openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-11 03:39:26 +00:00
Code Issues Projects Releases Wiki Activity
7,537 Commits 1 Branch 0 Tags
f43e8b4b663b59202d0448d8e0509acbd3233d3c
Commit Graph

483 Commits

Author SHA1 Message Date
matthieu
d707307866 Update to xserver 21.1.13. 2024-04-27 17:37:14 +00:00
matthieu
72350a0520 Update to xserver 21.1.12 
The security patches were already commited, sync with the rest
of the 21.1.12 relase.
 2024-04-07 11:42:56 +00:00
matthieu
a9b0c2567c The DMX extension was removed in xserver 21.1. 2024-04-07 06:31:07 +00:00
matthieu
300e0e3cf4 Fix refcounting of glyphs during ProcRenderAddGlyphs() (CVE-2024-31083) 2024-04-03 16:27:34 +00:00
matthieu
a56b04ec0c Need to use unswapped length to send reply in 
ProcXIGetSelectedEvents() (CVE-2024-31080) and
ProcXiPassiveGrabDevice() (CVE-2024-31081)
 2024-04-03 16:26:45 +00:00
matthieu
9ad627f7b7 Update to xserver 21.1.11. 
All the security fixes have already been committed.
 2024-01-28 09:58:04 +00:00
kettenis
669d3297eb WSDISPLAY_TYPE_RKDRM was renamed to WSDISPLAY_TYPE_KMS 2024-01-19 17:52:03 +00:00
matthieu
a631224042 Multiple issues have been found in the X server and Xwayland 
implementations:

1) CVE-2023-6816 can be triggered by passing an invalid array index to
DeviceFocusEvent or ProcXIQueryPointer.

2) CVE-2024-0229 can be triggered if a device has both a button and a
key class and zero buttons.

3) CVE-2024-21885 can be triggered if a device with a given ID was
removed and a new device with the same ID added both in the same
operation.

4) CVE-2024-21886 can be triggered by disabling a master device with
disabled slave devices.

5) CVE-2024-0409 can be triggered by enabling SELinux
xserver_object_manager and running a client.

6) CVE-2024-0408 can be triggered by enabling SELinux
xserver_object_manager and creating a GLX PBuffer.
 2024-01-16 12:34:23 +00:00
matthieu
6367cbe266 Update xserver to 21.1.10. 
The security fixes have already been committed.
 2024-01-07 11:11:57 +00:00
matthieu
f33da8b94d The previous fix from X.Org was incorrect. This fixes it. 
Xi: allocate enough XkbActions for our buttons
CVE-2023-6377
 2023-12-13 06:34:18 +00:00
matthieu
679d2a4fc6 randr: avoid integer truncation in length check of ProcRRChange*Property 
CVE-2023-6478
 2023-12-13 06:21:57 +00:00
matthieu
1df2839930 Xi: allocate enough XkbActions for our buttons 
CVE-2023-6377
 2023-12-13 06:20:16 +00:00
matthieu
f9c3f64c48 Update to xserver 21.1.9. 
All the security patches have already been committed.
Udated autoconf to 2.71 explains the large build infrastructure diff.
 2023-10-29 16:45:32 +00:00
matthieu
39b5220750 Fix several input validation errors in the X server 
CVE-2023-5367 CVE-2023-5380 CVE-2023-5574
 2023-10-25 05:16:39 +00:00
matthieu
d65f6ec688 Fix out of bounds write in glamor_xv_query_image_attributes for NV12 
image format. This is a format with num_planes == 2, so we have only 2
elements in offsets[] and pitches[].

Bug found by otto@ using his strict malloc checking.
 2023-09-20 18:27:00 +00:00
matthieu
fb763cc6fe Revert previous: 
unbreak build with clang-16 by fixing up function definitions to match
the whole CARD64 vs uint64_t issue needs more thinking.
Suggested by kettenis@
 2023-09-08 05:44:27 +00:00
robert
09bc32815c unbreak build with clang-16 by fixing up function definitions to match 
our uint64_t is an unsinged long long, but CARD64 is defined as unsigned long
so the function pointer types in both glamor and xf86-video-amdgpu were
mismatched and clang-16 treats that as an error

ok matthieu@
 2023-09-06 11:42:37 +00:00
miod
a012b5de33 Make sure we don't close(-1); buglet introduced in 1.26. 
ok matthieu@
 2023-08-12 16:16:25 +00:00
matthieu
737e223ef8 Merge X server 21.1.8. tested by kn@ and op@. 2023-05-01 07:41:17 +00:00
matthieu
1a68187e4c composite: Fix use-after-free of the COW 
CVE-2023-1393, ZDI-CAN-19866
 2023-03-29 12:12:13 +00:00
matthieu
1322100d79 Xi: fix use-after-free in DeepCopyPointerClasses 
CVE-2023-0494, ZDI-CAN-19596
 2023-02-07 06:32:18 +00:00
matthieu
6c8ea4fe58 Merge xserver 21.1.6. 
Includes a few fixes to the security patches already committed.
 2023-01-22 09:44:41 +00:00
matthieu
8c4424dd36 Add back the meson build system to xserver. 
Not having those file only create noise when merging upstream releases.
 2023-01-22 09:21:08 +00:00
matthieu
49a1671770 Fix serveral X server input validation errors that can cause varios issues: 
* CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
  overflow
* CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
  out-of-bounds access
* CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
  use-after-free
* CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
  use-after-free
* CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
  out-of-bounds access
* CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
 2022-12-14 10:29:00 +00:00
matthieu
fd3c33bec8 Don't crash if the client argv or argv[0] is NULL. 
Report from  bauerm at pestilenz dot org.
With help from and ok millert@
 2022-11-11 13:56:12 +00:00
matthieu
68328bb5ec Update xserver to version 21.1.4. 
The security patches were already committed as part of july 24 errata.
This brings a few other bug fixes.
Tested by Walter Alejandro Iglesias.
 2022-08-31 11:25:18 +00:00
matthieu
6bd883d148 MFC: Multiple input validation failures in X server extensions 
CVE-2022-2319/ZDI-CAN-16062 ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320/ZDI-CAN-16070 ProcXkbSetDeviceInfo Out-Of-Bounds Access
 2022-07-12 19:18:14 +00:00
matthieu
8a0d473d7b Sync with xorg-server 21.1.3. 
This does *not* include the commit that reverts the new computation
of the screen resolution from dimensions returned by the screen since
many of you told they prefer the new behaviour from 21.1.1.

This is going to be discussed again before 7.1
 2022-02-20 17:41:34 +00:00
jsg
f2d69a3523 remove 0x2972 from the intel gen 2 and 3 list 
0x2972 is 946GZ which is gen 4
 2022-02-03 23:48:52 +00:00
visa
40f054ffd7 Recommit: compiler.h: don't define inb/outb and friends on mips 
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.

OK matthieu@
 2021-12-27 04:58:36 +00:00
matthieu
c9b690e680 render: Fix out of bounds access in SProcRenderCompositeGlyphs() 
ZDI-CAN-14192, CVE-2021-4008
 2021-12-14 13:42:47 +00:00
matthieu
d016d47aa9 Xext: Fix out of bounds access in SProcScreenSaverSuspend() 
ZDI-CAN-14951, CVE-2021-4010
 2021-12-14 13:42:21 +00:00
matthieu
e66a53696b xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() 
ZDI-CAN-14950, CVE-2021-4009
 2021-12-14 13:41:38 +00:00
matthieu
43df806507 record: Fix out of bounds access in SwapCreateRegister() 
ZDI-CAN-14952, CVE-2021-4011
 2021-12-14 13:41:00 +00:00
matthieu
bf77042029 when xf86CrtcConfigPrivateIndex==-1 XF86_CRTC_CONFIG_PTR() causes an out of 
bounds read. White-space fix and ok jsg@
 2021-12-06 19:41:55 +00:00
matthieu
7910ce0fb2 Initialize mode->name for modes generated by libxcvt. 
ok jsg@ on the upstream merge request.
 2021-12-06 19:38:32 +00:00
jsg
20ddf00a06 don't free uninitialised pointers in glamor 
Attempting to run fvwm on a x61/965gm with xserver 1.21.1 with the
modesetting driver on amd64 would cause the xserver to
reliably crash.

problem introduced upstream in
2906ee5e4 ("glamor: Fix leak in glamor_build_program()")
which was backported to the 1.21 branch.

ok matthieu@
 2021-12-03 09:34:04 +00:00
matthieu
c82bd5db57 Use the InternalEvent event structure in more places in events handlers. 
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
 2021-11-17 19:46:39 +00:00
matthieu
a406534d9c Update to xserver 21.1.1 2021-11-11 09:10:04 +00:00
matthieu
e086cf5adf Update to xserver 21.1.0 2021-11-11 09:03:02 +00:00
deraadt
9c065891c9 missing pathnames on unveil() error 2021-09-06 13:33:11 +00:00
matthieu
5bd77e1667 Update to xserver 1.20.13. 2021-09-03 13:19:11 +00:00
matthieu
04380bf421 GetLocalClientCreds: prefer getsockopt(,SO_PEERCRED,) to getpeereid() 
This adds the pid of the local clients to LocalLientCred.
ok espie@
 2021-08-11 05:44:01 +00:00
matthieu
cbb2480f27 Close the console fd after probing if it's a wscons, even it fails. 
This avoids keeping an open file descriptor on machines
where /dev/console is not a wsdisplay device.
 2021-06-30 08:50:48 +00:00
drahn
be6f9bdd31 Initial attempt to build xserver for riscv64 
ok matthieu@
 2021-06-15 13:57:42 +00:00
matthieu
e26c45de6d Fix XChangeFeedbackControl() request underflow. 
CVE-2021-3472 / ZDI-CAN-1259
Reported by Jan-Niklas Sohn via Trend Micro.
 2021-04-13 14:11:12 +00:00
visa
d9345257d8 compiler.h: don't define inb/outb and friends on mips 
From Julien Cristau
0148a15da1616a868d71abe1b56e3f28cc79533c in xserver git
without arm_video.c changes.

Fixes clang 11 build on mips64.

Input and OK jsg@
 2021-03-13 13:42:26 +00:00
matthieu
a3d4d20555 Avoid sequences of malloc(0) / free() by checking the length. 
b2d96b5cd459963a9587ee9c86afc9266ba3d02b in xserver git

originally from deraadt@
 2021-03-13 09:43:58 +00:00
jsg
589df0861f record: Fix undefined memcpy in RecordAClientStateChange 
From Adam Jackson
f44ac101c523a0439bd1a864850e3c1a4e154549 in xserver git

avoids a large number of malloc(0) calls
ok deraadt@ who had almost the same diff
 2021-02-26 14:10:26 +00:00
jsg
9d1e1e287e change from /dev/drm to /dev/dri/ in xenocara 
ok matthieu@ kettenis@
 2021-02-20 05:47:46 +00:00