Bug 221984 - x11-servers/xorg-server: enable SECURITY extension
Summary: x11-servers/xorg-server: enable SECURITY extension
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-x11 (Nobody)
Keywords: feature, patch
Depends on:
Reported: 2017-09-01 21:05 UTC by Anton Yuzhaninov
Modified: 2018-05-23 01:37 UTC (History)
6 users (show)

See Also:
bugzilla: maintainer-feedback? (x11)

enable SECURITY X server extension (490 bytes, patch)
2017-09-01 21:05 UTC, Anton Yuzhaninov
no flags Details | Diff
Proposed patch (since 470462 revision) (1.09 KB, patch)
2018-05-23 01:37 UTC, lightside
lightside: maintainer-approval? (x11)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Yuzhaninov 2017-09-01 21:05:35 UTC
Created attachment 185979 [details]
enable SECURITY X server extension

Attached patch enables SECURITY extension for X server. This will allow 'ssh -X' to work. Currently ssh -X fails, because 'xauth generate' can't grab auth data from running X server.

This extension is enabled in xorg package for many (may be most) Linux distros.

As I know it was disabled by default in xorg when XACE was added. But XACE is not fully replaces SECURITY extension:

"In Red Hat Enterprise Linux 6, the X Security extension (XC-SECURITY) has been disabled and replaced by X Access Control Extension (XACE). However, XACE does not yet include functionality that was previously available in XC-SECURITY. With this update, XC-SECURITY is enabled in the xorg-x11-server spec file on Red Hat Enterprise Linux 6." [1]

1. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/xorg-x11-server.html

I've not tested this change with slave ports, so in my patch I've added this option only for ${SLAVE_PORT} == "no".
Comment 1 Matthias Apitz 2018-05-11 06:55:19 UTC
I am affected by this issue as well and the proposed patch fixed it for me.
Comment 2 Niclas Zeising freebsd_committer 2018-05-11 07:55:21 UTC
I'm looking at this.
Comment 3 commit-hook freebsd_committer 2018-05-20 14:52:36 UTC
A commit references this bug:

Author: zeising
Date: Sun May 20 14:51:32 UTC 2018
New revision: 470462
URL: https://svnweb.freebsd.org/changeset/ports/470462

  x11-servers/xorg-server: Enable SECURITY extension

  Enabling the SECURITY extension will make ssh -X work in most cases.
  This extension is enabled in many Linux distros.

  PR:		221984
  Submitted by:	Anton Yuzhaninov

Comment 4 Niclas Zeising freebsd_committer 2018-05-20 14:55:42 UTC
Fixed, thanks for the report!
Comment 5 lightside 2018-05-23 01:37:37 UTC
Created attachment 193624 [details]
Proposed patch (since 470462 revision)

I think, the xcsecurity configure option can be optional, because Xorg's developers disabled this option by default:
% ./configure --help | grep xcsecurity
  --enable-xcsecurity     Build Security extension (default: disabled)

The user should be able to do the same, if needed.

- Add SECURITY option to "Build Security extension"