IABSD.fr/xenocara/xserver/os
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
f0e0a48c | 2026-05-08 11:12:08 | Update to xserver 21.1.22. The security fixes were already committed. | |
|
20bdf2f0 | 2026-02-08 09:45:07 | Update to xserver 21.1.21. ok tb@ | |
|
b48f2471 | 2025-11-03 09:57:22 | Update to xserver 21.1.20. | |
|
4607666e | 2025-06-19 05:16:21 | Check for integer overflow on BigRequest length. Related to CVE-2025-49176. | |
|
e8f2e774 | 2025-06-17 13:10:07 | Merge fixes from upstream for multiple Xserver issues: CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) CVE-2025-49176: Integer overflow in Big Requests Extension CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) CVE-2025-49178: Unprocessed client request via bytes to ignore CVE-2025-49179: Integer overflow in X Record extension CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) | |
|
3cfba106 | 2025-03-02 09:09:28 | Update to xserver 21.1.16. The security fixes were committed earlier. This is the rest of the 21.1.16 update. | |
|
443f1bf9 | 2024-12-22 08:26:03 | Update to xserver 21.1.15 | |
|
8886fdf6 | 2024-11-05 08:13:05 | Update to xserver 21.1.14. tested by tb@ The xkb security fix was committed earlier. This is the rest of the 21.1.14 update. | |
|
3cb0af10 | 2024-08-15 19:07:07 | Reduce white space diff with upstream. | |
|
72350a05 | 2024-04-07 11:42:56 | Update to xserver 21.1.12 The security patches were already commited, sync with the rest of the 21.1.12 relase. | |
|
f9c3f64c | 2023-10-29 16:45:32 | Update to xserver 21.1.9. All the security patches have already been committed. Udated autoconf to 2.71 explains the large build infrastructure diff. | |
|
737e223e | 2023-05-01 07:41:17 | Merge X server 21.1.8. tested by kn@ and op@. | |
|
8c4424dd | 2023-01-22 09:21:08 | Add back the meson build system to xserver. Not having those file only create noise when merging upstream releases. | |
|
fd3c33be | 2022-11-11 13:56:12 | Don't crash if the client argv or argv[0] is NULL. Report from bauerm at pestilenz dot org. With help from and ok millert@ | |
|
68328bb5 | 2022-08-31 11:25:18 | Update xserver to version 21.1.4. The security patches were already committed as part of july 24 errata. This brings a few other bug fixes. Tested by Walter Alejandro Iglesias. | |
|
8a0d473d | 2022-02-20 17:41:34 | Sync with xorg-server 21.1.3. This does *not* include the commit that reverts the new computation of the screen resolution from dimensions returned by the screen since many of you told they prefer the new behaviour from 21.1.1. This is going to be discussed again before 7.1 | |
|
e086cf5a | 2021-11-11 09:03:02 | Update to xserver 21.1.0 | |
 |
9c065891 | 2021-09-06 13:33:11 | missing pathnames on unveil() error | |
|
5bd77e16 | 2021-09-03 13:19:11 | Update to xserver 1.20.13. | |
|
04380bf4 | 2021-08-11 05:44:01 | GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() This adds the pid of the local clients to LocalLientCred. ok espie@ | |
 |
93548c7a | 2021-02-12 12:51:53 | don't fatally error if unveil(2) sets ENOENT This occurs when trying to unveil a /dev/dri/ node when the directory does not exist. | |
|
dc62af50 | 2021-02-12 10:40:15 | add /dev/dri/card[0-3] to allowed devices | |
 |
3af997a6 | 2021-01-21 22:46:18 | Safer workaround for the "kame hack": only override sin6_scope_id if zero The assumption is that if sin6_scope_id is set, then the interface index is no longer embedded in the address. ok claudio@ matthieu@ | |
 |
1b93d477 | 2021-01-10 19:33:10 | try to handle running out of file descriptors by refusing client connections in case the X server is near the limit and only allow connections again if there are resources freed up this is done by checking the amount of currently used FDs + a reserve and comparing that to the FD limit with help from benno@, millert@, florian@ ok matthieu@, benno@ | |
|
56c8d99a | 2020-12-12 09:30:50 | Update X server to version 1.20.10. Tested by jsg@ and naddy@ | |
|
60964e1b | 2020-06-14 16:02:38 | sync white space with upstream. No code change. | |
 |
6b6f9124 | 2020-06-12 14:45:55 | revert local change which removed -retro flag and adjust -br to properly override our default behavior of stippled root. no objection from deraadt and kettenis | |
|
ad9a065c | 2020-04-20 18:17:25 | Release unused filedescriptors in the privileged X server process. There is no reason to keep /dev/pci* and /dev/ttyC* open in this process. pointed to by deraadt. ok kettenis@ deraadt@ | |
|
9064f8ee | 2020-04-13 08:06:58 | Update to xserver 1.20.8. ok jsg@ robert@ | |
|
40d42722 | 2020-01-26 13:48:54 | Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@ | |
|
9a532c54 | 2019-12-12 06:05:17 | Update to X server 1.20.6. Tested by naddy@ | |
|
a77e9959 | 2019-07-27 07:57:06 | Update to xserver 1.20.5. Tested by jsg@ | |
|
fa30b334 | 2019-06-11 14:51:34 | when probing for wsmouse devices, check up to wsmouse9 ok deraadt | |
|
e7e87a2c | 2019-03-19 21:19:54 | Update to xserver 1.19.7. Tested by jca@ and stsp@. | |
 |
e897f28b | 2018-10-25 06:41:25 | xserver's priv proc is responsible for opening devices in O_RDWR mode and send their fds over to the parent proc. Knowing this then we already have a list of all possible devices that might be opened in the future, in struct okdev allowed_devices[], and we just need to traverse them and unveil(2) each one with read/write permissions. positive feedback from semarie@, OK matthieu@ | |
|
d9aef299 | 2018-08-06 20:11:34 | set MSG_CMSG_CLOEXEC when receiving file descriptors. All file descriptors opened via priv_open_device() can benefit of the close-on-exec flag. ok kettenis@. | |
|
857585fc | 2018-02-18 17:16:37 | Update to xserver 1.19.6. bug fix release | |
|
1a66cad3 | 2017-12-08 15:01:59 | Update to xserver 1.19.5. Tested by bru@, jsg@ and others | |
|
fe08a081 | 2017-10-14 09:17:40 | MFC: os: Make sure big requests have sufficient length. A client can send a big request where the 32B "length" field has value 0. When the big request header is removed and the length corrected, the value will underflow to 0xFFFFFFFF. Functions processing the request later will think that the client sent much more data and may touch memory beyond the receive buffer. | |
|
2666ed3f | 2017-03-01 19:22:36 | Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on the xorg-devel list. Thanks | |
|
da8f098a | 2017-02-28 23:05:46 | Oops, in previous commit I forgot to remove the actual implementation of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel list. Thanks. | |
|
5d64bd18 | 2017-02-28 18:33:44 | regen | |
|
e087a236 | 2017-02-28 18:32:53 | auth: remove AuthToIDFunc and associated functions. Not used anymore. And the current code for MitToId has a use-after-free() issue. Advisory X41-2017-001: Multiple Vulnerabilities in X.Org | |
|
eb3d2477 | 2017-02-28 18:27:40 | MFC: Use arc4random_buf(3) if available to generate cookies. Advisory X41-2017-001: Multiple Vulnerabilities in X.Org. | |
|
9ddca5b5 | 2017-02-28 18:24:48 | MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES Advisory X41-2017-001: Multiple Vulnerabilities in X.Org. | |
|
fd18c20e | 2016-10-11 22:14:30 | regen | |
|
6e1bcfb3 | 2016-08-09 18:59:50 | Update to xserver 1.18.4 tested by krw@ and dcoppa@ ok dcoppa@ | |
|
e927c03e | 2016-05-29 12:02:34 | Update to xserver 1.18.3. Tested by shadchin@ and naddy@. Note that indirect GLX is now disbled by default. | |
|
f7d98a31 | 2015-11-11 21:07:49 | pledge(2) for the X server privileged process. ok deraadt@ | |
|
4c6a4e1e | 2015-11-07 16:48:51 | Update to xserver 1.17.4. tested by naddy@ | |
|
86ea9f12 | 2015-09-16 19:10:19 | Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@ | |
|
3e477e76 | 2015-06-20 10:03:56 | Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option. commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9 Author: Keith Packard <keithp@keithp.com> Date: Fri Sep 12 11:33:48 2014 -0700 os: Don't listen to 'tcp' by default. Add '-listen' option. [v2] This disables the tcp listen socket by default. Then, it uses a new xtrans interface, TRANS(Listen), to provide a command line option to re-enable those if desired. v2: Leave unix socket enabled by default. Add configure options. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Hans de Goede <hdegoede@redhat.com> | |
|
5b19f6d7 | 2015-02-11 20:58:46 | Update to xserver 1.16.4. Contains fix for CVE-2015-0255. ok dcoppa@ | |
|
7db4642f | 2014-12-21 11:41:44 | Update to xorg-server 1.16.3. Most of the 1.16.2->1.16.3 changes are the security patches that where already there. This adds some extra fixes plus a few unrelated bug fixes. | |
|
797ed933 | 2014-12-09 17:58:52 | Protocol handling issues in X Window System servers One year after Ilja van Sprundel, discovered and reported a large number of issues in the way the X server code base handles requests from X clients, they have been fixed. | |
|
d1b6c6de | 2014-10-18 14:39:40 | No more /dev/agp0 | |
|
64609bb7 | 2014-09-28 10:01:52 | white space diff redux | |
|
4f58590a | 2014-09-27 17:52:59 | Update to xserver 1.16.1. Tested by naddy@, jsg@ & kettenis@ | |
|
3bbfe7b1 | 2014-05-02 19:27:46 | Update to xserver 1.15.1. Tested by at least ajacoutot@, dcoppa@ & jasper@ | |
|
511a911d | 2013-12-08 10:53:01 | Update to xserver 1.14.4 | |
|
577763cd | 2013-08-24 19:44:25 | Uodate to xserver 1.14.2. Tested by krw@, shadchin@, todd@ | |
 |
a9e4debd | 2013-08-13 18:14:31 | Handle more /dev/drmN devices. ok matthieu@, jsg@ | |
|
adec87cf | 2013-06-07 17:28:45 | Update to X server 1.14.1. Tested by many during t2k13. Thanks. | |
|
e26a212f | 2012-10-27 14:52:25 | Regen autotools build system with a clean environment. It was previously generated with a config pointing to OpenBSD's libtool which is not ready yet. | |
|
58d9658d | 2012-10-14 08:59:33 | regen | |
|
1c882161 | 2012-08-14 15:57:57 | In priv_open_device() allow opening tty[E-J]0. While there remove ttyD[1-7] from the list, since those devices will never get used by X. | |
|
1996326d | 2012-08-12 14:06:42 | Fix a logic introducred in rev 1.23. The parent pid is initialized by the main X server too late in the privsep case (already in the unpriviliged child). So keep the early init for this case. | |
|
5f8132e3 | 2012-08-07 20:16:12 | Add privsep prototypes to osdep.h | |
|
c7c0180b | 2012-08-07 20:15:23 | In non-privilege sepration mode, avoid accidentally sending a SIGUSR1 signal to init(8). It can happen that xdm dies before the X server that it started. In that case X's is reparented by init... This is handled correctly when privilege separation is not compiled but got overlooked in the privilege separation case. | |
|
4f2bf5df | 2012-08-07 20:13:18 | Rename 'socket' parameter to avoid shadowing the global declaration. | |
|
eb59960f | 2012-08-05 18:14:29 | regen autotools | |
|
e60da745 | 2012-06-10 13:21:05 | Update to xserver 1.12.2. tested by naddy@, krw@, mpi@. | |
|
b4a75b3e | 2012-04-04 20:34:55 | Return an error much earlier if recvmsg fails. | |
|
9576ef22 | 2012-01-31 07:52:35 | Update to xserver 1.11.4. tested by krw@, shadchin@. | |
|
4344ac39 | 2011-12-18 16:08:59 | Bugfix Update to xserver 1.11.3 | |
|
61a7d542 | 2011-11-05 13:32:40 | Update to xserver 1.11.2 | |
|
a0575466 | 2011-10-18 14:58:36 | Fix CVE-2011-4028: File disclosure vulnerability. use O_NOFOLLOW to open the existing lock file, so symbolic links aren't followed, thus avoid revealing if it point to an existing file. Note that xserver on OpenBSD isn't affected by CVE-2011-4029. | |
|
b9f30b39 | 2011-08-20 17:30:37 | Remove warnings emitted when a device can't be opened. This is just noise and now happens while the X autoconfiguration code probes all /dev/wsmouse<n> devices. If the error matters, the driver will emit a proper error nevertheless. | |
|
a4d630d0 | 2011-06-29 19:57:45 | regen | |
|
4a238ea6 | 2011-04-02 16:08:38 | Update to xserver 1.9.5. Tested by jasper@, ajacoutot@ and krw@ | |
|
38704173 | 2011-01-28 19:37:55 | restart recvmsg() if returning with errno==EINTR. Fixes a crash on server reset on some machines. Code inspired by ssh, with feedback from guenther@ and millert@ ok guenther@ miod@ | |
|
55b9b068 | 2010-12-22 21:36:05 | Bring fix from rev 1.12 back once more. ok oga@. | |
|
dd56fb17 | 2010-12-21 20:10:44 | Update to xorg-server 1.9.3. Tested by japser@, landry@ and ajacoutot@ in various configurations. | |
|
42826119 | 2010-12-05 15:36:02 | Upgrade to xorg-server 1.9.2. Tested by ajacoutot@, krw@, shadchin@ and jasper@ on various configurations including multihead with both zaphod and xrandr. | |
|
d57b1a14 | 2010-09-01 13:43:24 | regen (yes lots of files, since util-macros has been updated). | |
|
95d684a0 | 2010-07-27 19:02:24 | Update to xserver 1.8. Tested by many. Ok oga@, todd@. | |
|
49012820 | 2010-04-13 19:54:46 | Add a configure test for newer proto headers and use it to enable building xserver 1.6 with those headers. ok oga@. | |
|
0026b7ed | 2009-09-08 19:52:26 | restore version 1.12 of privsep.c which got accidentally reverted by my xserver 1.6 merge. noticed by oga@ | |
|
88f6f3ea | 2009-09-06 19:44:18 | update to xserver 1.6.4rc1. Tested by many, ok oga@. | |
 |
251e57a5 | 2009-07-14 18:25:16 | Make the !privsep and privsep paths a little more similar (still checking the list), this allows drm to work in -keepPriv situations. This diff has been in my tree awaiting proper testing for months, now i'm sure it works correctly in it goes. ok matthieu@ an aeon ago. | |
|
8d98f590 | 2009-01-12 20:18:51 | regen | |
|
369cc172 | 2009-01-12 20:17:47 | Update to xserver 1.5.3 + latests commits on server-1.5-branch. tested by stsp@, david@, form@, ckuethe@, oga@. thanks. | |
|
60021fe9 | 2008-11-02 15:26:08 | xserver 1.5.2. tested by ckuethe@, oga@, and others. | |
|
9c773484 | 2008-10-30 19:59:59 | Close well known connections in ServerAbort(). Gets rid of dangling /tmp/.X11-unix/X0 sockets after server crash. | |
 |
6ce13d3a | 2008-08-28 17:50:21 | Add /dev/tty04 to the list of devices privilege separated X can open. (The IBM SurePos 500 has six serial lines and the touch screen is at this device). ok oga@ | |
|
97eda178 | 2008-06-15 00:17:32 | Update to xserver 1.4.2. Tested by landry@, ckuethe@, jsing@ mbalmer@. | |
|
c0e3e5ed | 2008-06-14 21:37:13 | Add amdmsr(4) to the list of privsep devices. ok matthieu | |
|
4b526e48 | 2008-06-12 22:20:24 | change /dev/dri/card0 to /dev/drm0. Subdirs in /dev considered irritating. | |
|
bfd8533a | 2008-06-12 18:50:19 | Deal with devices that need to be opened differently to what we do in privsep ( O_NONBLOCK | O_RDWR | O_EXCL) by turning the list of allowed devices into a struct, with the flags we're supposed to use, then using these values with open(). Add /dev/dri/card0 there too (more'll be needed to be added when it matters). This gives privsep with dri a chance to work. ok matthieu | |
|
48bc8229 | 2008-05-24 20:39:01 | regen. |