openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-11 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity
7,744 Commits 1 Branch 0 Tags
da41122fc5a2833f5e9332fc6cd90092a88499ce
Commit Graph

120 Commits

Author SHA1 Message Date
matthieu
3cfba1062d Update to xserver 21.1.16. 
The security fixes were committed earlier. This is the rest of the
21.1.16 update.
 2025-03-02 09:09:28 +00:00
matthieu
443f1bf956 Update to xserver 21.1.15 2024-12-22 08:26:03 +00:00
matthieu
8886fdf68b Update to xserver 21.1.14. tested by tb@ 
The xkb security fix was committed earlier. This is the rest of the
21.1.14 update.
 2024-11-05 08:13:05 +00:00
matthieu
3cb0af1088 Reduce white space diff with upstream. 2024-08-15 19:07:07 +00:00
matthieu
72350a0520 Update to xserver 21.1.12 
The security patches were already commited, sync with the rest
of the 21.1.12 relase.
 2024-04-07 11:42:56 +00:00
matthieu
f9c3f64c48 Update to xserver 21.1.9. 
All the security patches have already been committed.
Udated autoconf to 2.71 explains the large build infrastructure diff.
 2023-10-29 16:45:32 +00:00
matthieu
737e223ef8 Merge X server 21.1.8. tested by kn@ and op@. 2023-05-01 07:41:17 +00:00
matthieu
8c4424dd36 Add back the meson build system to xserver. 
Not having those file only create noise when merging upstream releases.
 2023-01-22 09:21:08 +00:00
matthieu
fd3c33bec8 Don't crash if the client argv or argv[0] is NULL. 
Report from  bauerm at pestilenz dot org.
With help from and ok millert@
 2022-11-11 13:56:12 +00:00
matthieu
68328bb5ec Update xserver to version 21.1.4. 
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
 2022-08-31 11:25:18 +00:00
matthieu
8a0d473d7b Sync with xorg-server 21.1.3. 
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.

This is going to be discussed again before 7.1
 2022-02-20 17:41:34 +00:00
matthieu
e086cf5adf Update to xserver 21.1.0 2021-11-11 09:03:02 +00:00
deraadt
9c065891c9 missing pathnames on unveil() error 2021-09-06 13:33:11 +00:00
matthieu
5bd77e1667 Update to xserver 1.20.13. 2021-09-03 13:19:11 +00:00
matthieu
04380bf421 GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() 
This adds the pid of the local clients to LocalLientCred.
ok espie@
 2021-08-11 05:44:01 +00:00
jsg
93548c7ad2 don't fatally error if unveil(2) sets ENOENT 
This occurs when trying to unveil a /dev/dri/ node when the directory
does not exist.
 2021-02-12 12:51:53 +00:00
jsg
dc62af507f add /dev/dri/card[0-3] to allowed devices 2021-02-12 10:40:15 +00:00
jca
3af997a65d Safer workaround for the "kame hack": only override sin6_scope_id if zero 
The assumption is that if sin6_scope_id is set, then the interface index
is no longer embedded in the address.

ok claudio@ matthieu@
 2021-01-21 22:46:18 +00:00
robert
1b93d47744 try to handle running out of file descriptors by refusing client connections 
in case the X server is near the limit and only allow connections again if
there are resources freed up

this is done by checking the amount of currently used FDs + a reserve and
comparing that to the FD limit

with help from benno@, millert@, florian@

ok matthieu@, benno@
 2021-01-10 19:33:10 +00:00
matthieu
56c8d99afe Update X server to version 1.20.10. Tested by jsg@ and naddy@ 2020-12-12 09:30:50 +00:00
matthieu
60964e1bb6 sync white space with upstream. No code change. 2020-06-14 16:02:38 +00:00
jcs
6b6f912425 revert local change which removed -retro flag and adjust -br to 
properly override our default behavior of stippled root.

no objection from deraadt and kettenis
 2020-06-12 14:45:55 +00:00
matthieu
ad9a065c46 Release unused filedescriptors in the privileged X server process. 
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to  by deraadt. ok kettenis@ deraadt@
 2020-04-20 18:17:25 +00:00
matthieu
9064f8eee5 Update to xserver 1.20.8. ok jsg@ robert@ 2020-04-13 08:06:58 +00:00
matthieu
40d42722f6 Update to xserver 1.20.7 plus 2 extra fixes from upstream. ok jsg@ 2020-01-26 13:48:54 +00:00
matthieu
9a532c5475 Update to X server 1.20.6. Tested by naddy@ 2019-12-12 06:05:17 +00:00
matthieu
a77e9959f3 Update to xserver 1.20.5. Tested by jsg@ 2019-07-27 07:57:06 +00:00
jcs
fa30b33449 when probing for wsmouse devices, check up to wsmouse9 
ok deraadt
 2019-06-11 14:51:34 +00:00
matthieu
e7e87a2ccb Update to xserver 1.19.7. Tested by jca@ and stsp@. 2019-03-19 21:19:54 +00:00
mestre
e897f28b00 xserver's priv proc is responsible for opening devices in O_RDWR mode and send 
their fds over to the parent proc. Knowing this then we already have a list of
all possible devices that might be opened in the future, in struct okdev
allowed_devices[], and we just need to traverse them and unveil(2) each one
with read/write permissions.

positive feedback from semarie@, OK matthieu@
 2018-10-25 06:41:25 +00:00
matthieu
d9aef29941 set MSG_CMSG_CLOEXEC when receiving file descriptors. 
All file descriptors opened via priv_open_device() can benefit of
the close-on-exec flag.
ok kettenis@.
 2018-08-06 20:11:34 +00:00
matthieu
857585fc69 Update to xserver 1.19.6. bug fix release 2018-02-18 17:16:37 +00:00
matthieu
1a66cad3fb Update to xserver 1.19.5. 
Tested by bru@, jsg@ and others
 2017-12-08 15:01:59 +00:00
matthieu
fe08a081d8 MFC: os: Make sure big requests have sufficient length. 
A client can send a big request where the 32B "length" field has value
0. When the big request header is removed and the length corrected,
the value will underflow to 0xFFFFFFFF.  Functions processing the
request later will think that the client sent much more data and may
touch memory beyond the receive buffer.
 2017-10-14 09:17:40 +00:00
matthieu
2666ed3f9e Fix arc4random_buf(3) detection. Noticed by Eric Engestrom on 
the xorg-devel list. Thanks
 2017-03-01 19:22:36 +00:00
matthieu
da8f098a38 Oops, in previous commit I forgot to remove the actual implementation 
of the unused *ToID functions(). Spotted by Adam Jackson on xorg-devel
list.  Thanks.
 2017-02-28 23:05:46 +00:00
matthieu
5d64bd18eb regen 2017-02-28 18:33:44 +00:00
matthieu
e087a236fc auth: remove AuthToIDFunc and associated functions. Not used anymore. 
And the current code for MitToId has a use-after-free() issue.
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org
 2017-02-28 18:32:53 +00:00
matthieu
eb3d247766 MFC: Use arc4random_buf(3) if available to generate cookies. 
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
 2017-02-28 18:27:40 +00:00
matthieu
9ddca5b541 MFC: Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES 
Advisory X41-2017-001: Multiple Vulnerabilities in X.Org.
 2017-02-28 18:24:48 +00:00
matthieu
fd18c20e72 regen 2016-10-11 22:14:30 +00:00
matthieu
6e1bcfb3c6 Update to xserver 1.18.4 
tested by krw@ and dcoppa@ ok dcoppa@
 2016-08-09 18:59:50 +00:00
matthieu
e927c03e30 Update to xserver 1.18.3. Tested by shadchin@ and naddy@. 
Note that indirect GLX is now disbled by default.
 2016-05-29 12:02:34 +00:00
matthieu
f7d98a310c pledge(2) for the X server privileged process. ok deraadt@ 2015-11-11 21:07:49 +00:00
matthieu
4c6a4e1e00 Update to xserver 1.17.4. 
tested by naddy@
 2015-11-07 16:48:51 +00:00
matthieu
86ea9f12e2 Update to xserver 1.17.2. tested by dcoppa@, jsg@, jasper@ & naddy@ 2015-09-16 19:10:19 +00:00
matthieu
3e477e765c Merge from upstream: Don't listen to 'tcp' by default. Add '-listen' option. 
commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date:   Fri Sep 12 11:33:48 2014 -0700

    os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]

    This disables the tcp listen socket by default. Then, it
    uses a new xtrans interface, TRANS(Listen), to provide a command line
    option to re-enable those if desired.

    v2: Leave unix socket enabled by default. Add configure options.

    Signed-off-by: Keith Packard <keithp@keithp.com>
    Reviewed-by: Hans de Goede <hdegoede@redhat.com>
 2015-06-20 10:03:56 +00:00
matthieu
5b19f6d757 Update to xserver 1.16.4. 
Contains fix for CVE-2015-0255. ok dcoppa@
 2015-02-11 20:58:46 +00:00
matthieu
7db4642f69 Update to xorg-server 1.16.3. 
Most of the 1.16.2->1.16.3 changes are the security patches that
where already there. This adds some extra fixes plus a few unrelated
bug fixes.
 2014-12-21 11:41:44 +00:00
matthieu
797ed93386 Protocol handling issues in X Window System servers 
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
 2014-12-09 17:58:52 +00:00