(damage); ++ BoxPtr pbox = RegionRects(damage); ++ FbBits *shaBase, *shaLine, *sha; ++ FbStride shaStride; ++ int scrBase, scrLine, scr; ++ int shaBpp; ++ _X_UNUSED int shaXoff, shaYoff; ++ int x, y, w, h, width; ++ int i; ++ FbBits *winBase = NULL, *win; ++ CARD32 winSize; ++ static Bool firstQuery = TRUE; ++ static Bool forceAlign = FALSE; ++ Bool isAstBMC = FALSE; ++ Bool isFtBMC = FALSE; ++ ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen); ++ modesettingPtr ms = modesettingPTR(pScrn); ++ struct pci_device *pci = NULL; ++ ++ if (BUS_PLATFORM == ms->pEnt->location.type) { ++ pci = ms->pEnt->location.id.plat->pdev; ++ } else if (BUS_PCI == ms->pEnt->location.type) { ++ pci = ms->pEnt->location.id.pci; ++ } ++ ++ if (pci && device_is_ast_bmc(pci)) { ++ isAstBMC = TRUE; ++ if (firstQuery) { ++ if (1 == drmIoctl(ms->fd, DRM_IOCTL_AST_VRAM_TYPE_DEVICE, NULL)) { ++ forceAlign = TRUE; ++ } ++ firstQuery = FALSE; ++ } ++ } else if (pci && device_is_ft_bmc(pci)) { ++ isFtBMC = TRUE; ++ if (firstQuery) { ++ if (1 == drmIoctl(ms->fd, DRM_IOCTL_PHYTIUM_VRAM_TYPE_DEVICE, NULL)) { ++ forceAlign = TRUE; ++ } ++ firstQuery = FALSE; ++ } ++ } ++ ++ fbGetDrawable(&pShadow->drawable, shaBase, shaStride, shaBpp, shaXoff, ++ shaYoff); ++ while (nbox--) { ++ x = pbox->x1 * shaBpp; ++ y = pbox->y1; ++ w = (pbox->x2 - pbox->x1) * shaBpp; ++ h = pbox->y2 - pbox->y1; ++ ++ scrLine = (x >> FB_SHIFT); ++ shaLine = shaBase + y * shaStride + (x >> FB_SHIFT); ++ ++ x &= FB_MASK; ++ w = (w + x + FB_MASK) >> FB_SHIFT; ++ ++ while (h--) { ++ winSize = 0; ++ scrBase = 0; ++ width = w; ++ scr = scrLine; ++ sha = shaLine; ++ while (width) { ++ /* how much remains in this window */ ++ i = scrBase + winSize - scr; ++ if (i <= 0 || scr < scrBase) { ++ winBase = (FbBits *) (*pBuf->window) (pScreen, ++ y, ++ scr * sizeof(FbBits), ++ SHADOW_WINDOW_WRITE, ++ &winSize, ++ pBuf->closure); ++ if (!winBase) ++ return; ++ scrBase = scr; ++ winSize /= sizeof(FbBits); ++ i = winSize; ++ } ++ win = winBase + (scr - scrBase); ++ if (i > width) ++ i = width; ++ width -= i; ++ scr += i; ++ if ((isFtBMC || isAstBMC) && forceAlign) { ++ align_memcpy(win, sha, i * sizeof(FbBits)); ++ } else { ++ memcpy(win, sha, i * sizeof(FbBits)); ++ } ++ sha += i; ++ } ++ shaLine += shaStride; ++ y++; ++ } ++ pbox++; ++ } ++} ++ + static void + msUpdatePacked(ScreenPtr pScreen, shadowBufPtr pBuf) + { +@@ -1193,7 +1349,7 @@ msUpdatePacked(ScreenPtr pScreen, shadowBufPtr pBuf) + if (use_3224) + shadowUpdate32to24(pScreen, pBuf); + else +- shadowUpdatePacked(pScreen, pBuf); ++ msshadowUpdatePacked(pScreen, pBuf); + } + + static Bool +-- +2.39.3 + diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index f4f431e..e0255ec 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -103,6 +103,7 @@ Patch18: 0001-mustard-Work-around-broken-fbdev-headers.patch # fix to be upstreamed Patch100: 0001-linux-Make-platform-device-probe-less-fragile.patch Patch102: 0001-xfree86-ensure-the-readlink-buffer-is-null-terminate.patch +Patch103: 0100-phytium-xorg-x11-server-bmc.patch # fix already upstream Patch200: 0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch @@ -672,6 +673,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete - Fix doc package installation (wangkaiyuan@inspur.com) - cherry-pick `add sw arch #1ba6a0036d929c82c5516a18350d5c27cc28e210`. (nijie@wxiat.com) - cherry-pick: `add sw arch #3b1aa1ee2c00aeebe71a618589826c2d1cab136e`. (Weisson@linux.alibaba.com) +- Fix the splash screen issue in the phytium S5000C (yuanxia2073@phytium.com.cn) * Wed Jun 18 2025 Olivier Fourdan - 1.20.11-26 - CVE fix for: CVE-2025-49175 (RHEL-97273), CVE-2025-49176 (RHEL-97329), -- Gitee