IABSD.fr/xenocara/xserver
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
c82bd5db | 2021-11-17 19:46:39 | Use the InternalEvent event structure in more places in events handlers. This fixes a crash when a DeviceEvent struct converted to InteralEvent was beeing copied as InternalEvent (and thus causing out of bounds reads) in ActivateGrabNoDelivery() | |
|
a406534d | 2021-11-11 09:10:04 | Update to xserver 21.1.1 | |
|
e086cf5a | 2021-11-11 09:03:02 | Update to xserver 21.1.0 | |
 |
9c065891 | 2021-09-06 13:33:11 | missing pathnames on unveil() error | |
|
5bd77e16 | 2021-09-03 13:19:11 | Update to xserver 1.20.13. | |
|
04380bf4 | 2021-08-11 05:44:01 | GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() This adds the pid of the local clients to LocalLientCred. ok espie@ | |
|
cbb2480f | 2021-06-30 08:50:48 | Close the console fd after probing if it's a wscons, even it fails. This avoids keeping an open file descriptor on machines where /dev/console is not a wsdisplay device. | |
 |
be6f9bdd | 2021-06-15 13:57:42 | Initial attempt to build xserver for riscv64 ok matthieu@ | |
|
e26c45de | 2021-04-13 14:11:12 | Fix XChangeFeedbackControl() request underflow. CVE-2021-3472 / ZDI-CAN-1259 Reported by Jan-Niklas Sohn via Trend Micro. | |
 |
d9345257 | 2021-03-13 13:42:26 | compiler.h: don't define inb/outb and friends on mips From Julien Cristau 0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git without arm_video.c changes. Fixes clang 11 build on mips64. Input and OK jsg@ | |
|
a3d4d205 | 2021-03-13 09:43:58 | Avoid sequences of malloc(0) / free() by checking the length. b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git originally from deraadt@ | |
 |
589df086 | 2021-02-26 14:10:26 | record: Fix undefined memcpy in RecordAClientStateChange From Adam Jackson f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git avoids a large number of malloc(0) calls ok deraadt@ who had almost the same diff | |
|
9d1e1e28 | 2021-02-20 05:47:46 | change from /dev/drm to /dev/dri/ in xenocara ok matthieu@ kettenis@ | |
|
93548c7a | 2021-02-12 12:51:53 | don't fatally error if unveil(2) sets ENOENT This occurs when trying to unveil a /dev/dri/ node when the directory does not exist. | |
|
dc62af50 | 2021-02-12 10:40:15 | add /dev/dri/card[0-3] to allowed devices | |
 |
3af997a6 | 2021-01-21 22:46:18 | Safer workaround for the "kame hack": only override sin6_scope_id if zero The assumption is that if sin6_scope_id is set, then the interface index is no longer embedded in the address. ok claudio@ matthieu@ | |
 |
1b93d477 | 2021-01-10 19:33:10 | try to handle running out of file descriptors by refusing client connections in case the X server is near the limit and only allow connections again if there are resources freed up this is done by checking the amount of currently used FDs + a reserve and comparing that to the FD limit with help from benno@, millert@, florian@ ok matthieu@, benno@ | |
|
5b5b8e1a | 2021-01-10 09:14:48 | Add a root window property with the console device. | |
|
56c8d99a | 2020-12-12 09:30:50 | Update X server to version 1.20.10. Tested by jsg@ and naddy@ | |
|
dbbfd611 | 2020-12-01 15:25:39 | Check SetMap request length carefully. Avoid out of bounds memory accesses on too short requests. ZDI-CAN 11572 / CVE-2020-14360 Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | |
|
dd9addae | 2020-12-01 15:21:28 | Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows ZDI-CAN 11389 / CVE-2020-25712 Fix from Jan-Niklas Sohn working with Trend Micro. | |
|
851807c7 | 2020-08-28 02:20:19 | build with --disable-dri3 when XENOCARA_BUILD_DRI is "no" fixes build breakage on alpha reported by deraadt@ | |
|
bc29ab78 | 2020-08-25 15:43:26 | Fix integer underflow in XRecordRegisterClients() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
83d462e2 | 2020-08-25 15:42:52 | Fix integer underflow in XkbSelectEvents() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
77c86a28 | 2020-08-25 15:41:59 | Fix an integer underflow in XIChangeHierarchy() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
02b8f735 | 2020-08-25 15:40:59 | Correct bounds checking in XkbSetNames() Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
0a2f4bc7 | 2020-07-31 14:00:21 | fix for X Server Pixel Data Uninitialized Memory Information Disclosure CVE-2020-14347 This vulnerability was discovered and reported to X.Org by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. | |
|
60964e1b | 2020-06-14 16:02:38 | sync white space with upstream. No code change. | |
 |
6b6f9124 | 2020-06-12 14:45:55 | revert local change which removed -retro flag and adjust -br to properly override our default behavior of stippled root. no objection from deraadt and kettenis | |
|
ad9a065c | 2020-04-20 18:17:25 | Release unused filedescriptors in the privileged X server process. There is no reason to keep /dev/pci* and /dev/ttyC* open in this process. pointed to by deraadt. ok kettenis@ deraadt@ | |
|
806accb3 | 2020-04-18 09:41:18 | Remove unused files. | |
|
ac0e12b4 | 2020-04-14 17:29:21 | dix: do not send focus event when grab actually does not change upstream commit 364d64981549544213e2bca8de6ff8a5b2b5a69e Fixes an issue in xserver 1.20 where some applications were loosing focus. Naddy@ reported it appeards in SDL 1.2 games (burgerspace). tested and ok naddy@ | |
|
9064f8ee | 2020-04-13 08:06:58 | Update to xserver 1.20.8. ok jsg@ robert@ | |
 |
fb24e5a8 | 2020-03-04 21:07:12 | Use modesetting driver as the default for rkdrm(4). ok patrick@, jsg@ | |
|
40d42722 | 2020-01-26 13:48:54 | Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@ | |
|
9a532c54 | 2019-12-12 06:05:17 | Update to X server 1.20.6. Tested by naddy@ | |
|
35220e47 | 2019-09-15 12:31:08 | Add modesetting driver as a fall-back when appropriate such that we can use it when running withour root privileges which prevents us from scanning the PCI bus. This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4), radeondrm(4) and amdgpu(4). In some cases this will result in using a different driver than with xenodm(4) which may expose issues (e.g. when we prefer the intel Xorg driver) or loss of acceleration (e.g. older cards supported by radeondrm(4)). ok jsg@, matthieu@ | |
|
5e779230 | 2019-08-24 01:20:16 | sync i965 pci ids with xserver git master ok matthieu@ | |
|
38e2fafc | 2019-08-24 01:15:31 | remove duplicate ids added by patch in xserver 1.20.5 update ok matthieu@ | |
|
1e4dc55a | 2019-08-15 14:48:45 | Don't prune duplicate modes there. This function removes too many modes, causing trouble with the vesa driver at least. Problem reported by semarie@. Thanks. | |
|
d719f7f3 | 2019-08-03 17:19:54 | Remove one more file that is no longer part of upstream tarballs. Missed in previous commit. | |
|
95df71af | 2019-08-03 16:56:01 | Remove files that are no longer part of upstream tarballs. They accumulated over releases for various reasons. No build change. | |
|
a77e9959 | 2019-07-27 07:57:06 | Update to xserver 1.20.5. Tested by jsg@ | |
|
fa30b334 | 2019-06-11 14:51:34 | when probing for wsmouse devices, check up to wsmouse9 ok deraadt | |
 |
0f8d0b1f | 2019-05-11 16:30:32 | Enable colemak OK matthieu@ | |
|
4fd0ec7f | 2019-04-28 03:12:53 | Backport cf7517675d988c2d1ff967d6d162a17acbdad46 from xserver 1.20 xfree86: Hold input_lock across SPRITE functions in VGA arbiter Fixes stack overflow crash with VGA arbiter used with multi GPU systems. Report and fix identified by 'Joe M' on misc@. ok matthieu@ | |
 |
63a1f613 | 2019-04-06 13:51:18 | When checking keyboard variants, perform a stricter comparison. This prevents kbd(8) layouts with particular bitmasks from being wrongly detected as French. Broken behavior reported by Diogo Galvao; thanks! ok mpi@ matthieu@ | |
|
e7e87a2c | 2019-03-19 21:19:54 | Update to xserver 1.19.7. Tested by jca@ and stsp@. | |
|
c4230992 | 2019-02-18 02:41:24 | sync xserver dri2 pci_ids with the latest Mesa the modesetting driver uses these to pick a dri driver name ok phessler@ kettenis@ matthieu@ | |
|
5a9c7d77 | 2019-01-03 19:31:25 | Call xf86OpenConsole() before probing for drivers. On OpenBSD, we need the console fd to query wsdisplay type, This was only causing problems with -keepPriv, since the privilege separation code already calls xf86OpenConsole() earlier. The function is idempotent, so there's no harm calling it several times. ok kettenis@ | |
|
aceb52e1 | 2018-11-03 14:05:28 | Explicitely disable xdm-authorization-1 support in X server. It was previously disabled by a broken test for XdmcpWrap() in xdm and later in xenodm but it won't be missed. (use of DES, no IPv6 support). ok tb@ mortimer@ | |
|
d9d5fc59 | 2018-10-25 21:55:18 | Disable setuid on the X server. We have always known it is a trash fire and we held out hope too long. This will break some stuff. Let's start with non-setuid as the baseline, and see if it is worth trying to fix the broken parts in some other way. | |
|
2d6e93a5 | 2018-10-25 15:44:27 | MFC: Disable -logfile and -modulepath when running with elevated privileges. This Could cause arbitrary files overwrite. CVE-2018-14665. | |
 |
e897f28b | 2018-10-25 06:41:25 | xserver's priv proc is responsible for opening devices in O_RDWR mode and send their fds over to the parent proc. Knowing this then we already have a list of all possible devices that might be opened in the future, in struct okdev allowed_devices[], and we just need to traverse them and unveil(2) each one with read/write permissions. positive feedback from semarie@, OK matthieu@ | |
|
8869fa7f | 2018-08-20 21:48:55 | Initialize PCI subsystem on arm64. ok matthieu@ | |
|
e28c4999 | 2018-08-06 20:14:04 | Use priv_open_device() to open the dri device in glamor_dri3_open_client(). Fixes DRI3 with Xserver running as _x11 with xenodm. close-on-exec is now default for priv_open_device(). ok kettenis@ | |
|
d9aef299 | 2018-08-06 20:11:34 | set MSG_CMSG_CLOEXEC when receiving file descriptors. All file descriptors opened via priv_open_device() can benefit of the close-on-exec flag. ok kettenis@. | |
|
65b51547 | 2018-07-30 16:00:39 | setup WSMOUSE_TYPE_TOUCHPAD devices to use ws driver by default, but allow them to work with xf86-input-synaptics with and ok bru@ | |
|
13d37ac4 | 2018-04-19 14:52:34 | modesetting: setup colormap Fixes utilities like xcalib Upstream xorg commit ac138f9b31b0fba00742edbc3326afe66e28099a ok matthieu | |
 |
55401507 | 2018-03-15 10:02:36 | After updated to xserver 1.19.5, the con figure's default value of --enable-glamor has changed from 'no' to 'auto'. This makes an error running configure on luna88k, so disable it explicitly with ${XENOCARA_BUILD_GL}=no machines. ok jsg@ | |
|
857585fc | 2018-02-18 17:16:37 | Update to xserver 1.19.6. bug fix release | |
|
6906cf1b | 2018-01-20 12:25:26 | Remove code to pull softfloat libs. It was needed at some point in the past, but doesn't compile and isn't needed with clang. Reported by jsg@. | |
|
b8144c06 | 2018-01-15 15:30:36 | watch for events sent by drm(4) over kevent using EVFILT_DEVICE and NOTE_CHANGE to notify the desktop environment to deal with the change (e.g. after plugging in an HDMI cable) with this change there is no need to manually do any randr commands if your desktop environment supports it (gnome, mate, kde, etc.) ok matthieu@, kettenis@ | |
|
1a66cad3 | 2017-12-08 15:01:59 | Update to xserver 1.19.5. Tested by bru@, jsg@ and others | |
 |
a6a6fd0c | 2017-12-05 20:56:26 | Use ws as default driver for touchpads. ok matthieu@ | |
|
f51fea01 | 2017-10-14 09:35:14 | MFC: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) | |
|
18698290 | 2017-10-14 09:33:48 | MFC: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) v2: Protect against integer overflow (Alan Coopersmith) | |
|
394a8aee | 2017-10-14 09:32:30 | MFC: Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) | |
|
74d10c41 | 2017-10-14 09:30:50 | MFC: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer [jcristau: originally this patch fixed the same issue as commit 211e05ac85 "Xi: Test exact size of XIBarrierReleasePointer", with the addition of these checks] This addresses CVE-2017-12179 | |
|
792e23cc | 2017-10-14 09:29:01 | MFC: Xi: Test exact size of XIBarrierReleasePointer Otherwise a client can send any value of num_barriers and cause reading or swapping of values on heap behind the receive buffer. | |
|
515a707d | 2017-10-14 09:24:30 | MFC: hw/xfree86: unvalidated lengths This addresses: CVE-2017-12180 in XFree86-VidModeExtension CVE-2017-12181 in XFree86-DGA CVE-2017-12182 in XFree86-DRI | |
|
d6248304 | 2017-10-14 09:22:49 | MFC: xfixes: unvalidated lengths (CVE-2017-12183) v2: Use before swap (Jeremy Huddleston Sequoia) v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith) | |
|
3b3c79f0 | 2017-10-14 09:20:42 | MFC: Unvalidated lengths v2: Add overflow check and remove unnecessary check (Julien Cristau) This addresses: CVE-2017-12184 in XINERAMA CVE-2017-12185 in MIT-SCREEN-SAVER CVE-2017-12186 in X-Resource CVE-2017-12187 in RENDER | |
|
fe08a081 | 2017-10-14 09:17:40 | MFC: os: Make sure big requests have sufficient length. A client can send a big request where the 32B "length" field has value 0. When the big request header is removed and the length corrected, the value will underflow to 0xFFFFFFFF. Functions processing the request later will think that the client sent much more data and may touch memory beyond the receive buffer. | |
|
9b9efb1b | 2017-10-14 09:15:11 | MFC: xkb: Handle xkb formated string output safely (CVE-2017-13723) Generating strings for XKB data used a single shared static buffer, which offered several opportunities for errors. Use a ring of resizable buffers instead, to avoid problems when strings end up longer than anticipated. | |
|
fd77a349 | 2017-10-14 09:12:44 | MFC: xkb: Escape non-printable characters correctly XkbStringText escapes non-printable characters using octal numbers. Such escape sequence would be at most 5 characters long ("\0123"), so it reserves 5 bytes in the buffer. Due to char->unsigned int conversion, it would print much longer string for negative numbers. | |
|
2f2a50b9 | 2017-10-14 09:06:06 | MFC: Xext/shm: Validate shmseg resource id (CVE-2017-13721) Otherwise it can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client. | |
|
c6ab4990 | 2017-09-25 15:05:57 | Force Intel Ironlake chipsets to use the xf86-video-intel driver. stsp@ reported that modesetting(4) has been reported unreliable on his laptop, while intel(4) works. XXXX to be removed after 6.2 to figure out and fix the issue. ok kettenis@, also discussed briefly with deraadt@ during EuroBSDCon. | |
|
b8da768e | 2017-08-07 19:17:56 | Disable SSE optimizations on i386/amd64 for SlowBcopy. It is supposed to be slow, and when such instructions are used to copy data from/to mapped video memory, some hypervisors (e.g. KVM, Microsoft Hyper-V) can generate SIGILL or SIGBUS exceptions, causing Xorg to crash. Bug report to OpenBSD by Max Parmer, fix from FreeBSD (Dimitry Andric) via kettenis@ ok kettenis@ | |
|
38475bb3 | 2017-08-07 12:30:34 | Create on OpenBSD-specific version of listPossibleVideoDrivers() that takes care of autoconfiguration based on the information returned by the WSDISPLAYIO_GTYPE ioctl of the console FD. This should fix selection of wsfb on loongson and sgi when using a non-KMS kernel driver. ok matthieu@, jsg@ | |
|
d74e2cb1 | 2017-07-14 11:38:05 | Use the modesetting driver by default on 4th generation Intel Graphics and later. This matches what several Linux distros do these days as it tends to work better than the intel driver in most cases. There are some performance issues with vncviewer on at least Ivy Bridge and Haswell. But for now that regression outweighs the benefits. ok robert@, tedu@, sthen@ | |
|
11bfbfff | 2017-07-12 20:08:07 | Add code to update the value of the RandR "Backlight" property based on the KMS connector property of the same name if such a property is present. ok matthieu@ | |
|
1862f548 | 2017-07-07 06:22:19 | Merge upstream fixes to the X event swapping code. (CVE-2017-10971 and CVE-2017-10972). | |
|
55a8e552 | 2017-05-21 13:18:29 | Make X work with radeondrm(4) hardware on loongson. OK jsg@ | |
|
f372d76f | 2017-03-07 03:40:33 | make xserver build on arm64 ok matthieu@ | |
|
2666ed3f | 2017-03-01 19:22:36 | Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on the xorg-devel list. Thanks | |
|
da8f098a | 2017-02-28 23:05:46 | Oops, in previous commit I forgot to remove the actual implementation of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel list. Thanks. | |
|
5d64bd18 | 2017-02-28 18:33:44 | regen | |
|
e087a236 | 2017-02-28 18:32:53 | auth: remove AuthToIDFunc and associated functions. Not used anymore. And the current code for MitToId has a use-after-free() issue. Advisory X41-2017-001: Multiple Vulnerabilities in X.Org | |
|
eb3d2477 | 2017-02-28 18:27:40 | MFC: Use arc4random_buf(3) if available to generate cookies. Advisory X41-2017-001: Multiple Vulnerabilities in X.Org. | |
|
9ddca5b5 | 2017-02-28 18:24:48 | MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES Advisory X41-2017-001: Multiple Vulnerabilities in X.Org. | |
|
fd18c20e | 2016-10-11 22:14:30 | regen | |
|
13cbbbd6 | 2016-10-04 19:48:48 | ignore chown error (for systems which don't install a Xserver) | |
|
8587a95e | 2016-10-02 17:21:29 | fix the ownership of the link /usr/X11R6/bin/X -> Xorg | |
|
b9d0c0fb | 2016-09-12 21:57:14 | Fix a bunch of gcc warnings. - constify name field - rename devname -> devnam - replace deprecated Xprintf() with asprintf() | |
|
595a0e50 | 2016-09-12 21:46:25 | sys/select.h -> sys/time.h | |
|
d2533042 | 2016-09-12 21:44:30 | Fix build after headers cleanup. include wscons headers after sys/ioct.h and sys/select.h with deraadt@ and kettenis@ | |
 |
8113144b | 2016-09-03 14:58:02 | Remove zaurus keyboard model ok matthieu@ | |
|
ee65902d | 2016-08-13 14:05:23 | Kill remaining HP300 bits | |
|
6e1bcfb3 | 2016-08-09 18:59:50 | Update to xserver 1.18.4 tested by krw@ and dcoppa@ ok dcoppa@ |