Tuesday Nov 28, 2006

My favorite new feature in Nevada build 53...

I wrote a couple of weeks ago about the then-upcoming Solaris Nevada build 53 in a mail to the Solaris x86 YahooGroups mailing list:

For desktop users, nv_53 should be awesome. Gnome 2.16, Firefox 2.0, Gnome System Tools, DRI for i845/i855/i865/i915, and, just integrated today, for the first time ever, the nvidia accelerated drivers/GL as part of the Solaris OS install. Attentive viewers may note that it also doesn't have kdmconfig run at install time anymore due to the replacement of Xsun with Xorg as the install-time X server.

Now that I've updated to nv_53 on my main desktop at work (which was actually a big jump from it's previous Solaris 10 6/06 install, but went smoothly via Live Upgrade) I've found my favorite new feature is one I didn't even know about in advance - a popup menu from the JDS toolbar clock that shows the time in different timezones:

Time Zone Popup Menu screen shot

I work with people from around the world - our desktop team is mostly split between Ireland and China, with outliers in New Zealand, Canada, and Illinois. The Architecture Review Committee I serve on at Sun has members on both coasts of the US, and in India and Isreal at the moment. Trying to keep track of what time it is where is more than I can remember most of the time, so I was constantly going to timeanddate.com to check the time in other parts of the world. Now I can add them to my menu for quick reference.

Unfortunately, it was something I discovered by accident and seems to be a little hidden - to get there, right-click on the panel clock and choose Preferences. In the Clock Preferences panel turn on Show time zones button. You should now have a big world/clock icon next to your clock like the one shown above (one that seems too large and out of place for the panel compared to the other icons there). Click on it to bring up the menu and choose Edit Time Zones. Now, you'll have to ignore the actual question shown in the next dialog:

Even though it's asking you to choose your nearest city, it really means “a city in the time zone and jurisdiction you want to see” — it's neither distance to you that matters or distance to the target, but which set of time zone rules and daylight savings change rules are in effect in the target location. For instance, if you want to know the time in Seattle, Washington, you need to choose Los Angeles, which is much farther away than Boise, Idaho or Vancouver, BC, Canada, but unlike Boise, is in the same time zone, and unlike Vancouver, follows the same national time-shifting schedule. It would be nice if it let you edit the name shown, since I normally think of needing to know the time in Beijing, not Shanghai, but it's still much nicer than what I previously did.

[Technorati Tags: , , , ]

Thursday Nov 09, 2006

X Changes in Nevada Builds 50 - 52

I posted our OpenSolaris code drop Tuesday for Nevada Build 52. The last build published was build 49, so this release includes all the changes from builds 50, 51, and 52. Yet out of the 27 changes in those three builds, almost all the questions I get are about just one of them, which can be summarized in 3 little letters:


This build contains the first release of DRI support in Xorg on Solaris. It only supports 3-D hardware acceleration on the Intel i845 through i915 graphics chipsets for this first release, and requires the kernel DRI support included in the Solaris Nevada Build 51 and later kernels, but is a huge first step. Both the kernel and Xorg/Mesa sides are now published in source form on OpenSolaris.org as well, so those who want to see how it was done can take a look, and the truly brave could start thinking about porting other drivers.

If you want pre-built binaries, you'll have to wait another week or two for the Build 52 ISO's to be published as Solaris Express: Community Release. More information on DRI in Solaris can be found in the DRI heads up message from the DRI team. You can browse the kernel side of the sources in the OpenSolaris source browser in these directories (sorry X source isn't on the source browser yet):

One word of warning though - the kernel driver may cause panics on some i855 machines - see bug 6487609 for details.

But wait! As if that wasn't enough, there's still 26 other changes included in this valuable package! And they're not available in stores! For the full list, see the changelog for builds 50-52. Highlights:

6465198 xdpyinfo shows incorrect extensions list on snv11_46
Dynamically loaded extensions like OpenGL have been failing to load in Xsun in the last few Nevada builds - this fixes that.
6423858 [Xorg bug 5898] file creation race condition in Xsession
A small security issue in the default Xsession if you use xdm instead of gdm2 or dtlogin. Patches for Solaris 8, 9, and 10 are coming for this fix.
6475968 Desegregation of X11 External Libraries [PSARC/2006/557]
When we added libXrender, libXdamage, libXfixes, and libXRes to Solaris, the Sun policy called for keeping libraries which we didn't guarantee ABI stability of in a separate path so users didn't “accidentally” depend on them and create applications not covered by the Solaris Binary Compatibility Guarantee. Sun policy has since changed to prefer usability and to not require users to jump through hoops to build software using them, so we've adapted to the new policy by moving these libraries from /usr/openwin/sfw/lib to /usr/X11/lib and putting links to them in /usr/lib.
6477006 keycode 22 reports keysym 0/NoSymbol on Sun Type 6 Unix keyboard
The Unix layouts of Sun's keyboards have a blank key between Help and F1, in the slot Esc uses on the PC layout. (See these diagrams for comparison.) This allows using the same hardware with just different labels on the keys. Unfortunately, this key has always just been assigned a to keycode 0/keysym "NoSymbol", which is pretty useless. Some intrepid users have manually assigned it to a keycode so that it can be assigned to a hotkey in JDS or CDE. To make it easier for others, the blank key now defaults to a keysym name of (wait for it...) “Blank.” Yes, that's right, X11 defines a keysym XK_Blank — and since it doesn't define XK_Any for those who long ago decided it was the mythical key referenced in Press Any Key to Continue, that seemed the best choice. Sadly, only the old serial keyboards send a keycode for this key – the USB ones send nothing up to the X server, so this doesn't help there.
6476476 Xorg modularization: libXfixes
6477401 Xorg modularization: SUNWxorg-client*
We've converted to the Xorg 7.x modular versions of the libraries we and applications we used to get from the X11R6.9 source tree, including libXrandr, libXv, libXvMC, libXxf86misc, libXxf86vm, libxkbfile, xgamma,, xrandr, xvidtune, xvinfo. We've also updated libXfixes, which was previously brought in from the X11R6.8 source to the modular release of libXfixes.

[Technorati Tags: , , , ]

Tuesday Nov 07, 2006

Xserver DTrace probes integrated

It's been a little over a year since I posted the initial open release of the DTrace probes for the X server. I've gotten busy with a number of other things since then but after a little prodding from the JDS team [1], I've finally run them by the Sun Architecture Review Committee (PSARC case id 2006/609), got their thumbs up, completed code review, and integrated into our Solaris builds of Xorg & Xsun (which due to code sharing also means they're in Xnest, Xvfb, and Xprt). If they pass QA testing, they should appear in Nevada Build 53. I've also put them into the X.Org community git master branch, so they should be in Xorg 7.3 when it ships next May. (The autoconf code for them only checks for the dtrace command needed to build, not for the OS, so when MacOS X & FreeBSD users get DTrace, they should be able to build the probes as well.)

I've also updated http://people.freedesktop.org/~alanc/dtrace/ with the few changes made to the probes since initial release (added an event probe, and changed one of the arguments made available by the request-done probe) and to include a patch against the Xorg 7.2.RC1 tarball for the current state of the probes for those who don't want to wait.

[1] The conversation went something like this (slightly paraphrased):

  • me: These JavaScript DTrace Probes are cool! We should include them in the FireFox in Solaris!
  • jmr: Yes - and what about the XServer dtrace probes ;)
  • me: oh, um, well, yeah, okay...

[Technorati Tags: , , , ]

Friday Aug 25, 2006

X Changes in Nevada Build 47

I've fallen behind lately on posting the OpenSolaris X code drops - but I'm back on schedule today with the posting of Nevada Build 47. The big change this build is 4869280: Update xscreensaver to 5.0 (from our previous version 4.05). We still modify it heavily, though the changes to use the SCF smartcard API directly have been removed, and we now rely on PAM for our smartcard support. Other changes we made doing this upgrade time were noted in the ARC review.

Other changes in X in this build:

6457364 SUNW0xman & SUNW0xpmn prototypes should be autogenerated from main
SUNW0\* packages are generated to send to Sun's localization teams for translation - they are templates for localized packages containing the English text and just the files to be translated. Instead of having to update both the base packages and the templates every time we add a man page now, a perl script generates the l10n templates from the base packages.
6454339 Xorg modularization: libXau 1.0.2 (missing FILTER entries in libX11)
In the old X.Org monolithic build, a couple files from libXau were symlinked into the libX11 source and built into libX11 - a holdover from the days before shared library dependencies worked everywhere. Since the systems all supported by X11R7 handle shared library dependencies correctly, this was replaced in X11R7 modular builds by just having libX11 depend on libXau.
In build 46, libXau was replaced with the X11R7 modular version. Instead of symlinking from our modular build tree into our monolithic tree, our monolith libX11 had the files removed and uses the dependency just as the modular libX11 does. Unfortunately, since libX11 was shipped years before we started using linker scoping to hide symbols like this, the function names in libX11 were long exposed, though versioned as SUNWprivate so that appcert would warn that applications could be broken by relying on them. Preserving binary compatibility was easy though, simply by adding FILTER function entries to the libX11 mapfile, like this:
SUNWprivate {
        XauDisposeAuth          = FUNCTION FILTER libXau.so.6;
        XauFileName             = FUNCTION FILTER libXau.so.6;
        XauGetBestAuthByAddr    = FUNCTION FILTER libXau.so.6;
        XauReadAuth             = FUNCTION FILTER libXau.so.6;
Now any function that tries to call those functions in libX11 will get automatically redirected to the correct location in libXau. However, this mapfile change got accidentally missed in the original putback to build 46, so went in this build instead. Because of this, we found that the gnome-panel in Solaris was actually using these functions from libX11 instead of linking to libXau directly as it should have, so while build 47 will restore compatibility for it, the GNOME team is fixing it to link correctly against libXau. (This is the root cause of bug 6461529: gnome-panel crashes when selecting Launch ONLY if logged in using gdm in Nevada build 46.)

The rest are pretty well summarized in their bug reports:

6459557 remote logins to xdm fail since fix for 6398796
6460081 Xorg modularization: libXdmcp 1.0.2
6237253 Xserver man page should include SMF examples
6459143 Need to ship pkgconfig files for modular protocol header packages

[Technorati Tags: , , , ]

Sunday Aug 06, 2006

X Changes in Nevada Builds 43-45

I've fallen behind in both posting the code drops for the OpenSolaris X sources and the summaries of the code changes. I'll try to get back on track with the upcoming Nevada build 46, but for now here's some quick highlights of what went into builds 43, 44, and 45. (For the full list of changes, see the OpenSolaris X Community ChangeLogs page.)

Build 43 — Source Drop 20060612

6398796 Solaris-10: Unable to login thru xdm once password is aged
xdm suffered from the same problem as many legacy programs who had simple password checking code replaced with PAM - instead of implementing a full PAM conversation, where PAM could prompt the user for multiple items, or none at all if using non-keyboard-input authentication methods like smartcards or thumbprint scanners, it just continued to always ask for a username and password and pass them to PAM via a hack that simulated a conversation. While this bug could have been fixed by slightly extending that hack, our experience in trying that with xscreensaver and consultation with Sun's PAM gurus convinced us the best way to solve this was a complete rewrite of xdm's PAM code to offer a full conversation, so we didn't end up with multiple layers of hacks that still didn't offer the full PAM functionality and kept needing to be rewhacked for every place it was found a little more of PAM was needed. This rewrite has also been integrated to the X.Org xdm module, where it's planned for inclusion in an upcoming xdm 1.1 release.
6424854 Decomposition of SUNWxwplt [PSARC/2006/302]
In preparation for the upcoming switch of the Solaris x86 install mini-root from Xsun to Xorg, and to the delight of people everywhere who minimize their Solaris systems, the single SUNWxwplt package which previously contained both the Xsun server and the core X client libraries and applications has been split into three packages. Now SUNWxwplt is the core client-side of X, the parts other packages like Java depend on for libX11 and friends, while Xsun is in a new SUNWxsun-server package. The Xsun keytables were split out to a third package to allow us to hand off responsibility for that package to the localization centers in Sun who have been maintaining them in our package for several years now. And finally, Xprt was split out to a fourth package, to allow us to more easily change it from the old Xsun-based implementation to an Xorg-based version in the future.
6437461 Xorg modularization: common extension protocols
A whole bunch of headers for X11 protocol extensions (see the bug for the full list) were removed from our old X11R6 monolithic build tree and replaced with the corresponding X11R7 proto packages. Users shouldn't see anything, but people building will find us another step closer to being able to build the rest of the X11R7 stack.
And a whole batch of bugs from Henry Zhao's work to improve Xorg auto-configuration - he's working to get these upstream to X.Org as well.
  • 6420892 ATI ES1000: resolution too low on Sun 24-inch LCD
  • 6420309 auto-config improve: Need to move VBE DDC fallback probing from server to drivers
  • 6420320 auto-config improve: nv – Need to consider panel size in mode validation
  • 6420311 auto-config improve: Ferrari 4000 starts with blank screen without xorg.conf
  • 6437062 auto-config: radeon – reboot needed for CRT to function when connected later on Ferrari 4000

Build 44

6436994 radeon: negative refresh rates preventing resolution selection in JDS
Also reported as X.Org Bugzilla #6966, the refresh rates reported by Xrandr when using the ATI driver in MergedFB mode were the combined rates of both screens, which made them appear to be negative and thus caused the GNOME "Change Display Resolution" tool to declare them invalid and not let you change the resolution of a MergedFB display.
And a whole pile of fixes from the Solaris Trusted Extensions team for the XTSol X extension...

Build 45

6261914 Removal of STSF & Xst [PSARC 2006/087]
Sun stopped funding the STSF project a couple of years ago, and switched fully to using Xft in the JDS/GNOME desktop for the Solaris 10 release. This code has been causing problems lately for the integration of other projects, such as Project Looking Glass, so we've announced in the Solaris 10 6/06 release notes plans to remove in the future, and removed it now from Solaris Nevada.
6444546 ia_find_display has small memory leak / fails to cache
The bug report pretty much explains it all - fortunately, in most applications, this is called once during XOpenDisplay(), which most applications only call once, so you'ld lose only a handful of bytes per application. (This code is part of the SolarisIA extension for giving a kernel scheduler priority boost to the process with focus - we've made the code available to X.Org, but it's not integrated into any Xorg releases, so no one else has this particular leak either.)
6450019 root cannot unlock screen
A recent fix to the code in our xscreensaver to allow you to unlock a normal user's session with the root password unfortunately did not allow you to unlock a root session with any password. Oops! (But users who understand security don't login to a desktop session as root anyway.)

[Technorati Tags: , , , ]

Thursday Jun 15, 2006

X Changes in Nevada Build 42

Build 42 sources were posted last week in Source Drop 20060530, so it's time once again for the brief summary of what's changed.

6314490 X app dumps core with LC_ALL != C when XtOpenDisplay() is called twice
The bug report provides a pretty complete description - the fix from our i18n team updated the way we close dlopen()'ed locale modules in XCloseDisplay(). Our libX11 locale module handling is quite a bit different than the X.Org versions - hopefully we'll have the sources to that released to OpenSolaris in a few months.
6416842 [CVE-2006-1526] buffer overflow in Render extension in Xsun
We already released Xorg patches for the recent Render security hole for Solaris. The same code is present in the Xsun sources in Solaris 10 and later as well, but currently disabled at build time, so we checked in the fix to make sure that if we ever re-enable the code in Xsun we don't reintroduce the security hole, but aren't going to release patches that fix code that can't be run.
6425531 integer overflows in FreeType
The recent release of FreeType 2.2.1 included a number of fixes for integer overflows, to prevent crashes or memory corruption when processing fonts with invalid sizes for data tables. Unfortunately, it also includes changes which break the builds of many existing programs including GNOME's Pango library and the Xorg X server, so we can't just upgrade to it until all the software that uses it is fixed. Thus, we've pulled out the integer overflow checks and backported just those to our current FreeType 2.1.10 as a temporary fix.
And a huge pile of keytable and XKB layout data fixes from our localization teams:
  • 6310310 Belgian keytable file "Belgian5.kt" is not present in keytables directory
  • 6325002 Norwegian "no" keyboard layout contains some wrong symbols.
  • 6339418 Can't switch to Finnish keyboard layout using Xsun.
  • 6353678 Hungarian keyboard layout for TYPE6 keyboards is missing for Xsun.
  • 6370065 New keyboard layouts does not work with XKB extension on x86 + Xsun.
  • 6370108 Bulgaria6.kt and Russia6.kt files contain no cyrillic symbols.
  • 6370138 Some keyboard layouts in nevada don't work in Xorg with SunTYPE6 keyboards
  • 6370147 Keyboard software for Macedonia needed.
  • 6370441 Cannot login in login window(dtlogin) when keyboard layout is changed from US English to Hebrew
  • 6384899 Slovenian keyboard layout for x86+Xsun and Sparc contains some errors.
  • 6384921 In Icelandic keyboard layout for x86+Xsun and Sparc are missing some symbols.
  • 6386202 Russian Xorg symbols file needs updated as it includes some incorrect key mappings
  • 6386205 Bulgarian Xorg symbols file needs updated as it includes some incorrect key mappings
  • 6389541 Croatia keyboard layout does not work in Xorg.
  • 6421192 Cyrillic based country layouts should toggle latin/cyrillic using Altgr key
  • 6426647 fr_CH and de_CH keyboard layouts have several wrong mappings on x86 (Xorg).
  • 6426648 fr_CH and de_CH keyboard layouts should be available directly form xorgconfig

[Technorati Tags: , , , ]

Tuesday Jun 13, 2006

Changing the default login session in dtlogin

At some point over the past few years, I somehow went from just checking in the new login and splash images for CDE in each Solaris release to becoming the unofficial dtlogin “special ops” person - handling the overhauls of the dtlogin appearance for the Solaris 10 beta, 3/05, 1/06, and now 6/06 releases and a few other side tasks that the main CDE sustaining team didn't have the resources to handle. The latest of these is shipping in Solaris Nevada starting in build 39, and I've just gotten the draft of the release note for the upcoming Solaris Express release including it:

Default Desktop Session in dtlogin

Now, when a user logs into the Solaris Desktop for the first time, Java Desktop System (JDS) is the default desktop environment instead of the Common Desktop Environment (CDE). JDS has also become the default environment for users who chose a desktop environment on an older Solaris release that is no longer present in the Solaris release, such as OpenWindows or GNOME 2.0.

System administrators can modify the dtlogin configuration to override the default choices using the defaultDt and fallbackDt resources.

For more information about defualtDt and fallbackDt resources, see the dtlogin(1M)man page.

So users who already chose CDE or JDS will have those choices respected - this only changes the defaults for new users or those whose current session can't be found.

For comparison, the description I wrote for our Architecture Review Committee (ARC) has a lot more technical detail (some of which is now also captured in the above mentioned dtlogin(1M) man page):

This case introduces two new resources in the dtlogin Xresources file
(/{usr,etc}/dt/config/$LANG/Xresources) and establishes initial default
values for those in the Xresources files shipped by Sun.

It requests a patch release binding.

1) Dtlogin\*defaultDt:

   When a new user logs in for the first time, a dialog box is presented
   asking which of the desktop environments installed on the machine they
   wish to use.   The default list currently consists of CDE & JDS, but
   any additional desktops installed using the altDt support in dtlogin
   will appear as well.

   This resource controls which of those desktops is selected by default
   when the dialog appears, so a new user who doesn't know the difference
   and just clicks the OK button will get this desktop, but those who know
   the difference can still choose as appropriate.

   The value of this resource must be the altDtStart value of one of the
   desktop environments installed on the system.   (This was chosen since
   it is the one value required for all desktop environments that must be
   most stable, since it is the one recorded in the lastsession file in
   the users home directory to store their chosen desktop.   The altDtName 
   is localized, so not appropriate for a global default setting.  The
   other values for altDt\* settings are all optional and may not be present
   for certain desktops.)

2) Dtlogin\*fallbackDt:

   When an existing user logs in, but the lastsession file in their home
   directory refers to a program that is not executable on the current 
   system, dtlogin will execute the program listed here as a fallback session.

   This may be any program, including /usr/dt/bin/sdt_firstlogin to offer
   the users a choice of the sessions available on the system.

The default X resources files shipped in Solaris will contain these additions:

!!  Default desktop choice for new users in initial login dialog
!!  This should be the altDtStart key of a session defined here or in
!!  an Xresources.d file.

Dtlogin\*defaultDt:	/usr/dt/config/Xsession.jds

!!  Fallback desktop choice for users whose lastsession file refers to
!!  a non-existent session choice.  Set to /usr/dt/bin/sdt_firstlogin to 
!!  offer the users a choice of the sessions available on the system.

Dtlogin\*fallbackDt:	/usr/dt/config/Xsession.jds


Imported interfaces:

dtlogin lastsession mechanism		Project Private	ASARC/1995/390
/usr/dt/bin/sdt_firstlogin		Project Private	ASARC/1995/390

Exported interfaces:

Dtlogin\*defaultDt resource		Stable
Dtlogin\*fallbackDt resource		Stable

Default settings of new resources	Volatile

By declaring these Stable, we're promising that these resources will take values as described and do what we say until further notice. It doesn't prevent us from further changing or refining this in the future (though since we're really trying to replace dtlogin with gdm in the future, we're not likely to do much), it just means that if we do, we'll have to either change these in a compatible way or create new resources. By declaring the defaults as Volatile though, we're warning that we could change them at any time, without warning - for now they're the Xsession file currently used by JDS, but we could change to another mechanism of starting JDS or even (though highly unlikely) to another desktop altogether, without having to worry about having made any compatibility guarantee there.

The note about a “Patch release binding” indicates that we think these changes are compatible enough with current systems to allow shipping this change in a patch or update release (and in fact, this change is being backported to a Solaris 10 patch to be included in the third Solaris 10 update release, tentatively scheduled for release near the end of this year). These changes don't break any existing systems, don't change anything for existing users with a valid desktop choice, still give new users a choice of desktops, and can even be easily overridden by sysadmins who still really prefer their new users be suggested CDE instead of the newer, easier-to-use GNOME-based JDS desktop.

A lot of people think that binary compatibility guarantees that Solaris provides stifle innovation because we can never change things - this is an example of why that's not the case. We don't guarantee nothing about the system will ever change - that would be foolish - what we do is specify what things you can count on remaining compatible (not unchanged, just compatible), and what you can't - and how long that compatibility is promised for. We've never made any promises in the past about what choice would be shown as the default in the session choice dialog, and the Volatile stability for this reflects that we still aren't - but because that's not someting that affects the managability of Solaris systems or the ability of ISV's to provide applications, it's not something we need to make those sort of promises about. The new resources are declared Stable because we don't want admins to use them and then find when they upgrade to a future release that we've broken their settings or made it so their users can't login until they find and fix the problem.

Right now these promises are mostly expressed via the man pages in Solaris - especially the Attributes section in many man pages. The ARC team is also working to open up the processes through which these are set and the history of many of the past review cases that set important ones, via the OpenSolaris ARC community, so that developers will have greater insight into these compatibility promises and eventually even have a voice in shaping them.

[Technorati Tags: , , , ]

Friday Jun 09, 2006

X Changes in Nevada Build 41

I realized today when preparing the build 42 source drop that I had not yet posted the bug list from build 41 here - though it's been up on the ChangeLog page for two weeks, and the source was posted as Source Drop 20060516 at the same time.

6424349 prepare xscreensaver sources for OpenSolaris release
Sources for our highly-modified fork of xscreensaver 4.05 are now included in the main tarball. As an added bonus, the build 41 source drop included a separate tarball featuring a port of those changes to the recently released XScreenSaver 5.0 which is being tested for integration into a future build of Solaris. As you can see, we've made many changes, including the GTK+ unlock dialog box, a major overhaul of the PAM code to allow more complex PAM conversations than just “Type in your password,” support for accessibility helper programs, and a whole bunch of other things.
6425513 xproto 7.0.4 -> 7.0.5
This update simply pulled one of our previous Solaris patches directly into the upstream source since we contributed it back to X.Org after doing the 7.0.4 integration.
6425506 /usr/openwin/demo/maze segfaults when $DISPLAY not set
While this hasn't been released in our source drops yet, you can probably find lots of examples of this bug in other open source apps, especially those written on OS'es where passing NULL to printf routines doesn't cause core dumps as it does on Solaris (including the really old versions of SunOS this program was written for). The fix is trivial, since Xlib provides XDisplayName() for this very case:
   if ((dpy = XOpenDisplay(display)) == NULL)	{
-    fprintf(stderr, "Can\\'t open display: %s\\n",
-	    (display ? display : getenv("DISPLAY")));
+    fprintf(stderr, "Can\\'t open display: %s\\n", XDisplayName(display));

6424870 add symlinks in /usr/lib to libXrandr.so, etc
Most of the X libraries have symlinks in /usr/lib so they can be easier found by ld and dlopen(), but we hadn't added these yet for the libraries added to support Xorg extensions like Xrandr. Java wanted to dlopen these, so we added the links to avoid having to make Java do LD_LIBRARY_PATH or other workarounds.
6397125 Radeon driver: fails to read hsync/vsync rates from EDID
6423278 auto-config improve: radeon – Sometimes does not sort modes correctly
Two more fixes from our project to improve the configurations the Xorg server chooses by default when you don't have a configuration file or generate one via Xorg -configure. Henry Zhao, the engineer working on these fixes, has also been submitting them to X.Org so they may appear upstream in the future as well.

[Technorati Tags: , , , ]

Tuesday May 16, 2006

X Changes in Nevada Build 40

For build 40, I got the opensolaris.org source drop posted already, so if you want to follow along in the sources, I'll point out which files you can look in to see these changes, for those in the portions included in our open source releases so far.

6414453 ogl-select fails to start
A simple shell script quoting error - while not in the source drops, since this is a shell script, you can see the changes in /lib/svc/method/ogl-select in the installed files.
6388471 [Xorg bug 5897] xdm: race condition on $HOME/.xsession-errors being readable
The fix from the X.Org bug report has been applied to our Xsession script in /usr/openwin/lib/X11/xdm/Xsession.
6421217 xscreensaver cannot be launched on trusted jds
The Trusted Extensions changes made in the previous build forgot to initialize a variable in one code path - you'll be able to see the fixed code in the next build, when the Solaris xscreensaver sources are released for the first time.
6366490 Motif pull-down menus don't draw correctly with Xnest
Unfortunately, our Xnest is still based on the Xsun source, so this source is also not available [maybe trying to point to source wasn't a good idea - oh well, I'll plow on since I don't want to start over now]. The fix here was to correctly pass through the expose events from the underlying X server to the X client running on top of Xnest.
6386535 SUNWxorg-mesa package can fail to install symlink for /usr/include/GL
Aha! One I can point to the source for in our source drop! This was caused by the preremove script for SUNWxorg-mesa not being included in the package - the missing script can be seen in the source drop at XORG_NV/packages/SUNWxorg-mesa/preremove
6390453 SUNWxorg-mesa has broken links in snv nightly build for 2/24/2006
This was a simple typo (glxext.h instead of glext.h) in a symlink in the XORG_NV/packages/SUNWxorg-mesa/prototype.
6416841 [CVE-2006-1526] X.Org bug #6642: buffer overflow in Render extension in Xorg
Again - simply applying the fix from X.Org, which you can see in XORG_NV/sun-src/xc/programs/Xserver/render/mitri.c in the source drop.
6245381 Mozilla is feeding Xorg fonts – Xorg getting fat
This actually affects both Xsun and Xorg since it was in the TrueType library code they both share.
6419340 Upgrade Xorg ATI driver from 6.5.7 -> 6.5.8
Since the 6.5.8 module was intended as an upgrade for the 6.5.7 which was included in X11R6.9 & 7.0, and retained compatibility with the 6.9/7.0 ABI (unlike the Xorg ATI 6.6.0 driver series, which requires the upcoming Xorg 7.1 server), we were able to pretty easily drop this in to our source tree, with a little bit of glue in XORG_NV/sun-src/xc/programs/Xserver/hw/xfree86/drivers/ati/localmacros. The rules inserted there (which get automatically appended to the Imakefile by imake before it generates the Makefile) remove all the Xorg 6.9 ati driver source files and link in the ones from the 6.5.8 tarball, allowing us to use (for a short time) the 6.5.8 driver with the 6.9 build system. Besides all the bug fixes listed in the ChangeLog, this also fixes the previously reported Sun bug 6402721, of restarting Xorg hard hanging the system on Acer Ferrari 4000 laptops with Radeon X700 when it tried to requery VBE without having properly restored all the register states.
6372113 Xorg receiving or generating spurious left-right wheel events
I blogged about this earlier - this was pulling in the X.Org fix from X.Org CVS into XORG_NV/sun-src/xc/programs/Xserver/hw/xfree86/input/mouse/mouse.c.
6421514 Add PCI IDs for new nvidia cards for Xorg nv driver
PCI id to name mappings were added to our Xorg nv driver for some of the new Quadro cards nvidia announced last month so that they are not reported as "Unknown nvidia device" in the Xorg log files. You can see the change in the git source tree now being used for the Xorg nv driver or in our source drop in XORG_NV/sun-src/xc/programs/Xserver/hw/xfree86/drivers/nv/nv_driver.c.

[Technorati Tags: , , , ]

Friday Apr 28, 2006

X Changes in Nevada Build 39

The ChangeLog for the X Consolidation for Solaris Build 39 has now been posted. However, the source drop won't be available to next week due to some lab work that made our file server and build machines unavailable today, (and since I had to work on that, I couldn't prepare the source drop on other machines either).

For OpenSolaris source release, the most notable change in this build is that it contains the first replacement of existing Solaris X sources (from our not-yet-opened portion of the tree) with the equivalent sources from the X11R7 modular release, resulting in both a newer version of the sources being used in Solaris, and more sources available as part of our OpenSolaris release. It's nothing major - just the xproto-7.0.4 package which delivers the base X11 protocol headers and some headers used by the rest of the X stack, but it's the base of the modular dependency tree, and thus a necessary first step. (Functionality-wise, the most notable change in the headers is yet another batch of keysym name definitions.)

The full list of fixes is:

6406200 need trusted logo in xscreensaver lock program
When you lock the screen in a Solaris Trusted Extensions session, the logo will show you that, instead of showing the normal Solaris lock logo.
6385078 xlock is not passing PAM_CHANGE_EXPIRED_AUTHTOK to pam_chauthtok
A trivial fix noted by our PAM gurus after they found a similar problem in Solaris su - when a password has expired and you need to change it, you're supposed to call pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag. The basic password Solaris PAM modules don't seem to have minded this omission, but others may need it.
6374699 FMRI application/x11/xfs should run as noaccess
For years on Solaris our inetd.conf entry to start the X Font Server listed it to run as the nobody user, even though that's really only supposed to be used on Solaris for NFS mounts when "squashing" root privileges. We copied that setting to the SMF manifest when we converted from inetd.conf to SMF, but have now updated that to the more appropriate noaccess account.
6411370 X sources should use FamilyInternet6 instead of FamilyInternetV6
When I first wrote the IPv6 changes for Solaris, I called the #define for the family name FamilyInternetV6, but when the X.Org standards committee reviewed it, they decided to drop the V to be consistent with other uses such as AF_INET6 in the BSD sockets API for IPv6. I finally updated the uses of this definition in the Solaris X sources to match.
6409332 infinite loop in XFlushInt() on x86/32-bit
See my previous blog entry on “The Compiler Bug that Wasn't”.
6411857 Xorg modularization: xproto-7.0.4
As noted above
6411989 makekeys needs to handle Unicode-mapped keysyms
Since the libX11 source hasn't been updated to the latest X.Org version yet, this change from the X.Org libX11 had to be pulled into the makekeys program used to generate the hash tables used in our existing libX11 to handle the new Unicode-mapped keysyms that are now in the keysymdef headers installed in the xproto-7.0.4 package.
6413255 xdm checks for username of "root" instead of uid 0 when doing non-console login check
The description pretty much says it all, and while we haven't released our xdm source yet, this change was given back to X.Org and is now included in the just-released xdm-1.0.4 module.
6303855 ATI driver performance is poor
As discussed in X.Org bug #5867, the ATI RageXL chips builtin to certain motherboards (including those of some Sun systems, like the Ultra 20) go faster if you tell Xorg not to use extra frame buffer memory to cache pixmaps. This is an updated fix for that which doesn't add a new configuration flag as was previously proposed.
6398094 default resolution too low on metropolis workstation
6406044 Screen off center with left margin on 24.1" monitor with analog input
Two more fixes from the team working to improve our Xorg autoconfiguration experience. These update the modeline selection code in Xorg and also incorporate the CVT code from X.org that Luc Verhaegen wrote for the soon-to-be-released Xorg 7.1.

[Technorati Tags: , , , ]

Friday Mar 31, 2006

X Changes in Nevada Build 37

Unfortunately, all the changes in this build happened to be in the bits we haven't released yet (though I'm hoping to get our xscreensaver sources out sometime soon), so I can't point you at the changes in our just released source drop, but when the Solaris Express build 37 images come out, you should see these changes in the binaries.

6377194 XST extension wrapping makes the Composite and Damage wrapping not work
In the X server, many extensions do their work by replacing entries in tables of function pointers with their own functions, that do some work, then call the previous functions. Our colleagues in the Project Looking Glass team found that the XST extension (from the STSF project) had installed several of these function wrappers in a way that broke the similar wrappers from other extensions. Since we're in the process of removing STSF from the system, these wrappers were disabled to allow these other extensions to work.
6255133 SunRay: Xinerama: memory leak in Xsun after calling XCreatePixmap(3X11)
The Xinerama extension allows combining multiple graphics devices into one large virtual screen. One of the things it does to allow this is to make a separate copy of every pixmap in the X server for each underlying device, so that different cards can operate on it in the most efficient way for them or store it in their on-board memory. For Sun Ray systems though, where all devices are always the same, and all pixmaps are just stored in the main system RAM, this duplication wastes RAM and CPU time (since all operations have to be repeated for each copy), so we allowed an Xsun ddx module to notify the system that it can share copies. A bug crept in though, where this wasn't registered correctly with the list of resources to be freed when the client exited, so clients that exited without releasing their pixmaps caused Xsun to leak memory. (This is also being patched for Solaris 9 and 10 Xsun.)
6232241 NSCM login takes username twice
The never ending struggle to get xscreensaver's PAM conversation to play nicely with Sun Ray's Non-SmartCard Session Mobility PAM modules goes on. Fortunately, Mahmood has been working on this, so I don't understand this enough to explain it.
6388473 xscreensaver needs to be modified for Trusted JDS
As part of the work to create a Trusted JDS desktop for the Solaris Trusted Extensions, xscreensaver had to be modified to allow admins to enforce system security policies, including deciding whether or not users can disable the screen lock or change the lock timeout, when running on a system with the Trusted Extensions installed and enabled.

[Technorati Tags: , , , ]

X code released to OpenSolaris

For now just a quick copy of the announcement - I'll write more once I catch my breath...

The first code drop from the X Window System Consolidation has been posted to opensolaris.org. It's a snapshot of a subset of the Solaris X Consolidation code from partway through Nevada build 38.

Details on what's included and links to downloads & licenses can be found on the X Community Sources page.

Source is not yet available in the OpenSolaris Source Browser, but work is in progress on preparing that for availability sometime next week.

For more information, or to discuss the X Consolidation, join the X Community on OpenSolaris.Org.

[Technorati Tags: , , , ]

Friday Mar 24, 2006

Xorg bug on Ferrari 4000 laptops in Solaris Nevada build 35 and later

Since I know the Acer Ferrari 4000 laptop is popular in Solaris circles, a warning to users of it about a bug found by Sun's internal Ferrari user group: if you're using Nevada build 35 or later, rename /usr/X11/lib/modules/libvbe.so so the Xorg server doesn't find it. If it's there, the new monitor probing changes introduced in build 35 by Sun bug 6385111 (aka Xorg bug 5892) cause the Ferrari 4000 to attempt to use VESA BIOS Extensions (VBE) to get the monitor settings after the normal methods failed. Unfortunately, while this works the first time you do it, if you do it a second time without rebooting in between, it seems to cause the Ferrari 4000 BIOS to hang the entire machine, requiring you to manually power it down to recover. Since this is an optional module, if Xorg can't load it, it just skips it.

This failure is being tracked in Sun's bug database as 6402721: Restarting Xorg hard hangs the system (Acer Ferrari 4000, Ati Radeon X700) and is being worked on now by the engineer who introduced the fallback to VBE into our Xorg. So far it's only been reported on the Ferrari 4000 laptops, but could potentially be seen on other machines with similar BIOS'es.

[Technorati Tags: , , , , ]

Monday Mar 20, 2006

X Changes in Nevada Build 36

Another two weeks, another list of fixes checked in. The one with the biggest share of attention is also the one with the smallest code change - two missing pairs of parentheses - four simple characters that closed one big security hole.

6387822 Wrong library path in xft.pc file
Simple fix to the pkg-config data file we ship for libXft2 so it produces the right library path flags for linking so that GNOME 2.14 builds correctly.
6383556 Problem in allocating pixmap
The last security fix in X servers added checks to both Xsun & Xorg to prevent pixmap allocations from overflowing. Unfortunately one of the checks in Xsun clamped down too far - preventing pixmaps with dimensions larger than 8192 instead of the intended 32k limit.
6390864 nevada removal of ddxSUNWdials
We bow our heads for SunButtons and SunDials - faithful servants of almost two decades, now sent to permanent retirement. The hardware for these hasn't been sold for several years now and the kernel driver for them was removed, so we had to remove the Xsun support as well. (The official end of support notice should appear in the Solaris 10 Update 2 release notes, warning of removal in the a future release - but we normally don't remove support in update releases, so users still attached to theirs can stay on Solaris 10 without fear.)

If you've never seen these they were additional input devices - SunButtons offered a big pad of extra buttons, like a jumbo set of keyboard function keys, and SunDials offered a bunch of knobs you could twist. These were accessed via the X Input Extension by software such as CAD programs for more efficient interaction with their features.

6368334 common postscript-derived font names are no longer recognized
An updated set of font aliases to fix some problems reported with the ones added in build 34.
6390453 SUNWxorg-mesa has broken links in snv nightly build for 2/24/2006
The script integrated into build 34 to make symlinks to either the nVidia or Mesa OpenGL libraries was failing to create the right links to the Mesa libraries in certain cases.
6395871 integrate Solaris Trusted Extensions to X Windows (Xsun)
6395892 integrate Solaris Trusted Extensions to X Windows (X.org)
Sun's previous Trusted Solaris product is being replaced for Solaris 10 with the Trusted Extensions to Solaris. Instead of a separate fork of the OS, it will instead run standard Solaris 10, but with additional modules loaded to provide the multi-level security features. For X, this means shipping a new library (libXtsol) and putting hooks into the X server that the XTSOL extension loadable modules delivered in the Trusted Extensions for Xsun & Xorg can use to implement their own security checks as needed. We'll be offering this back to the open source X.Org community in the near future under the standard MIT/X11 license.
6396593 [Xorg Bug 6213] local user DoS and arbitrary code execution as root [CVE-2006-0745]
See previous blog post.

[Technorati Tags: , , , ]

Security hole in Xorg 6.9/7.0

[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0

X.Org announced this morning a security hole in the Xorg 6.9 & 7.0 releases that allows a local user to create or overwrite files as root or to run code as root. More details can be found in the X.Org Security Advisory.

This bug affects Solaris users who have installed Xorg 6.9 or 7.0, either on their own or from Sun's releases. Xorg 6.9 is included in Solaris 10 patches 118966-14 and later and in Nevada builds 28 and later, which have been released via the Solaris Express programs.

The fix for Solaris 10 is available in a preliminary T-patch from the SunSolve web site - it's the same we plan to release as the permanent fix, it just hasn't finished the QA cycles required for official release yet. See SunAlert 102252 for details and the links to the patch. The fix for Solaris Express was integrated into Nevada build 36, which should be out via the SX: Community Edition in a couple of weeks.

There's also a simple workaround you can apply now to make it impossible to exploit the bug - remove the setuid bit from the /usr/X11/bin/Xorg binary. X servers on x86 need root access for accessing the video hardware directly - but it only has to be setuid root if you want a non-root user to be able to start the X server directly, such as via the xinit program. Most Solaris installs that use X don't do this, but have a display manager such as gdm or dtlogin start X with a login screen. Since those programs run as root, they can start the X server with the needed privileges without having the Xorg binary be setuid root.

Behind the Hole: The Untold Story of this Bug

A couple of weeks ago, the CTO of Coverity sent mail to the X.Org Developers offering access to the results of a code scan of the X.Org code base by their Coverity Prevent code scanner (which is based on the Stanford Checker project). Their scan of the entire X11R6.9 code base found 1681 potential issues, so about a dozen of us have been working our way through the list, triaging the real bugs from the false alarms, and determining which need to be fixed.

While I was working on this one day, I got tired of looking at yet another memory leak (there are tons in programs like xset, xauth, xhost, etc. - but since the programs only run for less than a second before exiting, how much do you care?), and went to the menu to search by report type to see what other bugs it had found. One of the bug types was "BAD_COMPARE" which I hadn't see yet so I went to look at what it found. Someone had already triaged 3 of these as false alarms and 2 as actual bugs, so I went to look at one of the bugs. It showed (and this is a very cut down version of what the actual report looks like in the browser, displayed in the context of the full source file):

1378 	  /\* First the options that are only allowed for root \*/
Event func_conv: Suspicious implicit conversion to function pointer: "&geteuid != 0"; did you intend to call the function?
1379 if (getuid() == 0 || geteuid != 0)

While I remember looking at the code around here a couple of times during the Xorg 6.9 release cycle, I had never before noticed that the parentheses were missing from the geteuid call. I think my brain simply subconciously autocorrected and inserted the parentheses for me when I read it. Fortunately, the Coverity checker has no subconcious to fool it, and automated attention to detail, so it found what we hadn't seen. Since without the parentheses, the code is simply checking to see if the geteuid function in libc was loaded somewhere other than address 0 (which is pretty much guaranteed to be true), it was reporting it was safe to allow risky options for all users, and thus a security hole was born.

So far that's the only security hole we've found in the Coverity reports - but we're only a little over half way through triaging the reports so far. (Of the 1681 potential issues found, our developers have determined 688 are actual bugs compared to 191 false alarms. Memory leaks are the biggest category, with NULL pointer comparison issues probably second. 63 bugs are already marked as fixed in the coverity reports, and anyone watching the xorg-commit traffic the last couple of weeks has seen a number of those fixes going into CVS for inclusion in the upcoming Xorg 7.1 release.)

P.S. Congratulations to the team at Red Hat and the members of the Fedora community on the release of Fedora Core 5 today, with the Xorg 7.0 modular codebase included. I know having a release-day security advisory isn't how you wanted to celebrate the FC5 launch, but I hope you're finding the new Xorg modular release model is making it much easier to get the fix out for it.

[Technorati Tags: , , , , , ]


Engineer working on Oracle Solaris and with the X.Org open source community.


The views expressed on this blog are my own and do not necessarily reflect the views of Oracle, the X.Org Foundation, or anyone else.

See Also
Follow me on twitter


« March 2015