openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-09 02:39:00 +00:00
Code Issues Projects Releases Wiki Activity
7,655 Commits 1 Branch 0 Tags
1fef27d4989c148836f1086818efb36cca750da0
Commit Graph

96 Commits

Author SHA1 Message Date
matthieu
bc4162435d Update to libX11 1.8.10. tested by and ok rsadowski@ 2024-08-04 17:15:57 +00:00
matthieu
6744b1fbb2 Update to libX11 1.8.9 part 6/6: enable threads by default 
& build system refresh. Minor library version bump
 2024-07-11 07:28:46 +00:00
matthieu
3fa4aa5d35 Update to libX11 1.8.9 part 5: various bug fixes 2024-07-10 08:20:45 +00:00
matthieu
9b8fbacfa4 Update to libX11 1.8.9 part 4: input methods and NLS fixes 2024-07-10 08:13:35 +00:00
matthieu
4975d56e38 Update to libX11 1.8.9 part 3: unifdef legacy systems 2024-07-10 08:04:08 +00:00
matthieu
be3a5206d4 Update to libX11 1.8.9 part 2: Copyright notices updates 2024-07-10 07:35:02 +00:00
matthieu
bdfb14ffc1 Update to libX11 1.8.9 part 1 : documentation updates 2024-07-10 07:13:49 +00:00
bluhm
3f38130026 Fix several input validation errors in libX11 and libXpm. 
CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789
 2023-10-03 15:55:58 +00:00
matthieu
dbccd1baf8 Fixes CVE-2023-3138: X servers could return values from XQueryExtension 
that would cause Xlib to write entries out-of-bounds of the arrays to
store them, though this would only overwrite other parts of the Display
struct, not outside the bounds allocated for that structure.
 2023-06-15 16:24:12 +00:00
matthieu
ff80174089 Document the XIfEvent(3) and friends callbacks are not allowed 
to call function that can take the Display lock.
 2022-09-03 06:56:57 +00:00
matthieu
adf86f660e Disable the constructor that calls XInitThreads() at load time. 
It triggers bugs in some applications. In particular x11/fvwm{2,3}
in ports for which the fix is not straitforward.
Tested by Walter Alejandro Iglesias.
 2022-09-03 06:55:25 +00:00
matthieu
e904689319 Update to libX11 1.8.1 2022-07-23 19:28:46 +00:00
matthieu
fa8d4a0f5a Update to libX11 1.7.5. No API / ABI changes. ok tb@ 2022-04-25 19:26:17 +00:00
matthieu
16b669a9d8 Update to libX11 1.7.3.1. ok jsg@ who noticed this requires a major bump. 2022-02-21 08:01:23 +00:00
matthieu
385b79ade0 Upate to libX11 1.7.2 2021-08-30 12:02:40 +00:00
bluhm
82149d4bfb Check strlen(spec) only once at the beginning of XLookupColor(). 
Also remove a superfluous include.  This synchronises -current with
upstream and the code we shipped in the errata.
OK matthieu@
 2021-05-22 16:05:07 +00:00
matthieu
4fb652f1df Reject string longer than USHRT_MAX before sending them on the wire 
The X protocol uses CARD16 values to represent the length so
this would overflow.

CVE-2021-31535
 2021-05-18 14:15:11 +00:00
matthieu
476ad6aee3 Update to libX11 1.7.0. Tested by gkoehler@ and jsg@ 2020-11-28 14:39:45 +00:00
matthieu
c79b35190f Fix an integer overflow in init_om() that could lead to a double free. 
Reported by Jayden Rivers.
 2020-08-25 15:39:58 +00:00
matthieu
bb74146ca2 Fix a bug where some input clients can't connect to the input server. 
FreeBSD bugzilla reference:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248549
 2020-08-20 19:12:48 +00:00
matthieu
4c672aa51a Merge from upstream X.Org : Fix size calculation in _XimAttributeToValue 
The check here guards the read below.

For `XimType_XIMStyles`, these are `num` of `CARD32` and for
`XimType_XIMHotKeyTriggers` these are `num` of `XIMTRIGGERKEY` ref[1]
which is defined as 3 x `CARD32`.  (There are data after the
`XIMTRIGGERKEY` according to the spec but they are not read by this
function and doesn't need to be checked.)

The old code here used the native datatype size instead of the wire
protocol size causing the check to always fail.

Also fix the size calculation for the header (size). It is 2 x CARD16
for both types despite the unused `CARD16` for `XimType_XIMStyles`.

This fixes a regression caused by previous commit.
 2020-08-06 14:28:54 +00:00
matthieu
f22a219d59 Fixes for Heap corruption in the X input method client in libX11 
CVE-2020-14344

These where reported to X.Org and patches proposed by Todd Carson.
Thanks.
 2020-07-31 13:53:24 +00:00
matthieu
bc231106f4 Uppdate to libX11 1.6.9. Tested by krw@ and naddy@ 2020-01-04 17:55:16 +00:00
aoyama
8a3654518e Fix gcc3 specific error. The diff is based on latest upstream change. 
suggested by jsg@, tested on luna88k by me, ok by jsg@ and matthieu@
 2019-09-05 14:03:08 +00:00
matthieu
a400859a9c Update to libX11 1.6.8 riding the major bump caused by xtrans 1.4.0 2019-08-04 13:34:52 +00:00
matthieu
85da565ec0 Update to libxtrans 1.4.0. Major bumps for libX11 and libICE. 
no objections from naddy@, espie@ and ajacoutot@
 2019-08-04 13:33:46 +00:00
matthieu
7070f339ed Update to libX11 1.6.7 2018-10-20 19:23:25 +00:00
matthieu
b39f51f9a1 Udate to libX11 1.6.6. bug fixes release - no API/ABI changes. 2018-08-23 19:38:11 +00:00
matthieu
c48e946165 This file isn't built anymore. So remove diffs with upstreams. 2017-10-23 17:28:26 +00:00
matthieu
cff04da9bf Update to libX11 1.6.5 2017-02-28 18:44:56 +00:00
matthieu
20a75c6d0f Update to libX11 1.6.4 2016-11-03 10:21:30 +00:00
matthieu
4c3f151ece Remove stale files 2016-11-03 10:19:11 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
natano
6c14b73344 ks_tables.h is always considered out of date due to the forced rebuild 
of the makekeys util. This means it's also rebuilt during install. First
as root during build, later by the BUILDUSER during release, which won't
be able to rewrite it, because it's now owned by root. With this result:

	override rw-r--r--  root/wheel for ks_tables.h?


One step closer towards noperm release builds for xenocara.

ok matthieu
 2016-10-08 21:51:47 +00:00
matthieu
89e55bbf5a Validation of server responses in XGetImage() 
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
 2016-10-04 14:58:26 +00:00
matthieu
bd2560e2ec The validation of server responses avoids out of boundary accesses. 
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
 2016-10-04 14:56:37 +00:00
okan
27f67406f3 Remove support vax and XENOCARA_HAVE_SHARED_LIBS scaffolding. 
ok matthieu@
 2016-03-11 13:09:42 +00:00
matthieu
8252bb00ee update to libX11 1.6.3 2015-04-06 20:57:55 +00:00
matthieu
936b4cf06e Fix bad merges. 2015-01-01 17:37:52 +00:00
schwarze
01412a19db fix wrong name in .TH, NAME, and SYNOPSIS (obviously bad pastos...) 
ok matthieu@
 2014-12-09 09:29:52 +00:00
matthieu
8c1effea43 Update to libX11 1.6.2. No API change. 2013-09-28 17:03:13 +00:00
matthieu
ce84febd9d Update to libX11 1.6.1. 2013-08-26 19:57:22 +00:00
matthieu
acee5d3c07 Repair guenther's damage that I didn't ok. 2013-08-13 18:52:10 +00:00
guenther
426afb6384 Bump major on libX11-xcb to match the 64bit time_t change 2013-08-13 08:01:13 +00:00
guenther
b5bb12998e Bump the major on every single base library. There are a couple 
not bumped by this that will be corrected soon.

heavy lifting by todd@
 2013-08-13 07:07:07 +00:00
matthieu
4b8a5f471a Update to libX11 1.6.0 2013-06-04 03:19:34 +00:00
matthieu
9573aeb427 Update to libX11 1.5.99.902 aka 1.6rc2 2013-05-31 21:17:09 +00:00
matthieu
52f6d0ba20 Merge upstream fixes for several X libs vulnerabilities 
discovered by Ilja van Sprundel.

CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows
CVE-2013-1982 X.org libXext 1.3.1 integer overflows
CVE-2013-1983 X.org libXfixes 5.0 integer overflows
CVE-2013-1984 X.org libXi 1.7.1 integer overflows
CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows
CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows
CVE-2013-1987 X.org libXrender 0.9.7 integer overflows
CVE-2013-1988 X.org libXRes 1.0.6 integer overflows
CVE-2013-1989 X.org libXv 1.0.7 integer overflows
CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows
CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows
CVE-2013-1992 X.org libdmx 1.1.2 integer overflows
CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome
0.3.2 integer overflows
CVE-2013-1995 X.org libXi 1.7.1 sign extension issues
CVE-2013-1996 X.org libFS 1.0.4 sign extension issues
CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows
CVE-2013-1998 X.org libXi 1.7.1 buffer overflows
CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows
CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows
CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows
CVE-2013-2002 X.org libXt 1.1.3 buffer overflows
CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows
CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion
CVE-2013-2005 X.org libXt 1.1.3 memory corruption
CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
 2013-05-23 22:42:07 +00:00
matthieu
f2c99c06c2 Update to libX11 1.6RC. No bump needed. 2013-04-28 16:55:55 +00:00
matthieu
be4020d279 Update to libX11 1.5.0 2012-06-11 19:18:54 +00:00