openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-12 20:29:12 +00:00
Code Issues Projects Releases Wiki Activity
7,436 Commits 1 Branch 0 Tags
22b9919c99db84cbe99a28bbcee28520a8015fee
Commit Graph

465 Commits

Author SHA1 Message Date
matthieu
737e223ef8 Merge X server 21.1.8. tested by kn@ and op@. 2023-05-01 07:41:17 +00:00
matthieu
1a68187e4c composite: Fix use-after-free of the COW 
CVE-2023-1393, ZDI-CAN-19866
 2023-03-29 12:12:13 +00:00
matthieu
1322100d79 Xi: fix use-after-free in DeepCopyPointerClasses 
CVE-2023-0494, ZDI-CAN-19596
 2023-02-07 06:32:18 +00:00
matthieu
6c8ea4fe58 Merge xserver 21.1.6. 
Includes a few fixes to the security patches already committed.
 2023-01-22 09:44:41 +00:00
matthieu
8c4424dd36 Add back the meson build system to xserver. 
Not having those file only create noise when merging upstream releases.
 2023-01-22 09:21:08 +00:00
matthieu
49a1671770 Fix serveral X server input validation errors that can cause varios issues: 
* CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
  overflow
* CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
  out-of-bounds access
* CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
  use-after-free
* CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
  use-after-free
* CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
  out-of-bounds access
* CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
 2022-12-14 10:29:00 +00:00
matthieu
fd3c33bec8 Don't crash if the client argv or argv[0] is NULL. 
Report from  bauerm at pestilenz dot org.
With help from and ok millert@
 2022-11-11 13:56:12 +00:00
matthieu
68328bb5ec Update xserver to version 21.1.4. 
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
 2022-08-31 11:25:18 +00:00
matthieu
6bd883d148 MFC: Multiple input validation failures in X server extensions 
CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access
 2022-07-12 19:18:14 +00:00
matthieu
8a0d473d7b Sync with xorg-server 21.1.3. 
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.

This is going to be discussed again before 7.1
 2022-02-20 17:41:34 +00:00
jsg
f2d69a3523 remove 0x2972 from the intel gen 2 and 3 list 
0x2972 is 946GZ which is gen 4
 2022-02-03 23:48:52 +00:00
visa
40f054ffd7 Recommit: compiler.h: don't define inb/outb and friends on mips 
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.

OK matthieu@
 2021-12-27 04:58:36 +00:00
matthieu
c9b690e680 render: Fix out of bounds access in SProcRenderCompositeGlyphs() 
ZDI-CAN-14192, CVE-2021-4008
 2021-12-14 13:42:47 +00:00
matthieu
d016d47aa9 Xext: Fix out of bounds access in SProcScreenSaverSuspend() 
ZDI-CAN-14951, CVE-2021-4010
 2021-12-14 13:42:21 +00:00
matthieu
e66a53696b xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() 
ZDI-CAN-14950, CVE-2021-4009
 2021-12-14 13:41:38 +00:00
matthieu
43df806507 record: Fix out of bounds access in SwapCreateRegister() 
ZDI-CAN-14952, CVE-2021-4011
 2021-12-14 13:41:00 +00:00
matthieu
bf77042029 when xf86CrtcConfigPrivateIndex==-1 XF86_CRTC_CONFIG_PTR() causes an out of 
bounds read. White-space fix and ok jsg@
 2021-12-06 19:41:55 +00:00
matthieu
7910ce0fb2 Initialize mode->name for modes generated by libxcvt. 
ok jsg@ on the upstream merge request.
 2021-12-06 19:38:32 +00:00
jsg
20ddf00a06 don't free uninitialised pointers in glamor 
Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the
modesetting driver on amd64 would cause the xserver to
reliably crash.

problem introduced upstream in
2906ee5e4 ("glamor: Fix leak in glamor_build_program()")
which was backported to the 1.21 branch.

ok matthieu@
 2021-12-03 09:34:04 +00:00
matthieu
c82bd5db57 Use the InternalEvent event structure in more places in events handlers. 
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
 2021-11-17 19:46:39 +00:00
matthieu
a406534d9c Update to xserver 21.1.1 2021-11-11 09:10:04 +00:00
matthieu
e086cf5adf Update to xserver 21.1.0 2021-11-11 09:03:02 +00:00
deraadt
9c065891c9 missing pathnames on unveil() error 2021-09-06 13:33:11 +00:00
matthieu
5bd77e1667 Update to xserver 1.20.13. 2021-09-03 13:19:11 +00:00
matthieu
04380bf421 GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() 
This adds the pid of the local clients to LocalLientCred.
ok espie@
 2021-08-11 05:44:01 +00:00
matthieu
cbb2480f27 Close the console fd after probing if it's a wscons, even it fails. 
This avoids keeping an open file descriptor on machines
where /dev/console is not a wsdisplay device.
 2021-06-30 08:50:48 +00:00
drahn
be6f9bdd31 Initial attempt to build xserver for riscv64 
ok matthieu@
 2021-06-15 13:57:42 +00:00
matthieu
e26c45de6d Fix XChangeFeedbackControl() request underflow. 
CVE-2021-3472 / ZDI-CAN-1259
Reported by Jan-Niklas Sohn via Trend Micro.
 2021-04-13 14:11:12 +00:00
visa
d9345257d8 compiler.h: don't define inb/outb and friends on mips 
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.

Fixes clang 11 build on mips64.

Input and OK jsg@
 2021-03-13 13:42:26 +00:00
matthieu
a3d4d20555 Avoid sequences of malloc(0) / free() by checking the length. 
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git

originally from deraadt@
 2021-03-13 09:43:58 +00:00
jsg
589df0861f record: Fix undefined memcpy in RecordAClientStateChange 
From Adam Jackson
f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git

avoids a large number of malloc(0) calls
ok deraadt@ who had almost the same diff
 2021-02-26 14:10:26 +00:00
jsg
9d1e1e287e change from /dev/drm to /dev/dri/ in xenocara 
ok matthieu@ kettenis@
 2021-02-20 05:47:46 +00:00
jsg
93548c7ad2 don't fatally error if unveil(2) sets ENOENT 
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
 2021-02-12 12:51:53 +00:00
jsg
dc62af507f add /dev/dri/card[0-3] to allowed devices 2021-02-12 10:40:15 +00:00
jca
3af997a65d Safer workaround for the "kame hack": only override sin6_scope_id if zero 
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.

ok claudio@ matthieu@
 2021-01-21 22:46:18 +00:00
robert
1b93d47744 try to handle running out of file descriptors by refusing client connections 
in case the X server is near the limit and only allow connections again if
there are resources freed up

this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit

with help from benno@, millert@, florian@

ok matthieu@, benno@
 2021-01-10 19:33:10 +00:00
matthieu
5b5b8e1a85 Add a root window property with the console device. 2021-01-10 09:14:48 +00:00
matthieu
56c8d99afe Update X server to version 1.20.10. Tested by jsg@ and naddy@ 2020-12-12 09:30:50 +00:00
matthieu
dbbfd61190 Check SetMap request length carefully. 
Avoid out of bounds memory accesses on too short requests.

ZDI-CAN 11572 /  CVE-2020-14360
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
 2020-12-01 15:25:39 +00:00
matthieu
dd9addae94 Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows 
ZDI-CAN 11389 / CVE-2020-25712
Fix from Jan-Niklas Sohn working with Trend Micro.
 2020-12-01 15:21:28 +00:00
jsg
851807c713 build with --disable-dri3 when XENOCARA_BUILD_DRI is "no" 
fixes build breakage on alpha reported by deraadt@
 2020-08-28 02:20:19 +00:00
matthieu
bc29ab7850 Fix integer underflow in XRecordRegisterClients() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:43:26 +00:00
matthieu
83d462e24d Fix integer underflow in XkbSelectEvents() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:42:52 +00:00
matthieu
77c86a2898 Fix an integer underflow in XIChangeHierarchy() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:41:59 +00:00
matthieu
02b8f73518 Correct bounds checking in XkbSetNames() 
Reported by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.
 2020-08-25 15:40:59 +00:00
matthieu
0a2f4bc72f fix for X Server Pixel Data Uninitialized Memory Information Disclosure 
CVE-2020-14347

This vulnerability was discovered and reported to X.Org by Jan-Niklas
Sohn working with Trend Micro Zero Day Initiative.
 2020-07-31 14:00:21 +00:00
matthieu
60964e1bb6 sync white space with upstream. No code change. 2020-06-14 16:02:38 +00:00
jcs
6b6f912425 revert local change which removed -retro flag and adjust -br to 
properly override our default behavior of stippled root.

no objection from deraadt and kettenis
 2020-06-12 14:45:55 +00:00
matthieu
ad9a065c46 Release unused filedescriptors in the privileged X server process. 
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to  by deraadt. ok kettenis@ deraadt@
 2020-04-20 18:17:25 +00:00
matthieu
806accb3da Remove unused files. 2020-04-18 09:41:18 +00:00